Equifax Security Breach - Things to Consider

Published on CO-OP website | October 25, 2017

What do we know about the Equifax breach at this point?
• The breach occurred mid-May 2017 through July 2017. It was discovered on July 29, 2017.
• The breach is among the largest on record in the U.S. – surpassing the Target, T.J. Maxx and Anthem incidents.
• The breach has potentially impacted 143 million U.S. consumers, as well as an undisclosed number of UK and Canadian residents.
• As much as 44 percent of the U.S. population will feel the impact of this breach for years to come.
• Because social security numbers don’t change, they may get resold on the black market and hold value for a while.
• Equifax is one of the three main credit bureaus in the U.S., so it has access to an extraordinary amount of personal and financial data for virtually every American adult.
• More information may be learned, as the incident is still under investigation.

What information is most likely to have been exposed by the Equifax breach?
• Hackers accessed names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
• Credit card numbers were also accessed from 209,000 consumers, as well as dispute documents with personally identifiable information for roughly 182,000 people. The window of exposure for cards stolen in the breach was between November 10, 2016, and July 6, 2017.

How did the hackers do it?
• The breach occurred through an application vulnerability within the Equifax U.S. website.
• It’s unclear who is behind the attack at this point.
• Equifax does not believe hackers got to their core consumer or commercial credit reporting databases.

What can you immediately do to protect your information?
• Check to see if you are impacted - Equifax has an online tool for consumers to check on whether or not their information was accessed. It’s available here
• Check your credit reports - Review your credit reports for unauthorized accounts that are opened in your name. You also have the option of enrolling in an identity theft protection and credit file monitoring service – TrustedID Premier. If you enroll by January 31, 2018, Equifax will cover the cost for one year, whether or not your information was compromised.
• Place a freeze on your credit Information - regarding filing a credit freeze can be found on the following credit bureau sites. You may also want to consider placing a fraud alert on your credit report.
TransUnion | Experian | Equifax | Innovis

What can you do to protect yourself in the future?
• Employ basic computer security practices

o Non-Technical
 Don’t click on links in emails
 Type the website address into the address bar of your web browser (Internet Explorer, Google Chrome, Firefox, Safari, etc.) or search for the address in a search engine (like Google).
 Don’t open attachments you weren’t expecting to receive, regardless of who it appears to be coming from. If you need to open an attachment, make sure to scan it for viruses.

o Technical
 Keep your personal computers patched and up-to-date. This includes the operating system (Windows/Mac) as well as other computer applications (Adobe, Java, etc.)
o Operating Systems
How to update Windows 10
How to update Apple Mac OS X
o Applications
How to update Java
How to update Adobe Acrobat and reader

• Use different passwords for different websites - Consider using a password tool that allows you to set different passwords across multiple websites, while allowing you to only have to remember one strong password.
• Use an anti-virus tool on your personal computers - Choose a reputable anti-virus tool, as hackers often create fake ones.

• Use the built-in firewall on your computer
o Microsoft Windows Firewall
o Apple Mac OS X Firewall

• Turn on Encryption for your computer - Make backups of your computer in case malware infects your system or you forget your encryption password.
o Microsoft Windows Encryption (BitDefender)
o Apple Mac OS X Encryption (Filevault)