Just How Screwed Are We by the Equifax Data Breach?

The data breach disclosed by credit-reporting agency Equifax today (Sept. 7) may be the worst data breach in history when you combine what was compromised with the number of accounts affected.

Credit: Dreamstime

(Image credit: Dreamstime)

According to Equifax, full names, street addresses, dates of birth and Social Security numbers for 143 million people were stolen by online criminals between May and July 2017. That information is all that a data thief needs to completely impersonate someone else — to have credit cards issued, mortgages obtained, loans made, utility accounts opened, even jobs taken or arrest records made in your name.

You can check whether you're affected by this breach at https://www.equifaxsecurity2017.com/potential-impact/. If you get a "thank you" and a date on which to enroll for the TrustedID identity-protection service, you're affected. If not, you'll get a message saying "Not Impacted."

If you've ever taken out a loan or applied for a credit card in the United States, you probably are affected. I just found out that I am, and for the first time in more than a decade of covering information security, I don't know exactly what to do.

MORE: What to Do If You're Affected by a Data Breach

Equifax discovered the breach July 29, and hasn't explained why it waited six weeks to inform the public — or why three company executives reportedly sold $1.8 million worth of Equifax stock in the interim. We'll leave those questions to the proper investigative authorities.  

In the meantime, I would recommend reading through the guide on what to do if you're affected by a data breach. You don't need to worry about changing your passwords or canceling your credit cards for this breach, except for about 209,000 people whose credit-card info Equifax did lose, who will be individually notified by the company. (You can also read up on what to do if your Social Security number is compromised, and why it's so hard to get a replacement number.)

But you and I should contact one of the three major U.S. credit-reporting agencies — Experian, TransUnion and, yup, Equifax — and ask to have a 60-day credit alert put on your file. It's free, can be renewed every 60 days with no limit on renewals, and applies to all three agencies.

People directly affected by the Equifax breach will get one year of TrustedID identity protection, courtesy of Equifax. That's good. (Once the year is up, I'd recommend that anyone affected by the Equifax breach sign up and pay for commercial identity protection services for a few more years.)

However, all these measures may be mainly palliative. The horse has already left the barn — it did so back in June or July, to be exact. My "fullz" — thief-speak for a full set of personally identifying information — is out there to be bought or sold, and yours may be as well. All each of us can really do is hope that his or her own personal information doesn't end up being exploited.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in Opinion
Adam Scott in "Severance," now streaming on Apple TV Plus.
'Severance' season 3 officially greenlit — but I may not watch after that season 2 finale
Woman has taped her mouth shut with a blue I shaped mouth tape
I tried the viral I-shaped mouth tape to improve my sleep and I'll never wear it again — here's why
An angled view of the distraction-free desk setup I built around the Oakywood Standing Desk Pro
I built a completely distraction-free desk setup with these 10 gadgets — and now I’m truly locked in
A Samsung DU7200 LED TV on a side table
I'm a TV reviewer — here's the one type of TV I wouldn't buy
An angled view of the distraction-free desk setup I built around the Oakywood Standing Desk Pro
I built a completely distraction-free desk setup — and now I’m truly locked in
iPhone Flip Concept
Foldable iPhone delays — there’s a bigger problem going on at Apple
  • Bogdobbler
    Signing up for the TrustedID identity protection requires you to relinquish any rights to sue Equifax or join a class action suit against them. That's a pretty shady way to protect themselves while posing as protecting you.
    Reply
  • Barnbaby
    You might consider putting a freeze on access to your credit reports at all 3 of the credit-reporting agencies. I was charged $10 at each agency. If someone has my information, they won't be able to open accounts, get loans, etc. since access to the credit reports is frozen until I unfreeze them. If you do need to let someone access your credit information, you can temporarily unfreeze the account at the credit agency they are trying to access (such as when applying for a job).
    Reply
  • dguith
    Problem with even a freeze, these equiforks gave up ALL personal info that could undo your freeze quite easily. All they need is name, birthdate, and address to terminate or change your freeze. Keep checking and for a long time. Hopefully, a class action and criminal charges for withholding info will put them out of business. Write or call your representatives and demand so!
    Reply
  • valeman2012
    I think people who did not sign up for this, still affected?
    Reply
  • rgd1101
    I read this, might be related to the breach
    https://www.bloomberg.com/news/articles/2017-09-11/equifax-holds-contract-to-verify-data-for-obamacare-participants
    Reply
  • rgd1101
    20167108 said:
    I think people who did not sign up for this, still affected?

    sign up for?
    Reply