Summary: Epic. Worst ever. Potentially devastating. As bad as it gets. These are just some of the words used to describe the Equifax cyber-attack. If identity theft is on your list of worries, the Equifax data breach may feel like a waking nightmare.
It’s important to understand what to do if you are affected by the Equifax hack, what is identity theft, and how to protect your credit and identity. But first, a brief recap of the facts.
Equifax is one of the major credit reporting companies in the United States. In early September, 2017, the company announced that it had recently fallen victim to hackers, who gained access to its customers’ personal data, including their names, birthdates, Social Security numbers and street addresses. In some cases, driver’s license numbers and credit card details were also stolen. The data breach affects an estimated 143 million Americans. That’s two-thirds of all Americans with a credit rating. In the wake of this unprecedented hack, Equifax established a telephone helpline and website for affected customers. The government Senate Finance Committee is demanding answers. Yet, the whole messy saga has a whiff of ‘too little, too late’. And it’s not just Equifax customers who are feeling the burn.
Equifax Cyber Attack Affects Millions in the US – But they were kept in the Dark
It appears that the Equifax data breach occurred between May and July 2017, which means the company didn’t actually inform consumers of their exposure to identity theft for weeks, or even months. Adding insult to injury is the knowledge that had a data breach like this occurred in the EU, Equifax would have been subject to far stricter data security regulations, and far more onerous penalties. This is due to the EU’s General Data Protection Regulation (GDPR), which is set to take effect in May 2018. Under the GDPR, notification of data breaches must be given no later than 72 hours after the data controller becomes aware of the breach. In addition, the regulation hits companies with steep fines for data breaches. In the Equifax case, fines would have amounted to $60 million. There is no such equivalent regulation currently in the US. However, given that Equifax serves customers in the UK and EU, if the breach had occurred just a few months later, the company would have potentially faced enormous fines for non-compliance of the new GDPR rules.
Which raises the question – under the threat of strict financial penalties, would Equifax have handled the entire mess differently? Or better?
Equifax’s CEO is Out
Criticism of Equifax management’s conduct during and after the cyber-attack has been scathing. It’s no surprise then that Equifax senior executives are retiring, resigning or being forced out of their positions. First to go was the chief information officer and head of security who announced his immediate retirement shortly after the data breach was revealed.
In a slightly later turn of events, the Chairman of the Board and CEO Richard Smith announced his resignation on September 27. According to Chris Pierson, CSO and General Counsel of online B2B payments company Viewpost, “The breach is a shining example of what happens when you do not prepare for data breach response ahead of time, do not adequately table top your responses, and do not have that single incident commander leading the charge.”
Even having resigned, the game is far from over for Equifax senior executives. U.S. Securities and Exchange Commission Chair Jay Clayton recently told the Senate Banking Committee that he intends to enforce the law upon Equifax management, even if they are no longer employed at the company.
The SEC Wants Answers
The long delay from the time the Equifax cyber-attack occurred to when it was announced to the public opens another avenue of questioning: did Equifax employees engage in insider trading before the data breach was disclosed? What is known is that three Equifax employees sold off a combined amount of $1.8 million worth of shares the day before the public announcement. According to Equifax, these employees did not know about the breach at that time. The Chairman of the Securities and Exchange Commission is so far choosing not to comment. Stay tuned…
How to Check if You’re a Victim of Identity Theft
Politics and ethics aside, for millions of US citizens affected by the Equifax data breach, the pressing question remains: what should you do if you were affected by the Equifax hack? How can you maximize your identity theft protection?
First, check to see if your data has been exposed. You can do this online at www.Equifaxsecurity2017.com by clicking on the “Am I Impacted?” link. Even if the site claims you are probably not impacted, it is wise to place a fraud alert and credit freeze on your accounts. You can also pull a credit report to see if there has been any unusual activity.
Unfortunately, once your data has been exposed, the risk of identity theft lasts for many years, and consequences can last a lifetime. That’s why it is critical to locate the best identity theft protection services for your needs. ID theft protection services such as Identity Guard, Experian, and IdentityForce use cutting-edge technologies and methodologies to protect personal and business data against identity theft, including credit card fraud. High quality identity theft protection companies do not rely on cookie-cutter approaches. Rather, they provide tailored programs that give maximum protection against increasingly sophisticated cyber-attacks on your identity and credit. In light of the Equifax data breach, advanced identity theft protection is no longer a luxury, but a necessity.