If you find out your auto mechanic has had a data breach, you realize it is not be good. But when a major federal government agency is breached, you start to wonder - who can be safe?
Now the major credit reporting agency Equifax has been hacked. Over 140 million consumers have had their data stolen from a company that determines if you get a new home loan. The hackers stole birth dates, addresses and Social Security numbers. Even driver's license numbers were stolen. So what can you do now?
All told, as much as 44 percent of the US population will feel the impact of this breach for years to come, especially when it comes to their Social Security numbers. Your Social Security number doesn’t change, so this data is going to get resold on the black market and hold its value for a while. Assuming data was stolen by criminals and not a nation state, experts predict that it will circulate for years.
There are some things you can do to protect yourself. Equifax is offering a website—www.equifaxsecurity2017.com. Currently, the website doesn’t give you a simple answer about whether or not your data may have been affected, but it seems to tell you if it wasn’t. Equifax is also offering a year of free credit monitoring and identity theft insurance that you can (and should) sign up for on that site if you're a US resident. If your information could have been compromised in the breach, you might also want to consider paying for additional years of credit monitoring after Equifax’s free year expires. Attackers may have better luck abusing the leaked data in earnest after that first year is over and many potential victims lose free monitoring.
You should also keep a close eye on your finances. "Consumers should remain calm and be cognizant of their personal credit report and activity," says Mark Testoni, the president of SAP National Security Services. "Check for notifications to see if new credit applications have been filed on your behalf, and monitor your accounts for adverse action. If your details are circulated on the black market, the big risks are fraudulent credit applications on your behalf and bad actors trying to find ways to take advantage of your personal [data].”
The company maintains that its core credit databases were unaffected; this isn't much comfort given the scale of the breach. Equifax is an obvious target for hackers since it processes so much valuable, individualized data, but there is also some irony given the personal security and identity theft defense products the company sells. "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," Equifax chairman and CEO Richard Smith said in a statement. "We pride ourselves on being a leader in managing and protecting data."