Correction: The article originally said over 180 million Americans were affected by the hack. Reports suggest the correct number is 143 million. The article has been updated to reflect this correction.
Equifax got hacked and your SSNs, credit card numbers, drivers license numbers, addresses and other personal information was likely exposed to the hackers.
Here's the story:
Equifax, which is one of the "three big" credit reporting bureaus, announced Thursday that hackers exploited an "application vulnerability" in late July and were able to access files containing highly sensitive personal information on over 143 million Americans and an undisclosed number of Canadian and UK residents.
Social security numbers, credit card numbers, driver's licenses, and other personal information for over 143 million US people were accessed, making it one of the worst breaches in history.
What this means:
You should assume that your SSN, credit card numbers, driver's license numbers and other personal information such as previous and current addresses have been compromised and are in the hands of criminals.
However, the Equifax breach could be much, much worse that what has already been disclosed.
Equifax and the other credit reporting bureaus collect a huge array of personal information on US consumers, their business dealings, and their families. It is possible, although unconfirmed, that this information could have also been accessed.
This is frightening for several reasons, but the most immediate concern is that criminals can use your SSN, driver's license number, and other personal information exposed in the breach to impersonate you and gain access to your bank account and other financial institutions.
In many cases, a fraudster can call up your bank, provide your stolen SSN, and answer simple security questions with stolen answers and have complete access to your bank account.
Alternatively a fraudster can use your SSN and other stolen information to open credit cards, loans, and other accounts in your name, spend to the limit, and then leave you having to deal with the debt collectors.
Here is what you can do to protect yourself:
Disclaimer: These are my opinions. I am not a lawyer or industry expert. If you have any questions about legal recourse in the event that you think your information has been compromised, please consult a lawyer or other legal professional.
1. Don't Bother Signing Up for Credit Monitoring Services
Equifax is offering a free year of credit fraud monitoring for victims, but I would recommend against signing up for credit monitoring services since they have been shown to be largely ineffective at preventing credit and identity fraud.
You would also be giving more information to Equifax, which has proven that it cannot be trusted with our personal information.
In addition, in a scummy move it appears that agreeing to Equifax's fraud monitoring services' terms of service waives your right to sue Equifax over the breach.
There will likely be a class action lawsuit against Equifax, so if you want to be part of it it is my opinion that you should not sign up for any of their services. You may want to consult a lawyer with any questions about legal recourse.
2. Place a Credit Freeze with the 4 Credit Bureaus
A credit freeze means that any creditors who request your credit report will be denied unless you temporarily lift the freeze for them ahead of time using a personal identification number (PIN) that you select/generate when you place the freeze.
This means that fraudsters will be unable to open accounts in your name without the PIN.
Note that this also means that if you want to apply for credit in the future you'll have to temporarily lift the freeze using your PIN, so it might take longer to open a line of credit or have a potential landlord run a credit check.
You'll need information about your auto/student loans, bank accounts, previous residences, and the names and current address of family members to verify your identity with some of these credit bureaus and place the freeze.
But assuming you have access to all this information, it takes no more than 10 minutes per credit bureau to place the freeze.
Ensure that you make 2 copies of the PIN and store them securely. Storing them on your computer is fine, but I would highly recommend storing a physical copy in a home safe or safety deposit box as well.
Well-known security researcher Brian Krebs has an excellent article explaining what a credit freeze is and why it's a good idea. Read it here.
3. Review Your Credit Reports
You can request free credit reports from TransUnion, Equifax, and Experian once per year. I strongly recommend that everyone request their credit reports and review them for anomalies such as unrecognized accounts opened in your name.
Note that it might be months or even years before fraudsters start using your stolen information to commit identity or credit fraud, so I would recommend reviewing you credit reports regularly (at least yearly, but ideally every 4-6 months).
4. Contact Your Financial Institutions and Ask How They Verify Your Identity
Finally I would recommend contacting your bank and other financial institutions and ask them how they verify your identity and if there is any way to protect access to your account if your SSN and security questions have been compromised.
Some banks might allow you to secure your account with a PIN, while for many others you might just have to change your security question answers to random answers that fraudsters wouldn't have any way to guess.
Just make sure that you write down and store any PINs or random answers in a place that you won't lose them, otherwise you might get locked out of your own bank account!