Skip to content

The Equifax cyberattack: Odds are, you were affected

Update: According to the Washington Post, some security experts think there may be something fishy about Equifax requesting six, rather than four, digits of Social Security numbers. Also, Equifax may have whipped up a “terms of service” agreement that tricks you into forfeiting your right to participate in a class-action lawsuit. For now, it might be best to avoid Equifax’s web site, though a credit freeze would still be appropriate, as far as I know, for those who want to do that.

Here’s a link to the Washington Post story: Equifax asks consumers for personal info, even after massive data breach

It would appear that Equifax is bungling their response to this.

You probably know by now about the huge data breach at Equifax, one of the three American credit-reporting agencies. According to the New York Times, since data for 143 million people was stolen, the odds are greater than 50 percent that you were affected.

Equifax set up a web page where you can enter your last name and six digits of your Social Security number to see whether you were affected. I was.

I can testify that even a minor case of identity theft is a pain in the neck that is very difficult to straighten out. When I lived in San Francisco, someone used my name and Social Security number to get a telephone in San Jose. They didn’t pay the bill, of course, and Pacific Bell came after me. I was shocked to learn that, under California law, it was up to me to prove that I did not open the account, rather than for Pacific Bell to prove that I did. Can that be constitutional? The burden to undo the damage was entirely on me. It took several months to resolve the whole thing, following an irritating process defined by the California Public Utilities Commission.

After the California problem, I put a fraud alert on my records. A fraud alert lasts for seven years. That has now expired, of course.

After some Googling, it seemed that the smartest thing for me to do after the Equifax cyberattack was to freeze my credit. This is a pain in the neck. You have to set up a freeze at all three credit-reporting agencies — Equifax, Experian, and TransUnion. However, this can be done on line. It’s very rare for me to open new accounts, so dealing with the freeze process won’t be too great a burden. But a total credit freeze (which can be overridden by a PIN number you’re assigned when the freeze becomes active) might be too inconvenient for some people.

[Update: Avoid this link until more is known about how Equifax is handling this.] Here’s the Equifax link with which you can determine whether you were effected: Equifax2017

This article includes links on how to set up a credit freeze online: How to do a credit freeze

Here is a credit freeze FAQ from the Federal Trade Commission: FAQ

It’s really pretty terrifying how dangerous a place the Internet is. My guess is that the fallout from this data breach will go on for a long time. Whoever stole the data probably will break it into chunks and retail it all over the world.

Post a Comment

Your email is never published nor shared. Required fields are marked *