A data breach exposed the personal information of 143 million U.S. consumers, including names, Social Security numbers, birth dates and addresses, the credit bureau Equifax disclosed Thursday.
Here are five things you should do now to protect yourself.
Equifax has set up a website where you can check to see if your personal information was potentially impacted. Users are prompted to enter their last name and the last six digits of their Social Security number.
Equifax says providing that information is enough for the company to alert you whether your personal data may have been exposed.
Regardless, Equifax says it will offer free credit monitoring to all U.S. consumers for one year through its TrustedID Premier service. TrustedID includes credit monitoring at all three major credit bureaus, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and internet scanning for Social Security numbers.
What Equifax is offering may not go far enough to protect you from identity theft.
The best way to protect yourself is to enact a credit freeze, also called a security freeze, on your credit reports at all three major reporting agencies: Equifax, TransUnion, and Experian. A credit freeze blocks consumers’ credit reports from being shared with potential new creditors. Without a credit report, most lenders won’t open a new line of credit.
Enacting a credit freeze is a more proactive approach to securing your information than using credit monitoring services, which simply detect fraud but don’t necessarily prevent it.
“Everyone should assume their information has been compromised,” says Robert Siciliano, CEO of IDTheftSecurity.com. “With so many breaches in the past, you can’t be sure your personal data is safe. The best action you can take is a credit freeze.”
Along with preventing future theft, it’s important to make sure your information hasn’t already been used to hack into existing accounts or to create new ones. You should:
Hackers exploited a “U.S. website application vulnerability” to gain access to personal information between mid-May and July, the credit bureau said. After discovering the breach in late July, Equifax commissioned an independent cybersecurity firm to stop the attack, determine the specific data that was stolen and provide direction to prevent future attacks.
The breach also exposed the credit card numbers of 209,000 consumers and personal information from credit dispute documents of approximately 182,000 people. The company’s consumer credit reporting databases were not impacted.
Equifax says it will notify consumers through the mail whose credit card numbers or dispute documents were exposed. Consumers who only had their personal data exposed will not be notified.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Chairman and CEO Richard F. Smith said in a statement. “I apologize to consumers and our business customers for the concern and frustration this causes.”