The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for .
A data breach exposed the personal information of 143 million U.S. consumers, including names, Social Security numbers, birth dates and addresses, the credit bureau Equifax disclosed Thursday.
This data breach almost certainly will rank among the largest in U.S. history, leaving tens of millions of Americans at risk for identity theft.
Here are five things you should do now to protect yourself.
Check your exposure
Equifax has set up a website where you can check to see if your personal information was potentially impacted. Users are prompted to enter their last name and the last six digits of their Social Security number.
Equifax says providing that information is enough for the company to alert you whether your personal data may have been exposed.
Regardless, Equifax says it will offer free credit monitoring to all U.S. consumers for one year through its TrustedID Premier service. TrustedID includes credit monitoring at all three major credit bureaus, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and internet scanning for Social Security numbers.
Consider a credit freeze
What Equifax is offering may not go far enough to protect you from identity theft.
The best way to protect yourself is to enact a credit freeze, also called a security freeze, on your credit reports at all three major reporting agencies: Equifax, TransUnion, and Experian. A credit freeze blocks consumers’ credit reports from being shared with potential new creditors. Without a credit report, most lenders won’t open a new line of credit.
Enacting a credit freeze is a more proactive approach to securing your information than using credit monitoring services, which simply detect fraud but don’t necessarily prevent it.
“Everyone should assume their information has been compromised,” says Robert Siciliano, CEO of IDTheftSecurity.com. “With so many breaches in the past, you can’t be sure your personal data is safe. The best action you can take is a credit freeze.”
Consumers can temporarily remove the freeze when they want to buy a house or take out an auto loan and then enable it again once they have been approved.
Along with preventing future theft, it’s important to make sure your information hasn’t already been used to hack into existing accounts or to create new ones. You should:
- Scrutinize all credit card and bank statements. Take note of small, but suspicious, charges. Thieves may charge small amounts to see if account holders notice and, if not, will continue using the card.
- Check your credit report from all three credit bureaus. This will help you determine if unauthorized accounts have been opened in your name. Some retailers and companies, such as cell phone carriers, might not require a credit report to open a new account, thus bypassing the protection of the credit freeze. This is where your credit report comes in handy. Bankrate offers a complimentary TransUnion credit report you can access at any time.
- Refrain from giving out personal information over the phone or through email. In the wake of an event like this, criminals might take advantage of people’s fear and vulnerability. Also, be wary of clicking on links within emails.
How it happened
Hackers exploited a “U.S. website application vulnerability” to gain access to personal information between mid-May and July, the credit bureau said. After discovering the breach in late July, Equifax commissioned an independent cybersecurity firm to stop the attack, determine the specific data that was stolen and provide direction to prevent future attacks.
The breach also exposed the credit card numbers of 209,000 consumers and personal information from credit dispute documents of approximately 182,000 people. The company’s consumer credit reporting databases were not impacted.
Equifax says it will notify consumers through the mail whose credit card numbers or dispute documents were exposed. Consumers who only had their personal data exposed will not be notified.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Chairman and CEO Richard F. Smith said in a statement. “I apologize to consumers and our business customers for the concern and frustration this causes.”