Resource Articles Back to Article List

The Equifax Breach: Steps to Protect Your Family

On Thursday, September 7, 2017, Equifax, a major U.S. credit bureau, announced that a data breach was discovered that may have resulted in attackers gaining access to personal information for approximately 143 million consumers. The information accessed includes names, social security numbers, birth dates, addresses, and in certain cases driver’s license numbers. Furthermore, the credit card numbers of approximately 209,000 individuals and dispute documents with personally identifiable information for approximately 182,000 individuals were accessed. Equifax believes the hackers accessed the files between May and July of 2017, and that the attack was caused by a vulnerability in Equifax’s web application software.

Equifax has established a new website, www.equifaxsecurity2017.com where consumers can check if their information is at risk and enroll in Trusted ID Premier, the company’s credit monitoring service, free for one year. To check if your information was accessed, the website will ask for your last name and the last six digits of your social security number. Upon submitting that data, the user will find out whether or not their information was believed to be accessed. The user may then proceed to enroll in Equifax’s credit monitoring service. Equifax is providing the credit monitoring service free for one year for everyone, whether or not their personal information was exposed. Consumers have until November 21, 2017 to enroll in the service.

While enrolling in a credit monitoring service is a good idea, consumers may wish to take additional precautions, given the sensitive nature of the information accessed. Those precautions may include placing a security or credit freeze on your credit records. Doing so may help to prevent fraudulent account openings. A security or credit freeze on your account prevents third parties from obtaining your credit files unless you provide a PIN to unlock the information, which may take several days to “unfreeze.” Generally, there is a fee associated with placing a security or credit freeze on your records. Each of the major credit bureaus offer this service.

Consumers could also place a fraud alert on their credit records. A fraud alert places a red flag on your credit file, but does not prevent third-parties from viewing the information. Third-parties (such as lenders when you apply for a new loan) that receive a credit report with a fraud alert are required to take additional steps to verify your identity and activity on the credit report. Fraud alerts are generally free to place on your credit file, but may be temporary depending on the type of alert.

With concerns over fraudulent tax filings, the Federal Trade Commission has recommended that all consumers file their 2017 income tax returns as early as possible, which gives would-be thieves less time to file a fraudulent tax return on your behalf. Also, keep in mind that the Internal Revenue Service (IRS) never initiates contact with taxpayers via email, text message, or through social media.

Be alert to any unusual emails, text messages, or phone calls that you receive that claim to be coming from your financial institution, especially if they request that you provide personal information, such as social security or account numbers, or if they request that you click on a link or perform some other action. Experts expect that there will be an increase in phishing attacks related to this data breach, so be mindful of any unusual emails that you may receive.

Consumers should also regularly monitor their banking and credit card accounts for unusual activity or charges. Many financial institutions and credit card companies now allow customers to sign up for alerts or notifications. These services may notify you in the event that transactions exceed a certain dollar amount or have other unusual characteristics (i.e. geographic location, time of day, etc).

Given the amount of records and the type of information accessed, the fallout from this breach will continue for some time. But taking a few steps to protect yourself and being extra-cautious about unusual emails and phone calls can go a long way toward minimizing the damage to you and your family.

Gregory H. Soule, CPA, CISA, CISSP, CFE is a senior manager in AHP’s Auburn Hills office.