SPRINGFIELD – Are you among the 143 million Americans who had their personal information compromised in a data breach at Equifax? If so, you are among well over half of the adult population in the U.S. that has been affected.
Equifax, one of the country’s largest credit reporting bureaus, learned of the hack on July 29 but waited until Sept. 7 to announce the data breach. The stolen information includes Social Security numbers, driver’s license numbers, names, dates of birth, credit card numbers and addresses.
Anyone who has ever applied for a credit card, car loan, mortgage or any other type of credit likely has a credit rating with Equifax, which is one of three services used routinely to check someone’s credit.
In response to the data breach, The New York Times reported that leaders of the Senate Finance Committee have demanded answers from Equifax and pressed for more details about three Equifax executives who sold shares after the breach was discovered. Three senior executives, including the company’s chief financial officer, John W. Gamble Jr., sold shares worth almost $1.8 million in the days after the breach was discovered but before it was disclosed. The shares were not part of a sale planned in advance.
The Times article noted that it is not uncommon for information about data breaches to develop over time because initial reports of a minor breach can be proved wrong with further investigation. Therefore, if a corporate executive sold shares before the full extent of the breach was known, the trading might not have been material at the time, even though it now looks suspicious.
Soon after the breach was announced on Sept. 7, Reuters reported that over 30 lawsuits had been filed against Equifax in the U.S. including at least one accusing the company of securities fraud. In that suit, Equifax was accused of “misleading shareholders about its ability to protect consumer data, inflating its financial statements and share price before the truth became known.”
What can you do?
Equifax said it will provide free credit monitoring to everyone for one year because of the breach.The company has set up a website (www.equifaxsecurity2017.com) where people can check whether their personal information potentially was affected by the breach.
In Illinois, Attorney General Lisa Madigan has launched an investigation into the data breach and is calling on Equifax to provide free credit freezes for all Illinois residents.
“The potential risks to Illinois consumers from Equifax’s massive data breach are serious,” Madigan said. “I urge every Illinois resident to take precautions such as placing a freeze on your credit to reduce any damage likely to occur as a result of this massive data breach.”
Madigan also called on Equifax to suspend its charge for placing a credit freeze on their accounts in light of the significant risk of identity theft posted by the breach. Currently, Equifax is permitted to charge Illinois residents up to $10 to implement a credit freeze, remove a freeze or temporarily thaw a credit freeze, with limited exceptions for identity theft victims, individuals age 65 or older, and active duty military service members.
Madigan urged Illinois residents to take the Equifax breach seriously. The following steps are suggested as protection from the possibility of identity theft:
* Seriously consider placing a credit freeze on your credit reports with all three consumer reporting agencies: TransUnion, Experian, and Equifax;
* Regularly request your free credit reports, inspect them closely, and promptly dispute any unauthorized accounts;
* Inspect all financial account statements closely and promptly dispute any unauthorized charges;
* Consider placing alerts on your financial accounts so your financial institution alerts you when money above a pre-designated amount is withdrawn;
* Beware of potential phishing e-mails; do not open any e-mail messages or attachments from unknown senders and do not click on any unknown links. Fraudsters will frequently send coercive and misleading e-mails threatening account suspension or worse if sensitive information is not provided. Remember, businesses will never ask customers to verify account information via e-mail. If in doubt, contact the business in question directly for verification and to report phishing e-mails; and
* Be on the lookout for spoofed e-mail addresses. Spoofed e-mail addresses are those that make minor changes in the domain name, frequently changing the letter O to the number zero, or the lowercase letter l to the number one. Scrutinize all incoming e-mail addresses to ensure that the sender is truly legitimate.
Consumers with questions regarding Equifax’s data breach are encouraged to contact Equifax at (866) 447-7559. People may also contact Madigan’s Identity Theft Hotline at (866) 999-5630 or review identity theft resources on her website at http://www.illinoisattorneygeneral.gov/consumers/hotline.html. The hotline is staffed with identity theft experts who can help victims report the crime to local law enforcement and financial institutions, work to repair their credit and prevent future theft. Hotline operators can also assist callers who want to take proactive steps to prevent their personal information from being stolen.
Joining Madigan in the Equifax investigation are the attorneys general from Connecticut and Pennsylvania.