On September 7, 2017, Equifax announced that it had experienced a cybersecurity breach impacting approximately 143 million people. It appears that the unauthorized access occurred mid-May through July 2017.

If a credit report was run on you prior to, or during the breach, then your information was probably exposed by the incident. Equifax has reported that names, Social Security numbers, birth dates and addresses and potentially driver’s license numbers were accessed. In addition, if you have ever disputed credit information, then the personally identifiable information you submitted could have been accessed. Finally, if you paid for Equifax services by credit card in the past, that number may have been compromised.

Since a lot is still unknown about the breach it is difficult to provide definitive advice but here is a list of steps which you should consider now:

  1. Go to equifaxsecurity2017.com for information on how to enroll in the Equifax complimentary identity theft protection and credit file monitoring service. Early language from Equifax indicated that enrolling may limit your legal recourse. Equifax recently posted the following:
    To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.
  2. Pull a copy of your credit reports by visiting annualcreditreport.com.
  3. Place a credit freeze at ALL THREE credit reporting agencies (Equifax (800-349-9960), Experian (888-397-3742) and TransUnion (888-909-8872). This will make it harder for someone (including you) to open a new account in your name. See: www.consumer.ftc.gov/articles/0497-credit-freeze-faqs for more information.
  4. Closely monitor your credit card and bank accounts for suspicious activity.
  5. If you after doing the above, you are still worried you may place an Initial Fraud Alert on your file. This will protect you from unverified access to your account for 90 days. See: www.consumer.ftc.gov/articles/0275-place-fraud-alert
  6. If you are a victim of identity theft you should report it to your local law enforcement and report the theft to www.identitytheft.gov/#what-to-do-right-away. Then you should Place an Extended Fraud Alert on your file. See: www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes.
  7. Constant vigilance. While the initial breach of sensitive data occurred in 2017, consumers may not experience the full ramifications of the breach until two or three years down the road. Identify thieves are likely to strike when consumers are not on high alert.

As always, feel free to contact us if you have any questions or would like to discuss.

By James E. O’Connor of Baird Holm