I suppose the biggest hint of how serious this news release is for all of us is the fact that the Big Kahunas at Equifax jumped ship before the hack went public.
Well, that and the timing of this big story while all of the media spotlights are shining on South Florida in expectation of Hurricane Irma.
So, you need to assume you’re screwed here and do something. But what?
Their Site is Sneaky in How It Lets You Know You’ve Been Compromised
If you go to their site, and follow their steps, you’ll get a request to enter the last six digits of your SSN with your last name. Then you get a message that you will receive their free Identity Theft coverage for one year … but you’ll have to come back on the date that’s given in order to join up.
Yes, that’s right. They want you to input the last six digits of your SSN into a site they’ve just admitted was compromised.
In South Texas, we say they’ve sure got some big huevos, boy howdy.
And that’s it. That’s the only tip to you that some of your personal information has been stolen from the site. They don’t give you any details. Heck, they don’t even tell you “yes, your information is involved.” All you get is this little invite popping up.
TechCrunch has called them on this as a lack of “actual functionality” and is pushing them to do the right thing here. Like give us details.
But right now, their site is still sneaky in how it’s letting you know that you’re a part of the pack that’s been exposed to the Dark Side.
What Can You Do Right Now?
So, what can you do, now that you know your personal information is out there, somewhere?
1. Have I Been Pwned
Well, Kim Komando recommends going over to the web site “Have I Been Pwned” – and that’s good advice.
Be prepared, you’re not going to like what it tells you. But at least you know, and can take action.
And you can sign up so the site will give you notice in the future if your accounts have been breached at other sites (like LinkedIn, or Adobe, or Dropbox).
2. Identity Theft Protection or Credit Freeze
Next, you can get yourself some Identity Theft Protection. That’s the freebie for one year that Equifax is offering you in the sneaky message affirming that your information on their site has been hacked.
Silly me, but I don’t know that I want to trust their Theft Protection service. Call me paranoid.
So, I surfed around and discovered advice from Steve Weisman, a law professor and cybercrime expert, who blogs at scamicide.com.
In his April 22, 2017, USA Today piece entitled “Is identity theft protection worth it?” Mr. Weisman suggests that maybe it’s not the best course to take.
Instead, he suggests a “credit freeze.” Go read his article – makes good sense.
3. Change Those Passwords
And, of course, you need to go and change those passwords. Use different ones for each account, too.
And I’m reading lots of folk suggesting that you do the two-step authentication for added security. Problem is: that in and of itself may open you up to being hacked. Whattha? Yep.
Check out the May 2017 article by Joseph Cox in Vice, entitled “We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed.” The key language here (and the scary part):
"Everyone's accounts protected by text-based two-factor authentication, such as bank accounts, are potentially at risk until the FCC and telecom industry fix the devastating SS7 security flaw," Lieu said in a statement published Wednesday. "I urge the Republican-controlled Congress to hold immediate hearings on this issue."
4. Visit the FTC Site
Finally, you can visit the government site which stores lots of information about identity theft. Like the following things you need to know because Equifax has been hacked.
What Do Thieves Do With Your Information?
Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new utility accounts, or get medical treatment on your health insurance. An identity thief can file a tax refund in your name and get your refund. In some extreme cases, a thief might even give your name to the police during an arrest.
Clues That Someone Has Stolen Your Information
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account
- If your wallet, Social Security number, or other personal information is lost or stolen, there are steps you can take to help protect yourself from identity theft.
Equifax’s Explanation of What Went Wrong
So, what has happened here, anyway? Equifax has issued a long news release giving details. I’ve inserted the full text of their news release, entitled “Consumer Notice” below for your convenience.
Notice that they are telling you that “names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers … [and] credit card numbers for approximately 209,000 consumers and certain dispute documents… have been stolen.
At Equifax, protecting the security of the information in our possession is a responsibility we take very seriously. This is to notify you of a data security incident that may have exposed some of your personal information, including your Social Security number and other identifying information. This