Worried about the Equifax hack?
Things consumers should know about the high-tech theft of personal info
Credit monitoring company Equifax says it was hit between mid-May and July by a high-tech heist of sensitive personal information from about 143 million Americans, including an unspecified number of Canadians.
Here are five things you need to know:
What is Equifax: The Atlantabased company is one of three major U.S. credit bureaus that collects personal information, such as social insurance numbers, that are used by lenders to decide whether to approve financing for homes, cars and credit cards.
What is the impact on Canadians: Equifax said hackers may have taken “limited personal information” on an unspecified number of Canadians, but provided no details.
Contact information: The company established a website, equifaxsecurity2017.com
How to find out if you have been hacked: Check your credit report annually for free from Equifax, Experian, and TransUnion. Check if you have been hacked.
What to do if your data is hacked:
Monitor your existing credit card and bank accounts closely for unauthorized charges. Contact relevant financial institutions, such as banks that issued credit cards and stop cheques, as quickly as possible. Call local police along with Service Canada if your Social Insurance Number was used. Report confirmed cases to the Canadian Anti-Fraud Centre;
Change all affected passwords with new, strong and unique passwords for each account;
Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. It will not prevent a thief from using any of your existing accounts;
Consider enrolling in a fraud alert. Equifax says it will offer free identity theft protection and credit file monitoring for one year to all U.S. consumers, but doesn’t say if that will be available to Canadians. The service monitors if your information is used to open credit accounts or appears on suspicious websites. Several identity theft and recovery companies provide similar services.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax chair and CEO Richard Smith said in a statement issued with the announcement.
“I apologize to consumers and our business customers for the concern and frustration this causes.”
The company also posted questions and answers about the incident for investors.
Financial regulatory filings show that three of the company’s top executives sold shares of Equifax stock after July 29, the date the firm said the cyberbreach was detected.
On Aug. 1, chief financial officer John Gamble sold shares with a market value of nearly $946,400, while Joseph Loughran, president of Equifax’s U.S. Information Solutions, exercised options to sell nearly $584,100. Rodolfo Ploder, president of business unit Workforce Solutions, sold shares valued at nearly $250,500 on Aug. 2, the filings show. The three executives continued to hold tens of thousands of Equifax shares after the transactions.
Equifax said the officials “had no knowledge that an intrusion had occurred” at the time they sold their shares.
News of the cyber attack comes less than three months after the global Petya ransomware attack spread through computers across North America and Europe, affecting 65 countries.
Similarly, the massive attack of the ‘WannaCry’ ransomware virus infected computers around the world in May.
Computer systems for the IRS, Target, and other government agencies and private companies have also been struck by cyberattacks in recent years. And Yahoo last year disclosed that information from an estimated 500 million of the internet giant’s accounts was stolen in 2014.
Atlanta-based Equifax is one of the nation’s largest credit-reporting companies, along with Experian and TransUnion. Equifax says it organizes and analyses data on more than 820 million consumers and more than 91 million businesses worldwide, and the company’s databases hold employee data submitted by more than 7,100 employers.
After discovering the electronic intrusion, Equifax said it hired an independent cybersecurity firm that has since been conducting a forensic investigation aimed at determining the scope of the electronic intrusion and the specific data accessed.
Equifax also reported the attack to law enforcement agencies and is continuing to work with them, the company said.
Equifax said the company would send direct mail notices to consumers whose credit card numbers or dispute documents were affected by the cyberbreach. The company also is contacting U.S. state and federal regulators and has sent written notifications to all U.S. state attorneys general about the incident.