In a country of 324 million people, more than half of the adults — as many as 143 million — may have had personal data including name, Social Security number, birthdate and other information compromised by a data breach involving Equifax. Some people had credit card numbers stolen, too.
Equifax is one of the three credit bureaus that collect data on how well consumers pay their bills and manage credit, which impacts everything from whether you get that home loan to the price you pay for auto insurance.
The company says that "based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases."
The company says consumers can go to www.equifaxsecurity2017.com or contact Equifax's special call center at 866-447-7559 and provide their last name and the last six digits of their Social Security number to learn if they were part of the breach. Traffic was so heavy on the site Thursday that Equifax is providing people with sign-up dates to obtain a year of free credit and identity theft monitoring.
The service is free for everyone, not just those who had data compromised, the company says.
What consumers do after figuring that their data is compromised may determine whether the stolen information proves handy to those who took it. Here's some advice collected from cybersecurity experts to help minimize the risk that you'll be compromised. Data breaches are becoming so common that it's good advice even for those not currently compromised:
Be leery of suspicious emails or phone calls that ask for any type of personal information, including those claiming to be from Equifax or companies with whom you have an established relationship. Scammers even pretend to be police to get the unwary to clink links or provide personal data.
Watch your credit accounts, bank statements and investment accounts closely to spot anything suspicious quickly.
Toughen up your passwords and stop using the same one for every account. Pay close attention to your personal email password, too. Don't use nicknames and addresses and birthdates. Come up with something unique but not predictable and use uppercase, lowercase and symbols. If you can, use authentication that requires two steps. Banks and other financial accounts may let you add a level of authentication.
Sign up for alerts by text or email that show activity on the accounts you already have.
Freezing credit is an option that is a bit of a pain — it takes a few days to unfreeze it and it costs $5 per incident per bureau — but it's the only way to make sure no one can open new accounts in your name unless you provide the 10-digit PIN that unfreezes the credit. But as a Plain Dealer article notes, that won't do much to protect the accounts you already have. And some lenders will issue a loan without pulling a credit report, so there's no protection in that case, either.
Check your credit reports often. You get a free one from each agency each year, so you can check one free every four months. Get them only through the federally authorized annualcreditreport.com or by calling 1-877-322-8228. Or mail a request to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, Georgia, 30348-5281. The credit reporting agencies are Equifax, Experian and Transunion.
National Cyber Security Alliance says to keep all your "critical software" up to date to prevent vulnerabilities on all the devices you have that can access the internet.