NEW YORK — A huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.
Unlike other data breaches, those affected by the breach may not even know they’re customers of the company.
Equifax is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders — sometimes without you knowing.
The data breach is among the worst ever because of the amount of people affected and the sensitive type of information exposed.
How many people were affected?
The company says as many as 143 million people in the United States were hit. Others in the U.K. and Canada were also impacted, but Equifax hasn’t said how many. Credit card numbers for about 209,000 U.S. customers were compromised, in addition to “personal identifying information” on about 182,000 U.S. customers.
Who was impacted?
Equifax said it will send notices in the mail to people whose credit card numbers or dispute records were breached. The company said it found no evidence that consumers in other countries were affected beyond the U.S., U.K. and Canada.
What information was accessed?
The hackers accessed personal information such as names, Social Security numbers, birth dates, addresses, credit card numbers and the numbers of some driver’s licenses.
When did this happen?
Equifax said the breach happened between mid-May and July. It discovered the hack on July 29. It informed the public on September 7.
How did this happen?
Equifax said criminals “exploited a U.S. website application vulnerability to gain access to certain files.” A company spokesperson did not immediately respond to a request for further comment.
Who was behind the breach?
The company hasn’t clarified but noted an investigation is ongoing.
Am I at risk, and what is Equifax doing to help?
Equifax is proposing that customers sign up for credit file monitoring and identity theft protection. It is giving free service for one year through its TrustedID Premier business, regardless of whether you’ve been impacted by the hack.
To enroll and/or check whether you were affected, visit www.equifaxsecurity2017.com and click on the Check Potential Impact tab. You’ll need to provide your last name and the last six digits of your social security number. Once submitted, you will receive a message indicating whether you’ve been affected.
Then, you have the option to enroll in the program, but you can’t actually sign up for the service until next week. Each customer is provided an enrollment date starting earliest on Monday.
Can I sue Equifax?
You may limit some of your rights to sue if you sign up for Equifax’s offer of free identity theft protection and credit file monitoring. You must notify Equifax within 30 days of signing up that you do not agree with its demand to submit disputes to arbitration. But there are attorneys who argue that even if you don’t opt out that way, the arbitration provision does not cover suits related to this breach.
It seems like cybersecurity hacks are happening a lot. Is this the biggest ever?
The Equifax breach is one of the largest breaches ever. Some other high-profile examples include two breaches at Yahoo — the bigger one involved 1 billion accounts, the lesser impacted 500 million — and a hack at Myspace that involved 360 million accounts.