Equifax, one of the three largest consumer credit reporting and financial services providers in the nation, announced that their data was breached on September 7, 2017. The personal information of an estimated 143 million U.S. consumers (44% of the population) was stolen from May 13 through July 30, 2017. This includes full names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers.
In addition, credit card numbers for approximately 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed.
Although Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents were impacted, they are not notifying people that their personal information may have been stolen.
Equifax has found no evidence of unauthorized access to its core consumer or commercial credit reporting databases.
Consumers need to be aware that this data breach could impact their finances, credit, tax returns, as well as their social security and medical accounts. It is important to take steps now. Always use a secure network instead of using public WIFI. Here is what you need to do to protect yourself:
4. Consider putting a freeze on your accounts with
Equifax
,
Experian
, and
TransUnion
if you do not intend to apply for credit in the foreseeable future.
5. Contact your banks and request that a personal identification number (PIN) and activity alerts are placed on all of your accounts. Check your bank and credit card statements for fraudulent transactions.
6. Get free
identity theft protection
. Equifax is offering
TrustedID Premier
, its identity theft protection and credit file monitoring service for free to all U.S. consumers (impacted by the data breach or not) for one year. TrustedID Premier includes three-bureau credit monitoring (Equifax, Experian and TransUnion), copies of your Equifax credit report, the ability to lock and unlock your Equifax credit report, identity theft insurance, and internet scanning for your Social Security number. Interested consumers must enroll by November 21.
7. Change your sign-on credentials. User ids and/or password should be changed on important bank accounts and any other important accounts. Use different passwords for each account. Enable two-factor authentication, if possible.
8. Change your primary email address for all bank and other important accounts if it is used to change your sign-on credentials.
9. Protect yourself from tax identity theft:
- File your federal and state tax returns early.
- Monitor your IRS account
- Adjust your withholdings if you typically receive large refunds.
- Apply for an IP PIN number. The IRS offers an identity protecting PIN (IP PIN) to prevent someone from filing a fraudulent return with your Social Security number. Participants get a new six-digit number each year that must be used to file a tax return. Otherwise, your e-filed return will be rejected and processing a paper filed return will be delayed. As of this writing, the IRS is issuing pins to prior victims of tax related identity theft, taxpayers in certain states (Florida, Georgia, and the District of Columbia) and individuals that are invited to opt-in to the program. If you've placed a credit security freeze with Equifax or another credit bureau, you must have the freeze temporarily removed to allow the IRS to verify your identity.
10. Protect your Social Security account:
11. Watch for medical identity theft. Check your medical bills and “explanation of benefits” notices from your insurance company for charges for services that did not happen and equipment or medical devices you do not have. Also check with your pharmacy to ensure that no one is filling your prescriptions.
12. Watch out for scams and phishing schemes related to the breach. If you receive an email link from Equifax offering to help you survive its massive security breach, do not open the message, click on the links, or open the attachments. Do not respond to email, text messages or phone calls that request personal information — no matter who the caller or sender claims to be with. Go directly to the source (website, email address or phone number you know is legitimate). Equifax only sends mail to consumers through addresses that end in @equifax.com, @trustedid.com and @e.equifax.com.
Resources
This is not the first time in 2017 that there was a data breach at Equifax. The company reported that a payroll service was compromised during the 2016 tax season. Although Equifax claims that the two incidents are not related, they do suspect that the same perpetrators may be involved.
Deloitte, a worldwide Big 4 accounting and consulting firm, announced on September 25, that it too is a victim of a data breach. The firm’s email server was compromised from October 2016 to March 2017. Some five million emails were exposed along with sensitive attachments. The hackers may have gotten usernames, passwords, IP addresses, business information and workers' health records. The breach apparently stemmed from an administrator's account that was protected by a password and not two-step verification.
Securing customer data is increasing more important than ever before. Companies must do everything possible to protect their servers from a data breach.
You are also welcome to contact either Don Kaiser, CPA and principal (732-341-3893 ext. 15 or
[email protected]
) or myself (610-828-1900 or
[email protected]
) with questions. We are always happy to help.