Equifax Data Breach: What You Need to Know

Attorney General Ellen Rosenblum
One of the three major credit reporting companies - Equifax - revealed that the personal data of 143 million U.S. consumers in its care - nearly half the country - has been compromised. This huge hack of personal data occurred over the period May through July, 2017, but was not publicly reported by Equifax until September 7.

During the period of the breach, the hackers accessed people's names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. They also stole credit card numbers and credit card dispute documents with personal identifying information.

"This is a monster data breach!" exclaimed Attorney General Ellen Rosenblum. "All of the personal information accessed by the hackers can be used fraudulently to validate the claimed identity of someone trying to open a bank or credit account. I urge Oregonians to assume your personal information has been hacked and take extra precautions to help ensure its safety. Here are some suggested actions to take."

1. Do NOT visit Equifax's website to find out if your information was exposed or to enroll in Equifax's credit monitoring service. The website's terms of service potentially restricts your legal rights. Buried in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident. And because the hackers gained access to the information through Equifax's U.S. website, it is unclear whether the information you enter to determine if your information has been compromised (your last name and the last six digits of your Social Security number) will be protected from future breaches.

2. Check your credit report for inaccuracies. You can request your credit report for free from each of three reporting bureaus every year by visiting www.annualcreditreport.com or by calling 1-877-322-8228.

3. Place a credit freeze. A credit freeze will halt any application for a new line of credit and remain in effect until you request that it be lifted. Keep in mind that a credit freeze won't prevent a thief from making charges to your existing accounts. 

4. Place a fraud alert. A fraud alert is a statement in your credit file that notifies anyone requesting a copy of your credit report that you may be a victim of ID theft. There are three different types of fraud alerts: an initial alert, an extended alert and an active duty alert. For more information on these types, visit https://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft/.

5. File your taxes as early as possible. As soon as you have the tax information you need, file your taxes before a scammer does. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

6. Visit www.identitytheft.gov to learn more about protecting yourself after a data breach.

Under Oregon law, businesses with Oregon customers are required to inform customers and the Attorney General's Office about security breaches that have placed personal information in jeopardy. For more information on the law and to view a copy of the Equifax breach notice, please visit https://justice.oregon.gov/consumer/databreach/.

In short - Do not rely on Equifax to help you deal with this data breach. Consider taking these suggested actions to protect your information going forward. Check your credit report every four months or so. Thieves can use your information anytime and anywhere!