The Equifax Data Breach
What You Need to Know and Do to Protect Yourself
Donald Kaiser, CPA
Focused on You. Dedicated to Your Success.

Equifax, one of the three largest consumer credit reporting and financial services providers in the nation, announced that their data was breached on September 7, 2017. The personal information of an estimated 143 million U.S. consumers (44% of the population) was stolen from May 13 through July 30, 2017. This includes full names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers.

In addition, credit card numbers for approximately 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed.

Although Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents were impacted, they are not notifying people that their personal information may have been stolen. 

Equifax has found no evidence of unauthorized access to its core consumer or commercial credit reporting databases.

Consumers need to be aware that this data breach could impact their finances, credit, tax returns, as well as their social security and medical accounts. It is important to take steps now. Always use a secure network instead of using public WIFI. Here is what you need to do to protect yourself:

1. Determine if your personal information was stolen
2. Put a fraud alert on your credit.
3. Check your free credit reports .
4. Consider putting a freeze on your accounts with Equifax , Experian , and TransUnion if you do not intend to apply for credit in the foreseeable future. 
5. Contact your banks and request that a personal identification number (PIN) and activity alerts are placed on all of your accounts. Check your bank and credit card statements for fraudulent transactions.
6. Get free identity theft protection . Equifax is offering TrustedID Premier , its identity theft protection and credit file monitoring service for free to all U.S. consumers (impacted by the data breach or not) for one year. TrustedID Premier includes three-bureau credit monitoring (Equifax, Experian and TransUnion), copies of your Equifax credit report, the ability to lock and unlock your Equifax credit report, identity theft insurance, and internet scanning for your Social Security number. Interested consumers must enroll by November 21. 
7. Change your sign-on credentials. User ids and/or password should be changed on important bank accounts and any other important accounts. Use different passwords for each account. Enable two-factor authentication, if possible.
8. Change your primary email address for all bank and other important accounts if it is used to change your sign-on credentials. 
9. Protect yourself from tax identity theft:
  • File your federal and state tax returns early. 
  • Monitor your IRS account
  • Adjust your withholdings if you typically receive large refunds.
  • Apply for an IP PIN number. The IRS offers an identity protecting PIN (IP PIN) to prevent someone from filing a fraudulent return with your Social Security number. Participants get a new six-digit number each year that must be used to file a tax return. Otherwise, your e-filed return will be rejected and processing a paper filed return will be delayed. As of this writing, the IRS is issuing pins to prior victims of tax related identity theft, taxpayers in certain states (Florida, Georgia, and the District of Columbia) and individuals that are invited to opt-in to the program. If you've placed a credit security freeze with Equifax or another credit bureau, you must have the freeze temporarily removed to allow the IRS to verify your identity.
10. Protect your Social Security account:
11. Watch for medical identity theft. Check your medical bills and “explanation of benefits” notices from your insurance company for charges for services that did not happen and equipment or medical devices you do not have. Also check with your pharmacy to ensure that no one is filling your prescriptions. 

12. Watch out for scams and phishing schemes related to the breach. If you receive an email link from Equifax offering to help you survive its massive security breach, do not open the message, click on the links, or open the attachments. Do not respond to email, text messages or phone calls that request personal information — no matter who the caller or sender claims to be with. Go directly to the source (website, email address or phone number you know is legitimate). Equifax only sends mail to consumers through addresses that end in, and 

More information on the data breach is available from Equifax , or the Federal Trade Commission (FTC)

Additional information is available from the FTC on how to protect yourself after a data breach .

This is not the first time in 2017 that there was a data breach at Equifax. The company reported that a payroll service was compromised during the 2016 tax season. Although Equifax claims that the two incidents are not related, they do suspect that the same perpetrators may be involved. 

Deloitte, a worldwide Big 4 accounting and consulting firm, announced on September 25, that it too is a victim of a data breach. The firm’s email server was compromised from October 2016 to March 2017. Some five million emails were exposed along with sensitive attachments. The hackers may have gotten usernames, passwords, IP addresses, business information and workers' health records. The breach apparently stemmed from an administrator's account that was protected by a password and not two-step verification.

Securing customer data is increasing more important than ever before. Companies must do everything possible to protect their servers from a data breach. 

If you believe you are the victim of identity theft or a data breach, contact local and federal law enforcement authorities such as the FTC Consumer Response Center and your state’s attorney general office

You are also welcome to contact either Don Kaiser, CPA and principal (732-341-3893 ext. 15 or ) or myself (610-828-1900 or ) with questions. We are always happy to help.
Martin C. McCarthy, CPA
Managing Partner
McCarthy & Company, PC

Disclaimer This alert is for informational purposes only and does not constitute professional advice. Information contained in this communication is not intended or written to be used as tax advice, and cannot be used by the recipient to avoid penalties that may be imposed under the Internal Revenue Code. We strongly advise you to seek professional assistance with respect to your specific issue(s).