The company said it “discovered the unauthorized access” on July 29 and “acted immediately” to deal with it.
RELATED: New cyberattack rule looms over federal contractors
The information accessed includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, the company said.
Local security experts said consumers should take steps to make sure their personal data was not breached, but not to panic. If hackers were going to use the information, they probably have already done it.
“There’s a very good probability that that information has already” been used, said Shawn Walker of Secure Cyber Defense in Miamisburg.
RELATED: UD, Premier team up to create cybersecurity center
“Watch your bank account, watch your (credit card) statements. … You have to watch your finances.”
Equifax is notifying those whose data may have been compromised. The first public announcement on the breach was Thursday.
“Why they waited three months is beyond me,” Walker said. “That’s a poor instant response. That’s a PR nightmare that they don’t want to deal with.”
The Associated Press reported that on Aug. 1 and Aug. 2, Equifax Chief Financial Officer John Gamble and two other executives, Rodolfo Ploder and Joseph Loughran, sold a combined $1.8 million in stock.
In a statement, the company said the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”
A change in Ohio law lets residents contact credit bureaus to “freeze” their credit, so that “queries” — or examinations of credit worthiness and other intrusions — cannot be launched.
Credit-freezing can be a good step, Walker said.
People can call in a “fraud alert” to one of the three major credit reporting agencies — Equifax, Experian and TransUnion — to prevent new credit being spent with their identity. For 90 days, no one will be able to open a new account in your name.
“Nobody — other than you with a whole lot of pain — can open a new account” in your name, said Vance Saunders, director of the cybersecurity program at Wright State University’s College of Engineering and Computer Science.“I call in fraud alerts on myself all the time.”
Saunders said hackers apparently got into an insecure web site.
“Insecure web sites are probably the No. 1 way that people get in,” Saunders said.
Nick Clements, co-founder of personal-finance company MagnifyMoney, advised consumers to visit the Equifax Security web site. There, visitors can enter last the six digits of their Social Security numbers to see if they have been impacted.
Clements said the Equifax breach may become the new normal.
“We all need to get used to the fact that our information will get stolen” at some point, he said. “We just need to stay calm and don’t panic.”
RELATED: Wright-Patt aircrews off to Texas after Hurricane strikes
Tips for affected consumers include:
• Check your credit report. Monitoring your credit report can help you identify signs of potential identity theft. You are entitled to one free credit report per year from each of the three major credit reporting agencies. Visit www.AnnualCreditReport.com to access those reports. You can pull all three at once, or you can stagger pulling your reports throughout the year.
• Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies — Experian, Equifax, or TransUnion — to place an initial fraud alert, which will stay on your credit report for 90 days. The alert is free of charge and will make it more difficult for someone to open credit in your name.
• Consider placing a security freeze on your credit report. A security freeze essentially puts a lock on your credit so that most third parties can’t access your report. This helps protect you from unauthorized accounts being opened in your name. In Ohio, security freezes are permanent until you lift them. You can be charged a $5 fee per credit reporting agency to place or remove a freeze. Contact each credit reporting agency separately to place a freeze. Note that Equifax is offering a free “freeze” for one year with enrollment in their TrustedID program; however, this will not freeze your reports at Experian or TransUnion.
• Beware of scams related to the breach. Con artists may pretend to have information about the breach or they may falsely claim to want to help you. Some calls or messages may be scams designed to steal your money or personal information. Don’t give out personal information to those who contact you unexpectedly (even if they say they want to help you) and be wary about clicking on links or downloading attachments in messages.
• Monitor your bank accounts. Look for suspicious activity. If you find errors, immediately notify your bank or credit provider.
• When it’s tax season, consider filing early. File your taxes as soon as you have all of the information necessary to file so that there is less of a chance for someone to fraudulently file on your behalf. This is especially important if you know your information has been compromised.
Source: Ohio Attorney General
About the Author
