If you use the Internet, chances are you’ve had to change your password in the past for a few websites, at least, because of data breaches at Yahoo, Anthem, Target, and many others. That’s a hassle. But imagine if you had to spend years trying to convince credit card agencies, bank loan departments, the IRS, and other critical organizations that someone else is using your identity to rack up debt and steal your tax refunds.
This happens to people every day. But after the Equifax data breach, you’re bound to hear about it happening a lot more. And unlike the other breaches, this one creates a lifelong identity theft threat for everyone affected.
Data breaches have become a common occurrence, but until now they mostly involved passwords and usernames, maybe in some cases credit card numbers, and in rare cases birth dates and addresses. The hackers who stole the Equifax data got the motherlode for 143 million accounts. That’s about half of the entire US population.
Think about it - that means there’s a 50% chance you were specifically affected, and a 100% chance someone you know was affected. Specifically, they nabbed full names, addresses, phone numbers, birth dates, credit card numbers, driver’s license numbers and social security numbers. This is everything someone needs to steal your identity and commit fraud on a massive scale.
There’s a lot of damage that can be done with all that information. Fraudsters can get access to online bank accounts and make transfers. They can open up credit cards in your name. They can take out loans and default on payments. They can file fake tax returns and pocket the refund. Any of this can ruin your credit, and fixing a credit rating is a long, torturous and expensive process. Victims have spent decades and thousands of dollars trying to set the record straight and get their financial reputations back.
With most data breaches, you can change your email or passwords and move on. But you can’t easily change your social security number. Last year, 15.4 million consumers were victims of identity theft, with $16 billion stolen overall, according to a Javelin report. Victims of personal information fraud who suffer direct financial hits lose an average of $7,761. Once your social security number is out there on the dark web, it’s out there forever; you can’t get it back. Your identity is then at risk for the rest of your life.
The harm will be felt by victims over time, as hackers continue to trade the stolen data in underground criminal forums. Hackers can make $30 selling a package of your full name, birth date, address, bank account information and banking credentials, while a social security number with name and address goes for $250, according to Dell SecureWorks.
Already, Equifax is taking a drubbing from all sides. The company faces two potential class-action lawsuits, investigations by the FBI, three state Attorney Generals and the House Financial Services Committee, and one lawmaker has asked the House Judiciary Committee to also look into the data breach. The compromise (via a weakness in an unspecified web-facing app) started in mid-May and was discovered July 29, but it took 40 days for word to get to customers, who need to start monitoring their accounts immediately. The company is only offering one year of credit monitoring, when really they’ll need to monitor their accounts for probably the rest of their lives.
So, what should you do if you think you may be among the estimated 50 percent of Americans affected by the breach? You can check this Equifax website to see if your name was on any compromised accounts. However, the results can be inconclusive.
I recommend signing up for a well-known and established credit monitoring service (there are fraudulent ones popping up in response to the news of this breach) and consider setting up a credit freeze, which would prevent anyone from opening new cards in your name. Keep close tabs on your credit reports and financial accounts, set triggers for activity that goes above a certain threshold on bank accounts, and change passwords for all sensitive accounts, using different strong passwords for each. You should also sign up for multi-factor authentication features that send you a text message on your phone, for example, to verify that it’s really you logging into an account.
Data breaches have been happening for years, but this breach means millions of people will have to take extra precautions. The Yahoo breach may have affected more accounts (1.5 billion), but this breach will definitely be more painful to more people, and for much, much longer.