(1) What Happened
Equifax discovered a breach of personal and financial information on July 29, 2017. They hired security company Mandiant on August 2. The public wasn’t notified until September 9 when Equifax claims it finally understood the scope of the breach. Around 143 million Americans and in some cases, UK and Canadian residents, were affected. The private data that was exposed is crucial to people’s financial identities. Social security numbers, birth dates, and addresses were stolen, leaving those Americans vulnerable to identity theft. In some instances, driver’s license numbers were also stolen. And finally, the credit card numbers of approximately 209,000 people were a part of the breach.
(2) What Happens Next
Equifax is now under investigation by several different entities, including the Consumer Financial Protection Bureau, the Federal Trade Commission, and at least 34 state attorneys general. Additionally, the federal government has launched a criminal investigation into potential insider trading conducted as a result the breach (discussed below).
A wave of lawsuits have already been filed against Equifax with many more likely to come. If your information was compromised, being a part of a class action lawsuit may mean you give up the right to sue a company on your own. If you’ve suffered major financial harm, joining a class action may not be the right course of action and you should consult an attorney regarding whether you should opt out. If you do, however, decide to be a part of a class action, there might not be much of a payoff anyway. With Equifax’s plummeting stock prices, there’s less and less pie to get a piece of.
(3) There Was Another Breach in March of 2017
According to Bloomberg Technology, Executives at Equifax learned of a breach in March of 2017 – almost five months before they disclosed the July breach to the public. This breach was not connected to the July breach, but it did involve the same hacker entities. As of publication of this article, Equifax has not publicly admitted to the March breach, though they hired the same security company, Mandiant, to investigate it.
(4) Potential Insider Trading
Further questions arise because there was a series of unusual stock sales by executives at Equifax that occurred on August 1 and August 2 – just days after Equifax discovered the July 29th breach. Senior executives sold shares totalling almost $1.8 million. If those executives were aware of the March breach and that their cyber security was not strong enough thwart a cyber-attack, they may be charged with insider trading. In fact, the U.S. Department of Justice and the FBI have already opened a criminal investigation into those stock sales. Equifax maintains the executives were not aware of the breach.
(5) What You Should Do About It
First and foremost, monitor your credit at all three main credit bureaus: Equifax, Experian, and TransUnion. Consumers are entitled to one free credit report each year. Examine it closely for unfamiliar activity that may be identity theft. If you find any such activity, visit IdentityTheft.gov to get started fixing the situation.
In monitoring your credit, beware of scam companies. Some companies set up spoof websites to try to steal your information or scam you. They sound like legitimate operations, but always do some research on their reputation and whether others have experienced scams at their hands.
You can also consider a credit freeze – also called a security freeze. In a nutshell, it freezes your credit and can only be unfrozen using a personal identification number (PIN) that you receive when you enroll. This makes it difficult for someone to open a new account in your name. Keep in mind, however, that it will not prevent a scammer from making charges to already existing accounts.
With millions of Americans freezing their credit, Equifax has had trouble processing some of the freezes, according to Clark.com. It may be wise to check back in a week while they sort through the technical difficulties and wait for the high volume of requests to subside. Set an alarm on your calendar, if necessary.
If you decide you don’t want to freeze your credit, setting up fraud alerts is another option. This warns creditors that you are a potential victim of identity theft and they should contact you to verify that whoever is seeking credit using your name is actually you.
Finally, if you know your information has been exposed, file your taxes early. If someone tries to file their taxes using your social security number with the goal of obtaining a refund, your own refund might get put on hold while the IRS takes the time to sort it out which can take months or a year or more. You can also request a five digit PIN code from the Internal Revenue Service (IRS). Doing so ensures that no tax return to the IRS with your social security number on it will be accepted electronically without this number.
The Federal Trade Commission has a website with more detailed instructions (and checklists!) on what to do if your information was compromised.
If you’ve been affected by this breach and have suffered financial harm as a result, you can set up a consultation with us by calling us at 704-457-1010 or visiting www.lindleylaw.com.