As many have seen, Equifax had a breach of the personal information of approximately 143 million people. This is one of the largest breaches of personally identifiable information ever. Here are some things that people should do and know about the breach.
- The breach involved a combination of social security numbers, names, birth dates, and addresses. Some drivers license numbers have also been breached. The credit card numbers of approximately 209,000 U.S. consumers and dispute documents for approximately 182,000 U.S. consumers were also accessed.
- The main website for Equifax (equifax.com) has been incredibly slow since the breach. They are likely being flooded with people trying to get information about the breach.
- Equifax has setup a standalone website for the breach. The web address for the standalone site is www.equifaxsecurity2017.com. It is much faster than going to equifax.com.
- Some of Equifax's call center resources, to manage their data breach, were impacted by Hurricane Irma. Call center wait times may be longer while Equifax gets additional call center resources in place.
What should people do?
- First, go to www.equifaxsecurity2017.com and see if your information was released. Also, don't assume if one person in your household / family was not breached that others in the same house weren't breached. Each person needs to be checked. As a personal example, my information was breached, but my wife's was not.
- If your information was breached, you will have to opportunity to sign up for credit monitoring. Some reports are that you will be given a legal agreement to click through while signing up for the credit monitoring. You should read it carefully; and if you have concerns about the terms of the agreement, consult with an attorney.
- Equifax has said that they will be sending letters in the mail to people who had their credit card numbers and dispute documents accessed. Equifax has not announced plans to send letters to the remaining millions of people. The only way they will know if they have been breached is through www.equifaxsecurity2017.com.
- If you do receive a letter that your credit card number has been stolen, immediately contact your credit card company to report the stolen number. They will typically issue you a new card and number and cancel any fraudulent charges made on your account. Nothing else typically needs to be done for a stolen credit card number.
- As a final step, make sure that you monitor your credit reports at least every 6-12 months going forward. Once your information is in criminal hands, they can use it at any time in the future to try to open financial accounts and make purchases in your name. Often the information isn't used for months or even years.
If you have any further questions, please feel free to reach out to the DoIT Security Department by sending email to security@umbc.edu.
Mark Cather
UMBC Chief Security Officer