On July 29, 2017, a massive data breach happened within the Equifax servers. If you don’t know what Equifax is, you should. Equifax is one of three major credit reporting agencies that compile and sell credit reports. If you have ever purchased a vehicle, a home, or opened a credit card in your name, either Equifax, Experian, or TransUnion have your information stored. Your full name, Social Security Number, credit information, birthday, addresses, and driver’s license numbers are the types of information that these credit agencies store.
Equifax’s breach of data means that a person or a group of people have stolen information from the company and now possibly have access to all your information. This is a big deal. With this information, identity theft is possible and it is now likely. According to Equifax, roughly 143 million Americans’ information has been stolen. That is 44 percent of the United States population, including those under the age of 18. Excluding those under 18 brings the percentage to 57 percent. Fifty-seven percent of adult American’s information has been stolen. Additionally, 209,000 credit card numbers were leaked. The leak also extends to a number of people who are citizens of Canada and the U.K.
So, what does this mean for you? This means that you are possibly in some sort of evil lottery, where the “winners” have their identities stolen. Sounds like something out of a horror movie, but there are some actions you can take to see if your information was stolen and to prevent identity theft. Here’s how:
- CHECK IF YOUR INFORMATION WAS STOLEN
You may check if your information was stolen by visiting www.equifaxsecurity2017.com. All you have to do is enter your last name and the last six digits of your social security number, then Equifax will tell you whether or not your information was leaked. There is no guaranteed way to know if your information was leaked or not, but this is a good start. Within the terms and conditions of this monitoring site, Equifax placed an agreement that prevent users from seeking action against the company in the class action suit as well as any other method. Also, even if Equifax denies your information being leaked, it is worth following some of the steps below.
- GET A CREDIT REPORT
Every adult U.S. Citizen is entitled to one free credit report a year. Thanks to www.AnnualCreditReport.com, you can check your credit for free, if it’s your first time doing so this year. Due to high traffic to the site in recent weeks, it is difficult to check your score, but if you’re able to get onto the site, enter in the information asked. The credit report you receive will be a good base point to monitor credit for the next few months.
- MONITOR YOUR CREDIT
Using the credit information you received from Annual Credit Report, keep a close eye for movement in your credit score. You can use one of those free score checkers that you see commercials for all the time (you know the ones with the catchy jingles). If there is a movement in your report, call your bank immediately and seek action to fix the issue.
- PERFORM A CREDIT FREEZE
You are able to freeze your credit for as long as you like, but this is optional. According to ABC Action News, Equifax is offering free credit freezes through November 21, 2017. By calling all three credit reporting agencies (Equifax, Experian, and TransUnion), you can freeze your credit which disallows anyone with your information to use it. If your credit is frozen, neither you nor an identity thief can use your information to take out a loan, make a large purchase, or open a credit card. This step is completely optional. Each agency charges a small amount of money to freeze your credit, but the system is all automated and takes just a few minutes to do by phone. Also, if you are planning to make a large purchase such as a car or home, or even looking to take out a loan, a credit freeze will not allow you to do so. If you choose to freeze your credit, you may still use your credit card as normal, as this will not be affected.
- IF YOUR INFORMATION WAS STOLEN
If Equifax shows that your information was part of the data leak, you can fight for monetary compensation. Thanks to the “Fair Credit Reporting Act” you can sue Equifax. The FCRA states “If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in a state or federal court.” The FCRA is a protection act that provides consumers with the ability to see what information of theirs the credit reporting agencies have. It also provides protection to your information and does not allow for unauthorized sharing of your information. As such, negligent data breach is an unauthorized share of your information.
If you used Equifax’s monitoring service mentioned above, you cannot seek action against Equifax due to the terms and agreements subjected on their site.
However, there are a few ways to actively seek action if you haven’t used the monitoring site. You can go to Small Claims court, which is free, but limits the amount of monetary compensation you can receive and is time sensitive. Shannon Liao with The Verge released a very informative article explaining how to use a free Chatbot to sue Equifax. This method still limits how much compensation you can receive, ranging from $2,500 to $25,000.
You could file a personal formal lawsuit, in which case you would have to hire a lawyer. This option would pay much more dividend and allow for a higher monetary compensation. This process could take up to a year, but it would be easier to receive your money. (Keep in mind, a win is not guaranteed, but is likely in any case.)
The third option is joining the class action lawsuit. This is the easiest method and only involves providing a lawyer with your information to be included in the ongoing lawsuit that has already begun. If the case is won, the winnings will be divvied up between all others included in the case, while the lawyer walks away with the most.
There is no doubt that Equifax has been under fire for the past month, and there is good reason for it. According to The Verge, Equifax announced the data breach on September 7, but they knew about it on July 29. It took Equifax 40 days to disclose the incident to the public. In addition to them taking 40 days to inform the public, three bigwigs associated with Equifax sold $1.8 million worth of company’s stock on August 1 and August 2.
Anders Melin from Bloomberg wrote:
Regulatory filings show that on Aug. 1, Chief Financial Officer, John Gamble sold shares worth $946,374 and Joseph Loughran, President of U.S. Information Solutions, exercised options to dispose stock worth $584,099. Rodolfo Ploder, President of Workforce Solutions, sold $250,458 of stock on Aug. 2. None of the filings list the transactions as being part of 10b5-1 scheduled trading plans.”
Although Equifax reports that the executives had no prior knowledge of the intrusion at the time of selling their shares, a sudden drop in expenditures such as this one seems odd, especially since it was not a part of the Equifax scheduled trading plans. It is easy to assume that Equifax would have released information of the data breach to its executives as soon as it was known. Whether this is the case is still unknown.
The information breach came from a fault in the coding of Equifax’s servers. Equifax uses a coding site to pull code that supports its servers. Apache Struts hosts prewritten codes to be used for a multitude of different websites and servers. It makes coding and structuring a lot easier for companies. Code CVE-2017-9805 had a “Critical Error” according to Apache. “CVE-2017-9805 is a nine year old security flaw,” said Apache in its recent press release, “since vulnerability detection and exploitation has become a professional business, it is and always will be likely that attacks will occur even before we fully disclose the attack vectors.” This statement reveals the likelihood of further exploitation, which the public is not aware of.
The code which Equifax used was nine years old, which is an incredibly long time by technology standards. This leads one to wonder about how old the rest of the coding, which supports the information of most of the population, could be. Assuming both Experian and TransUnion take note of the latest data breach, security and software will hopefully be updated to prevent further incidents.
As of Tuesday, September 26, Richard Smith, Equifax CEO, stepped down with a pension of roughly $18 million. According to Ron Lieber and Stacy Cowley with The New York Times, Smith has been with Equifax for 12 years, since 2005. Of course, one can only assume his resignation was due to this data breach.