Equifax says data breach may have exposed personal info of 143 million consumers

Equifax, one of the nation’s three main credit reporting agencies, has announced a “cybersecurity incident” that could potentially impact roughly 143 million U.S. consumers, according to a statement released on the company’s website.

The news comes just months after a breach occurred at an Equifax subsidiary earlier this year, exposing W-2 and payroll data to criminals.

Equifax data breach exposes personal info of millions of Americans

According to Equifax, hackers exploited a security vulnerability in a U.S.-based application to gain access to consumers' personal files. After discovering the breach on July 29 of this year, the company says it "acted immediately to stop the intrusion" and "promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted."

Equifax says it reported the criminal access of its data to law enforcement and “continues to work with authorities.”

The investigation into the incident found that the unauthorized access to personal files occurred from mid-May through July 2017.

According to a statement on its website, "The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases."

Read more: Never give your Social Security number at these places

Personal information exposed in the breach

According to Equifax, the information exposed in the breach is more than enough to cause people some serious trouble — with criminals gaining unauthorized access to consumers’ names, Social Security numbers, birth dates, addresses and some driver’s license numbers.

On top of that, hackers were able to access credit card numbers belonging to more than 200,000 U.S. consumers — along with “certain dispute documents” that contain personal identifying information for another 182,000 consumers.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do.” said Chairman and Chief Executive Officer, Richard F. Smith, in an online statement. “I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

How to find out if you were affected by the incident

Equifax has set up a specific website to help consumers find out if their information has been exposed. The company says it is also sending notices in the mail to consumers whose credit card numbers and/or dispute documents were exposed.

In addition to the website, Equifax is also offering consumers the option to sign up for credit file monitoring and identity theft protection — as part of its TrustedID Premier offering — which includes:

  • 3-bureau credit monitoring of Equifax, Experian and TransUnion credit reports;
  • Copies of Equifax credit reports;
  • the ability to lock and unlock Equifax credit reports;
  • identity theft insurance;
  • and internet scanning for Social Security numbers.

The offer is completely free to U.S. consumers for one year.

The dedicated website also provides more information on ways consumers can protect their personal information, as well as ways to contact the company, including a dedicated call center that’s open seven days a week from 7:00 a.m. to 1:00 a.m. ET. That number is 866-447-7559.

In the company statement, Smith also said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”

Read more: 7 ways to protect your money (even from your own bank)

How to protect yourself

With more and more data breaches occurring these days, it’s crucial that you take steps to protect your information from criminals. Whether though massive data breaches like this one or simple email or text scams, criminals are coming after you and your information whenever and however they can. And once they get the info they need, they can wreak havoc on your financial life.

The most effective way to protect yourself from identify theft is with a credit freeze.

A credit freeze allows you to seal your credit reports and use a personal identification number (PIN) that only you know and can use to temporarily “thaw” your credit when legitimate applications for credit and services need to be processed. The added layer of security means that thieves can’t establish new credit in your name even if they are able to obtain your personal information.

Freezing your credit files has no impact whatsoever on your existing lines of credit, such as credit cards. You can continue to use them as you regularly would even when your credit is frozen.

More ways to protect yourself  from common scams

As a general rule of thumb, if you receive an email you weren’t expecting, do not click on any links inside the email. Even if you are expecting an order confirmation or package to be delivered, do not click on any links in an email notification. Go to the company’s website directly to get any delivery or order information.

Here are some more tips to help you protect yourself from online scammers:

  • Be wary of unexpected emails containing links or attachments: If you receive an unexpected email claiming to be from your bank or other company that has your personal information, don't click on any of the links or attachments. It could be a scam. Instead, log in to your account separately to check for any new notices.
  • Call the company directly: If you aren't sure whether an email notice is legit, call the company directly about the information sent via email to find out if it is real and/or if there is any urgent information you should know about.
  • If you do end up on a website that asks for your personal information, make sure it is a secure website, which will have "https" at the beginning ("s" indicates secure).
  • Look out for grammar and spelling errors: Scam emails often contain typos and other errors — which is a big red flag that it probably didn't come from a legitimate source.
  • Never respond to a text message from a number you don't recognize: This could also make any information stored in your phone vulnerable to hackers. Do some research to find out who and where the text came from.
  • Don't call back unknown numbers: If you get a missed call on your cell phone from a number you don't recognize, don't call it back. Here's what you need to know about this phone scam.

Warning: This scam gives hackers access to all of your accounts