Credit rating company Equifax, revealed today that its databases had been hacked. Here’s what we know — and what you can do to protect yourself.
What happened?
According to Equifax, which released a statement today, the company’s database was breached through a vulnerability on its website, exposing the personal information of an estimated 143 million people, including some in the UK and Canada.
The company thinks the hack happened some time between mid-May and the end of July, but has only now announced the breach. That’s all we know.
When did Equifax find out about the hack?
Equifax learned about the hack on July 29, according to an FAQ. September 7, however, was the first day the company publicly announced the hack.
What information was accessed?
By exploiting Equifax website’s vulnerability, the hackers were able to acquire names, social security numbers, birth dates, home addresses and some drivers’ license information.
In addition, credit card numbers for an estimated 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed, according to the company.
If you were one of the fewer people whose credit card numbers or dispute documents were exposed, you’ll receive postal mail letting you know you were affected. Otherwise, you’ll need to use Equifax’s website to find out if your data was exposed.
How can I find out if I was affected?
Equifax has set up its own program to help people find out if they were one of the millions affected in the hack. The program isn’t exactly straightforward, however — it requires a multi-step process that takes place over the course of at least one week. Here’s an overview of the process:
Step 1: Head to this enrollment page and click “Begin enrollment.” Enter your last name and last six digits of your social security number and head to the next page. Several reporters at CNET have attempted this process and received two different results:
- Equifax will provide you with an enrollment date for credit monitoring.
- Equifax will let you know you were not impacted.
CNET has reached out to Equifax to find out if receiving an enrollment date implies that you were affected, but as of now, it’s unclear.
Step 2: If you received an enrollment date, write it down. Seriously, on paper (or, you know, Google Calendar). Equifax does not ask for your email address, so it won’t remind you of your enrollment date.
Step 3: On (or after) your enrollment date, head to this page to continue the enrollment process. You have to complete the enrollment process by November 21.
If you think the above process is opaque and a bit confusing, you’re not alone. Several CNETers were left uncertain if they were hacked, since Equifax doesn’t confirm that you were hacked. These steps, however, are your best protection against the breach right now.
What exactly am I enrolling in?
According to Equifax, those affected are enrolling in a free, one-year subscription TrustedID, which is an identity protection company owned and operated by Equifax. According to this page, the service normally costs $27.99 per month for a family plan.
Once you’re enrolled, TrustedID will:
- Provide copies of your Equifax credit report
- Let you “lock” your Equifax credit report
- Provide three-bureau credit monitoring of your Equifax, Experian and TransUnion credit reports
- Provide internet scanning for your Social Security number
- Include identity theft insurance
Once we have some hands-on time with Trusted ID, we’ll update this story with more about how to use it.
Editor’s note: This story continues to be updated.
