Equifax, one of the three major credit bureaus in the United States, recently reported a security breach that compromised 143 million Americans. The breach, which actually occurred roughly six weeks ago, has released sensitive information such as social security numbers and birth dates for all those affected, and other sensitive information such as driver’s license numbers and credit card information for hundreds of thousands more Americans. This information has not been made publicly available but has been kept secret on the dark web, waiting to be sold to the highest bidder.
In a good faith effort to recover from the situation, Equifax has put up a website (www.equifaxsecurity2017.com), where you can enter your own information (last name and last 6 digits of SSN) to check if your information was included in the security breach. After this screen, you can enroll in a service that Equifax has set up to protect your information from identity theft. This service was created to monitor and listen for any of the information released in the breach being used in any malicious fashion.
It should be noted that when signing up to this service, you have to agree to a Terms of Service, which prohibits you from participating in a class action lawsuit against Equifax:
This arbitration will be conducted as an individual arbitration. Neither You nor We consent or agree to any arbitration on a class or representative basis, and the arbitrator shall have no authority to proceed with arbitration on a class or representative basis. No arbitration will be consolidated with any other arbitration proceeding without the consent of all parties. This class action waiver provision applies to and includes any Claims made and remedies sought as part of any class action, private attorney general action, or other representative action. By consenting to submit Your Claims to arbitration, You will be forfeiting Your right to bring or participate in any class action (whether as a named plaintiff or a class member) or to share in any class action awards, including class claims where a class has not yet been certified, even if the facts and circumstances upon which the Claims are based already occurred or existed.
Impacted individuals have a few options for responding to the incident:
1.) Check if your information was compromised by visiting equifaxsecurity2017.com. If it was, you can elect to enroll in Equifax’s free identity theft protection, referred to as “TrustedID” Premier, and opt-out of the class action lawsuit.
2.) Freeze your credit so that nobody can abuse the sensitive information that was just released. Freezing your credit would block any potential creditors from being able to view or “pull” your credit file. This would prevent anybody (including yourself) from taking out a line of credit in your name. More information on freezing your credit can be found here: https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
3.) Enroll in another identity theft protection service if you have doubts that Equifax is capable of protecting your information a second time, you can enroll in one of the many other paid-for identify theft protection services.
4.) Do nothing in regards to credit or identity monitoring, but go about your life with a higher sense of security awareness. This would entail checking your bank/credit card statements on a more routine basis and investigating any unrecognized transactions.
On May 8th, 2018 GraVoc’s Nate Gravel and Michael Kannan will be presenting at the Great New England Credit Union Show taking place at DCU Center in Worcester.read more
The Internal Revenue Service is warning taxpayers of an unusual phishing scheme that is going around this tax season. Using stolen data obtained by tax professionals, criminals are filing fraudulent tax returns and depositing them into actual taxpayers’ bank accounts.read more
The United States Securities and Exchange Commission (SEC) has revised and released cybersecurity guidance for publicly traded companies.read more