Equifax, one of the three major credit bureaus in the United States, recently reported a security breach that compromised 143 million Americans. The breach, which actually occurred roughly six weeks ago, has released sensitive information such as social security numbers and birth dates for all those affected, and other sensitive information such as driver’s license numbers and credit card information for hundreds of thousands more Americans. This information has not been made publicly available but has been kept secret on the dark web, waiting to be sold to the highest bidder.
In a good faith effort to recover from the situation, Equifax has put up a website (www.equifaxsecurity2017.com), where you can enter your own information (last name and last 6 digits of SSN) to check if your information was included in the security breach. After this screen, you can enroll in a service that Equifax has set up to protect your information from identity theft. This service was created to monitor and listen for any of the information released in the breach being used in any malicious fashion.
It should be noted that when signing up to this service, you have to agree to a Terms of Service, which prohibits you from participating in a class action lawsuit against Equifax:
This arbitration will be conducted as an individual arbitration. Neither You nor We consent or agree to any arbitration on a class or representative basis, and the arbitrator shall have no authority to proceed with arbitration on a class or representative basis. No arbitration will be consolidated with any other arbitration proceeding without the consent of all parties. This class action waiver provision applies to and includes any Claims made and remedies sought as part of any class action, private attorney general action, or other representative action. By consenting to submit Your Claims to arbitration, You will be forfeiting Your right to bring or participate in any class action (whether as a named plaintiff or a class member) or to share in any class action awards, including class claims where a class has not yet been certified, even if the facts and circumstances upon which the Claims are based already occurred or existed.
Impacted individuals have a few options for responding to the incident:
1.) Check if your information was compromised by visiting equifaxsecurity2017.com. If it was, you can elect to enroll in Equifax’s free identity theft protection, referred to as “TrustedID” Premier, and opt-out of the class action lawsuit.
2.) Freeze your credit so that nobody can abuse the sensitive information that was just released. Freezing your credit would block any potential creditors from being able to view or “pull” your credit file. This would prevent anybody (including yourself) from taking out a line of credit in your name. More information on freezing your credit can be found here: https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
3.) Enroll in another identity theft protection service if you have doubts that Equifax is capable of protecting your information a second time, you can enroll in one of the many other paid-for identify theft protection services.
4.) Do nothing in regards to credit or identity monitoring, but go about your life with a higher sense of security awareness. This would entail checking your bank/credit card statements on a more routine basis and investigating any unrecognized transactions.
In this blog post, we provide five cybersecurity awareness tips for employees to help them practice better cyber hygiene and defend sensitive data.
Click here to access KnowBe4’s FREE Resource Kit containing resources to share with employees throughout Cybersecurity Awareness Month!
We explore the top 3 red flags of phishing that businesses & employees should be aware of in order to recognize & mitigate a threat.