Latest News

Equifax Security Breach: How to Check if You Were Affected

Equifax Security Breach: How to Check if You Were Affected

By Simon Hung

On September 7, 2017, credit bureau Equifax alerted the public to a security breach on July 29 that resulted in the unauthorized access of personal information in their customer database including names, Social Security numbers, birth dates, addresses and driver’s license numbers.

The breach -- which Equifax calls a "cybersecurity incident" -- has been contained, but potentially puts millions of customers at risk of identity theft, as Equifax has stated that upwards of 143 million American customers and an undisclosed amount of residents in Canada and the United Kingdom were affected by the incident.

Equifax Canada has yet to issue an official statement and have directed Canadian customers to the dedicated website created to provide information about the breach -- www.equifaxsecurity2017.com. The website states that Equifax is currently working with Canadian regulators to identify the appropriate next steps, so there may not be more information until that process is complete.

While the number of affected Canadians may be minimal, we recommend checking to see if your information was potentially stolen, especially if you’re an American living in Canada or have used Equifax to obtain a credit report in the past. Here’s how to check if your personal information may have been accessed.

  • Go to the Potential Impact tool on the Equifax Security website and click “Check Potential Impact”
  • Enter your last name and last six digits of your Social Security Number
  • Check the CAPTCHA box and click Continue

The tool will tell you if you may have been affected by the security breach based on the information you provide.

Regardless of the result, the company is offering all customers one year of their TrustedID Premier service for free as a gesture of goodwill, but be aware that you may risk waiving some legal rights if you enroll in the service.

39 Comments

    • http://money.cnn.com/2017/09/07/technol ... index.html

      Giant Equifax data breach: 143 million people could be affected

      by Sara Ashley O'Brien @saraashleyo
      September 7, 2017: 6:03 PM ET

      Equifax says a giant cybersecurity breach compromised the personal information of as many as 143 million Americans — almost half the country.

      Cyber criminals have accessed sensitive information -- including names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses.

      Additionally, Equifax said that credit card numbers for about 209,000 U.S. customers were exposed, as was "personal identifying information" on roughly 182,000 U.S. customers involved in credit report disputes. Residents in the U.K. and Canada were also impacted.

      The breach occurred between mid-May and July, Equifax said. The company said it discovered the hack on July 29.

      "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said Equifax chairman and CEO Richard F. Smith.

      Equifax is one of three nationwide credit-reporting companies that track and rates the financial history of U.S. consumers. The companies are supplied with data about loans, loan payments and credit cards, as well as information on everything from child support payments, credit limits, missed rent and utilities payments, addresses and employer history, which all factor into credit scores.

      Unlike other data breaches, not all of the people affected by the Equifax breach may be aware that they're customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.

      Consumers can check to see if they've potentially been impacted by submitting their last name and the last six digits of their social security number. Those affected will be given a date to enroll in free identity theft protection and credit file monitoring services.

      Equifax is also mailing notices to people whose credit cards or dispute documents were affected.

      "This is reason Number 10,000 to check your online bank statements and credit card statements on a regular basis, ideally weekly," said Matt Schulz, senior industry analyst at CreditCards.com. "Bad guys can be very patient, so it's important to keep an eye out long after this story fades from the headlines."
    • Report Post
    • I tried with my ssn. Got enrollment date of 9/14 with a link to start the process
    • Report Post
    • I wish journalists' would educate themselves on facts before they go ahead with an article.
      Employment history, address, support payments and rent payments have nothing to do with credit scores.
    • Report Post
    • No evidence that the core consumer reporting database was accessed.
      Sounds like only data that was stolen are people who have open disputes back when the incident occurred.
    • Report Post
    • coolintheshade wrote:
      Sep 7th, 2017 7:00 pm
      I wish journalists' would educate themselves on facts before they go ahead with an article.
      Employment history, address, support payments and rent payments have nothing to do with credit scores.
      The writer only got one minor detail wrong...

      That info may not directly impact credit score, but it's definitely part of your credit report and was part of the leaked data.
    • Report Post
    • superfresh89 wrote:
      Sep 7th, 2017 7:13 pm
      The writer only got one minor detail wrong...

      That info may not directly impact credit score, but it's definitely part of your credit report and was part of the leaked data.
      I've never heard of support payments or rent payments being reported on a credit bureau.
      If they've gone delinquent maybe, but that's about it.
    • Report Post
    • coolintheshade wrote:
      Sep 7th, 2017 7:16 pm
      I've never heard of support payments or rent payments being reported on a credit bureau.
      If they've gone delinquent maybe, but that's about it.
      The article says "missed rent". Court-ordered support payments do indeed appear on CB reports - it's also factored into TDSR for lenders.
    • Report Post
    • coolintheshade wrote:
      Sep 7th, 2017 7:04 pm
      No evidence that the core consumer reporting database was accessed.
      Sounds like only data that was stolen are people who have open disputes back when the incident occurred.
      the Equifax statements sound more ominous?

      "Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

      The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed."
    • Report Post
    • The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
      Sure, core credit information is not impacted, but that's not important. I actually don't mind people knowing my credit history. What's important is people's personal information that can be used for identity theft.

      In other words, a total fxxk up. And in this case, it's not Home Depot or some merchant, it's Equifax itself who is supposed to be the safest.

      And they say only limited information were accessed for Canadians. They probably meant the same thing - personal info only, no credit info, and they call this "limited".
    • Report Post
    • Oh cripes. I can just imagine the lawsuits in the US...
    • Report Post
    • This is basic security principles here. You don't store personal information in a way that it can be accessed from a publicly accessible web application. There's ZERO reason for this. Completed inexcusable.
    • Report Post
    • I was affected by the HD breach and they offered me free Equifax monitoring and now I may be affected by another breach.
      Is Equifax going to offer me TransUnion monitoring services?
    • Report Post
    • My guess is that it was hacked probably due to one incompetent employee fell for the phishing scam. We just went through some training at our company it was scary to see how sophisticated these phishing emails can be nowadays, even with targeted emails based on your social media behaviors. The other day, I saw the news University in Edmonton lost $11M due to some phishing email due to some human error, and not because some computer genius hacked through some firewall
    • Report Post
    • 3 senior executives sold $1.8M Equifax stock shortly after the company discovered the breach. What a coincidence.
    • Report Post
    • Sauerkraut wrote:
      Sep 7th, 2017 9:24 pm
      3 senior executives sold $1.8M Equifax stock shortly after the company discovered the breach. What a coincidence.
      Just like all the oil executives sold their $1+ million dollar homes in Calgary in the months leading up to the oil crash. Total fluke, surely. Completely.
    • Report Post
    • I got the date of Sep 14 after which I can start the enrollment process for identity and credit monitoring service.
    • Report Post
    • I think the hack was through website mint.com which gives Equifax free credit score
    • Report Post
    • unodos wrote:
      Sep 7th, 2017 9:38 pm
      I think the hack was through website mint.com which gives Equifax free credit score

      What is the reason for that belief? I'd be happy if it's true because I've always avoided mint, but I wonder how you arrived at that belief?
    • Report Post
    • So... do I report this breach to Equifax, or to Transunion 😁
    • Report Post
    • Sauerkraut wrote:
      Sep 7th, 2017 9:24 pm
      3 senior executives sold $1.8M Equifax stock shortly after the company discovered the breach. What a coincidence.
      Total proof that this credit reporting/monitoring is a complete sham. I hope there will be a class action and everyone will sign up for it. I am fed up of having to spend days trying to get information corrected and it looks like the hackers are the only ones able to get things done around there.

      Anyone thinking of signing up for free credit reporting in-light of what has happened should read through any agreement to ensure that your rights to sue, or to participate in a class action are not restricted or disallowed because you have agreed to sign up for the free credit monitoring service. I hope the SEC in the US is looking into what these 3 clowns above had done and shouldn't be allowed to profit from this,
    • Report Post
    • How are the shares not plummeting?

      And RIP our personal info
    • Report Post
    • I find it amazing they created a new domain for this. I would be very reluctant to go to that site directly (because it's not equifax.com), and shouldn't it have been security2017.equifax.com or something, so we'd have some level of assurance it's not a scam? How hard would it be to create a new site with one of the words spelled wrong, or 2018, and suck people in?

      =aw
    • Report Post
    • romeocanada wrote:
      Sep 7th, 2017 6:55 pm
      I tried with my ssn. Got enrollment date of 9/14 with a link to start the process
      Holystone wrote:
      Sep 7th, 2017 9:36 pm
      I got the date of Sep 14 after which I can start the enrollment process for identity and credit monitoring service.
      I didn't read the fine print personally but someone on Engadget said:

      1. If you decide to sign up for the TrustID thing, you will no longer be able to sue or be part of a class action lawsuit against Equifax. Read the fine print people.
    • Report Post
    • NoCountry4RFDer wrote:
      Sep 8th, 2017 3:15 am
      I didn't read the fine print personally but someone on Engadget said:
      You can still sue. It would be up to the court to decide whether the fine print is worth the pixels it's displayed on.
    • Report Post
    • So do we get that TrustedID Premier thing in Canada or not?
    • Report Post
    • I know that Equifax has accumulated private personal information about me, which they now may have exposed publicly. I've never dealt with Equifax in any way, nor given them permission directly or indirectly to accumulate that information. Sounds like grounds for a class-action lawsuit to me.
    • Report Post
    • 513263337 wrote:
      Sep 7th, 2017 7:40 pm
      Sure, core credit information is not impacted, but that's not important. I actually don't mind people knowing my credit history. What's important is people's personal information that can be used for identity theft.

      In other words, a total fxxk up. And in this case, it's not Home Depot or some merchant, it's Equifax itself who is supposed to be the safest.

      And they say only limited information were accessed for Canadians. They probably meant the same thing - personal info only, no credit info, and they call this "limited".
      Yes, I agree, what was actually accessed sounds much worse. But I think there is a distinction here for Equifax - if you were a paying customer, and that exposed you to the hack, then you're likely to seek recourse on the money you paid to Equifax for, ironically, credit fraud monitoring.

      If you were impacted because they hold your data, like they hold everyone else's, it's hard (or atleast, harder) for a paying customer to argue why they should get some of their money back. Those consumers wouldn't get any more than the impacted general public.
    • Report Post
    • Faith24 wrote:
      Sep 8th, 2017 8:36 am
      I know that Equifax has accumulated private personal information about me, which they now may have exposed publicly. I've never dealt with Equifax in any way, nor given them permission directly or indirectly to accumulate that information. Sounds like grounds for a class-action lawsuit to me.
      I think you agree to them having your data every time you sign up for a credit card, a bank account, or a postpaid phone plan. Not keeping that data safely on the other hand...
    • Report Post
    • Just posting the story related to something someone said earlier:

      https://www.cnbc.com/2017/09/07/equifax ... reach.html

      Three Equifax executives sold $2 million worth of shares days after cyberattack
      Three Equifax executives sold shares worth nearly $2 million in the company days after a data breach was discovered, according to filings to the SEC
      The company said the trio "had no knowledge that an intrusion had occurred at the time they sold their shares"

      Three executives of Equifax sold shares worth nearly $2 million in the company days after a data breach was found to affect 143 million consumers in the United States, filings to the Securities and Exchange Commission showed.

      The fillings showed that the trio – Chief Financial Officer John Gamble Jr., workforce solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran – offloaded the shares on August 1 and August 2.

      Equifax said on Thursday it discovered a data breach on July 29. The credit reporting firm said the exposed data included names, birth dates, Social Security numbers, addresses and some driver's licence numbers.

      The company added that 209,000 U.S. credit card numbers were obtained, in addition to "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."

      Equifax acknowledged in a statement that the three executives sold a "small percentage" of their shares, but that they "had no knowledge that an intrusion had occurred at the time they sold their shares."

      The SEC declined to comment on the share sales.

      — CNBC's Mike Calia contributed to this report.
    • Report Post
    • Ash20 wrote:
      Sep 8th, 2017 8:42 am
      I think you agree to them having your data every time you sign up for a credit card, a bank account, or a postpaid phone plan. Not keeping that data safely on the other hand...
      No, I agree to the bank having my data. I'm sure that their agreement says in there somewhere that they can share the data with authorized third parties (meaning the credit reporting agencies), but then it's their responsibility to ensure that those third parties are secure, not mine.
    • Report Post
    • Faith24 wrote:
      Sep 8th, 2017 8:36 am
      I know that Equifax has accumulated private personal information about me, which they now may have exposed publicly. I've never dealt with Equifax in any way, nor given them permission directly or indirectly to accumulate that information. Sounds like grounds for a class-action lawsuit to me.
      Have fun with your identity potentially being stolen and receiving free credit monitoring from the same company that lost your data in the first place + a $3 check in 2 years for your troubles
    • Report Post
    • They "don't believe my personal information was accessed" (plugged in my last name & #) but still gave a monitoring enrollment date of next week for me, so small win, I guess?

      Credit bureaus must have massive piles of personal info that can be used for identity theft, so I hope this prompts security upgrades... in Canada too.
    • Report Post
    • unodos wrote:
      Sep 7th, 2017 9:38 pm
      I think the hack was through website mint.com which gives Equifax free credit score
      Very unlikely...

      1. This wasn't individual accounts hacked, it was an attack on the source. Anyone capable of hacking mint's servers would be wasting their efforts since they could have used the same attack on a bank itself and gained full read-write access.
      2. Equifax says they got access to personal information but NOT the "credit reporting database". If they got information from mint, they would have had the credit report info.
      3. This also affects some Canadians. The mint credit score service doesn't support Canadians.
    • Report Post
    • jfall wrote:
      Sep 8th, 2017 8:54 am
      Have fun with your identity potentially being stolen and receiving free credit monitoring from the same company that lost your data in the first place + a $3 check in 2 years for your troubles
      Hey, I've received a couple of hundred dollars in the last few years from class action lawsuits for things like price fixing on memory, LCD panels, and fridge compressors. Where do I sign up?

      The challenge here will likely be to place a monetary value on personal information, something we still have difficulty with.
    • Report Post
    • So where do I sign up for the class action? I'm usually not keen on suing but I really really hate the credit bureaus, their unchecked powers and their terrible customer service. For Hackers this is one of the "grails" for Personal information.
    • Report Post