Recommended actions following Equifax breach
Equifax, one of three nationwide credit-reporting companies, recently announced a data breach affecting as many as 143 million Americans.
According to CNN: "Cyber criminals have accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses. Additionally, Equifax said that credit card numbers for about 209,000 people were exposed, as was 'personal identifying information' on roughly 182,000 customers involved in credit report disputes."
What you can do
U-M’s Information Assurance recommends that you:
- Turn on two-factor for Weblogin and for personal accounts. Use two-factor wherever you have the option to do so. Two-factor protects your most valuable accounts, including email, social media, and financial. See Turn On Two-Factor for Weblogin and Two-Factor for Your Personal Accounts.
- Keep clean machines. Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
- Monitor activity on your financial and credit card accounts. Check your online statements regularly and often. If appropriate, implement a fraud alert or credit freeze with one of the three credit bureaus; this is free and may be included if credit monitoring is provided post breach. For more information, visit the Federal Trade Commission website identitytheft.gov and annualcreditreport.com.
- When in doubt, delete or ignore. Scammers and others have been known to use data breaches and other incidents to send emails and posts related to the incident to lure people into providing sensitive information. Delete any suspicious emails or posts, and get information only from legitimate sources.
The Information Assurance Office offers the following information, but leaves it to the individual whether they want to follow the steps below. Be aware that by signing up on Equifax’s help site, you risk giving up legal rights to sign up for a class action lawsuit or take individual action.
Equifax has created a website where you can check to see if you are affected. Visit the site, click the “Check Potential Impact” button, and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
Next, you will be provided an opportunity to enroll in TrustedID Premier, an identity theft protection service, and provided an enrollment date. Make sure to put this date into your calendar as you will not be reminded of the date.
See the references below for additional information about the breach and dealing with identity theft.
- Equifax Says Cyberattack May Have Affected 143 Million Customers (The New York Times, 9/7/17)
- Equifax Announces Cybersecurity Incident Involving Consumer Information (Equifax, 9/7/17)
- The Equifax Data Breach: What to Do (Federal Trade Commission, 9/8/17)
- What to do now if you’re among 143 million Americans affected by Equifax data breach (MarketWatch, 9/8/17)
- Equifax Breach Response Turns Dumpster Fire (Krebs on Security, 9/8/17)
- By signing up on Equifax’s help site, you risk giving up your legal rights (The Washington Post, 9/8/17)
- Equifax breach: Criticism from lawmakers, what people can do (ABC News, 9/8/17)
- What I'm doing about the Equifax Breach (Institute for Advanced Study, 9/8/17)
- National Cyber Security Alliance Responds to Equifax Breach (National Cyber Security Alliance, 9/8/17)
- Identity Theft (Safe Computing)