Equifax Exposed 143M People’s Data, Makes Infuriating Offer to Avoid Paying

The offices of consumer credit reporting agency Equifax Inc., are seen, in Atlanta, GA. AP Photo/Mike Stewart
The offices of consumer credit reporting agency Equifax Inc., are seen, in Atlanta, GA. AP Photo/Mike Stewart
Some of the links in this post are from our sponsors. We provide you with accurate, reliable information. Learn more about how we make money and select our advertising partners.

Update: Equifax has made several clarifications since announcing its security breach last week. This post was updated on Sept. 13, 2017, to reflect those changes.

Credit reporting bureau Equifax announced Thursday that approximately 143 million American consumers may be impacted by a cybersecurity breach.

Here’s what information got exposed: names, Social Security numbers, birthdates, addresses and some driver’s license numbers.

Another unlucky 209,000 or so people had their credit card numbers exposed. And 182,000 unlucky people had their dispute documents exposed.

U.K. and Canadian consumers may be affected as well, although Equifax doesn’t yet have details.

“Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company said in a statement.

Equifax has determined that breaches occurred between May and July 2017, although it says it “has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”

Equifax learned of the breach on July 29.

What Equifax Is Doing to Save Face

Equifax plans to send notifications by mail to consumers whose credit card numbers or dispute documents were exposed.

Its dedicated website for this security breach invites you to input your last name and the last six digits of your Social Security number to learn if you were affected.

The bureau is offering its TrustedID Premier credit and identity theft monitoring to those whose information was compromised, complimentary for one year. Equifax will not automatically renew or charge for that service after the complimentary year, per an Equifax update on Sept. 11.

Equifax has also waived fees through Nov. 21 for customers who have asked to freeze their credit for 30 days.

Here’s the Bigger Problem(s), Though

Consumers should be aware of a few extra issues related to this security breach.

1. Entering your name and Social Security number may not give you answers yet. Some Penny Hoarder staffers tried inputting their information last week only to be told to come back to the Equifax website on Sept. 11.

Only customers whose credit card numbers or dispute documents were exposed will receive notices of the breach by mail.

2. Read the terms of use before you enter your info to see if you are impacted.

The Equifax website asks for your last name and the last six digits of your Social Security number. It then asks you to click a CAPTCHA box before submitting your info.

But tucked at the very bottom of the site — nowhere near that info box — was a terms-of-use link that initially said enrolling in the complimentary credit-monitoring service waived your right to be a part of a class-action suit against Equifax.

“When I tried it out, it said I wasn’t impacted and then automatically enrolled me in a free credit monitoring service,” staff writer Lisa McGreevy said when we first posted about this issue last week. “I later discovered the terms of service at this link says if you agree to accept credit monitoring, you waive the right to sue Equifax.”

Outrage in the hours following the announcement of the breach led Equifax to adjust the terms of use on Sept. 8 to specify that the arbitration clause and class-action waiver included in the terms of use didn’t apply to victims of this breach.

A proposed class-action suit seeking a potential $70 billion nationally in damages was filed in Oregon on Sept. 7, Bloomberg reports.

3. Did we mention the shady executives?

CNBC reports that three Equifax executives sold some of their stock shares in early August, although Equifax told CNBC in a statement that those executives didn’t have any knowledge of the breach.

What to Do if You Don’t Trust Equifax Right Now

Want to figure out if your credit or identity is at risk, without turning to Equifax?

Check your credit on a free app like CreditWise® from Capital One®. You’ll get a free TransUnion credit report, which you can review for signs of error, theft or fraud. You’ll also get personalized suggestions to help improve your credit score.

Your information is protected with 256-bit Transport Layer Security (TLS), which helps ensure that sensitive information can only be viewed by you and Capital One’s secure systems.

Then, keep a close eye on your bank and credit account statements, email and mailbox. Staying vigilant can help you catch potential issues sooner rather than later.

Lisa Rowan is a writer and producer at The Penny Hoarder.

Advertiser Disclosure:  Capital One compensates us when you enroll in CreditWise using the links we provided above.