The recently announced Equifax hack was one of the worst in recent memory, for its size and the scope of personal data made vulnerable. Because of that, Equifax itself and other organizations are looking to help people mitigate any damage done. First, though, you need to find out if you were affected or not.
How to find out if you were a victim of the Equifax hack
The best way to find out if you were affected by the hack is to use Equifax’s “Potential Impact” tool. Available directly from Equifax’s own site, it asks you to input your last name and the last six digits of your social security number.
While you might not feel too comfortable handing over that information to Equifax considering so much personal information was stolen, bear in mind that if you have used Equifax in the past, it already has that information on you.
Some have pointed out that the tool does appear to work better at some times rather than others. However, for now it’s still the best way to check whether you may have been affected. The best advice we can give is to double check — if it says you aren’t at risk, check again using your phone or another device to make sure.
Step 1 – Go to the Potential Impact tool page and click the “Check Potential Impact” button.
Step 2 – Input your last name and the last six digits of your social security number and complete the reCaptcha check.
Step 3 – The resulting screen will then tell you whether you were or were not likely to have been affected. Unfortunately, in our case, it looks like we were.
Equifax offers free identity theft monitoring
As you can see in the screenshot above, Equifax is offering any of its customers (whether affected or not) free identity protection for a year under the TrustedID Premier platform. You’ll be offered this after you complete the steps to check whether you’re a victim.
TrustedID Premier offers active credit monitoring at three major agencies — Equifax, Experian and TransUnion — social security number monitoring, and identity protection insurance for up to a million dollars.
Initially, the terms and conditions of the service suggested that those who enroll might waive their right to sue over the cybersecurity breach, either individually or as a class. However, Equifax has updated its website to clarify that the arbitration clause found in the service’s terms will only apply to the TrustedID protection itself, not prior issues, including the hack.
Travis Mills, President of identity theft recovery service LibertyID, told Digital Trends that those who’ve suffered stolen data shouldn’t count on the service as the sole means of protection. “Their credit monitoring is not going to make a difference or provide a solution,” he told us. “You can’t be protected against data breaches, as yesterday proved.”
Further, he pointed out that “credit card fraud is just a fraction of the effect that ID theft can have on your life. The information that was lost in this Equifax breach is far and beyond just credit fraud.”
If you want to enroll in the protection offer, you can learn more about it on the Equifax page. Once signed up, you’ll be given an enrollment date for when your protection will officially begin.
Equifax waves fees on credit freeze
KrebsOnSecurity, a security journalist, is recommending you freeze your credit files. While that will make it more complicated when you need to sign up for a new credit card, car finance, or any instance where your credit must be checked, it also becomes a pain in the neck for anyone looking to use your identity to take out loans in your name. A credit freeze will bar anyone from opening a new line of credit in your name, unless they know a PIN number you specify.
You will need to put the freeze on with each of the major credit report companies — Equifax, Experian, Innovis and TransUnion — but it is a solid preventative step to stop the Equifax hack from affecting you too heavily.
Typically a credit freeze does require a small fee to complete. However, under pressure following the data breach, Equifax has removed those costs for 30 days.
For more information on credit freezing, check out Krebs’ FAQ on the matter.
What else can you do?
If you, like us, were affected by this hack and, your personal information was possibly accessed, there are a couple of options you have and some general advice that’s worth taking.
For starters, maintaining a keen eye on your personal information, finances, and credit reports — here’s how to check them — in the near future will help stop any identity fraud in its tracks. Although that’s a good idea in general, doing so now is more important than ever. You can request free credit reports from all of the major organizations in one place using AnnualCreditReports‘ online system.
As well as keeping an eye on this story as it evolves, and monitoring your own financial statements and credit reports, you should use good security practices and have unique passwords and login information for all online services. If you are ever concerned that some of your details have been compromised in other hacks, the HaveIBeenPwned website is a great resource to find out.
Don’t forget to keep yourself safe from ransomware too. For tips on how, check out our handy guide.
Updated on 09-12-2017 by Jon Martindale: added new information on credit freeze costs and data compromise ambiguity.
