Why is the Equifax Breach So Serious?

In the 21st century, data breaches are a fact of life. Shortly after the massive Equifax breach made headlines, Yahoo announced that all of its 3 billion accounts had been hacked back in 2013. That dwarfs the 145 million consumer records exposed at Equifax. In fact, before the Yahoo announcement, Equifax only ranked as the 6th largest data breach ever. So why has it generated so much attention? The Equifax breach has some unique aspects, and they highlight why you need to be prepared for identity theft.

TMI (Too Much Information)

The most dangerous aspect of the Equifax breach is the amount of information that was exposed. When thieves steal credit card numbers and related information, as happened in the 2013 Target data breach, they can commit financial fraud. That breach was serious enough that Target paid $18.5 million in May 2017 to settle multiple state investigations. But the Equifax breach exposed far more information, including Social Security numbers (SSNs), addresses, account and credit card numbers, and even some driver license numbers. That’s enough information for thieves to take over someone’s financial identity and their medical identity, government benefits, and legal identity (for example, using a stolen identity in committing a crime).

Captive to Credit Bureaus

The other unusual aspect of the Equifax breach is that it involved a credit bureau. When we do business with a company, we often trust them with some of our personal information in return for goods and services. When you give personal information to a healthcare provider, there are strict laws about how they protect it and how they have to notify you if it is exposed. If your credit card information is stolen, there are regulations established in the financial services industry that protect you. But you don’t have a choice whether to deal with credit bureaus, what personal information they gather on you, or how they protect it. After the Equifax breach, New York Times financial columnist Ron Lieber described the tone of letters he received from readers:  “It was a sense of helplessness, the recognition that we are at the mercy of an industry that makes money off our data. . . and answers to no one.”

Take Charge of Your Security

As serious as the Equifax data breach is, you are not helpless. There are numerous steps you can take to protect yourself in the years ahead, as the Equifax data is used by criminals, as new data breaches happen (and they will), and as old breaches like the Yahoo breach resurface.

• Set a credit freeze and/or fraud alert if you haven’t already. That will at least protect you from some kinds of financial fraud.
• Be vigilant for any sign of identity theft such as a medical explanation of benefits for a service you didn’t have or an odd-looking email from your bank or the IRS asking for information they should already have.
• File your tax returns promptly so you don’t have to deal with the hassle of a thief claiming your refund.
• Plan for recovery if your identity is stolen: expert help can you save hundreds of hours of effort and months or years of stress.

Finally, speak up! It’s OK to ask businesses how they will protect your personal information before you hand it over, and to decline to supply your SSN when it’s not required. And if you want better standards for privacy protection, contact your Congressional representatives. As a Vox columnist said recently, “Our digital identities are extensions of ourselves, and we have a right to know if we are physically and financially secure.”