NEW YORK — A day after credit-reporting company Equifax disclosed that “criminals” had stolen vital data about 143 million Americans, it had somehow managed to leave much of the public in the dark about their exposure, how they should protect themselves and what Equifax planned to do for those affected.
The breach is unquestionably serious. It exposed crucial pieces of personal data that criminals could use to commit identity theft, from Social Security numbers and birthdates to address histories and legal names.
That data — the “crown jewels of personal information,” in the words of independent credit analyst John Ulzheimer — can’t be changed, and once it’s in circulation, it’s basically out there forever.
But Equifax’s response has satisfied almost no one.
Unhappiness everywhere
Consumers complained of jammed phone lines and uninformed representatives. An Equifax website set up to help people determine their exposure looked like a scam to some, and provided inconsistent and unhelpful information to others. Congress planned hearings.
Anders Ohlsson, a 47-year-old technical manager in Scotts Valley, California, called a hotline multiple times and was disconnected; entered the last six digits of his Social Security number into Equifax’s emergency website; and finally spoke with a call center manager. He still doesn’t know whether his information has been compromised.
“I don’t think I’ve gotten hold of a person that actually cares,” he said. “Now they’re fumbling to tell people what’s going on. But they really don’t know what’s going on.”
Equifax plays a key role in the financial industry, making this breach more alarming than previous ones at Yahoo or retailers. The company is a storehouse of personal information, like how much people owe on their houses and whether they have court judgments against them.
Lenders rely on the information collected by three big credit bureaus — Equifax, TransUnion and Experian — to help them decide on financing for homes, cars and credit cards. Credit checks are sometimes done by employers when deciding whom to hire for a job.
What you can do
Even if you don’t know if you’re one of the 143 million, you might want to consider extreme protective measures.
Your strongest immediate option involves placing a credit freeze on their files with the major credit bureaus. That locks down your information, making it impossible for outsiders to open new accounts and bank cards in your name. But it also blocks you from opening new accounts, and might involve fees depending on the state you live in.
“The credit freeze is the nuclear option of credit protection,” said Matt Schulz, an analyst with CreditCards.com. “But in the wake of a breach this big, it’s worth considering.”
You should also be more diligent about checking your credit reports, where you can see if anyone has opened unauthorized accounts in your name . You can get those files for free once a year from the three major bureaus; use the official site, annualcreditreport.com .
It’s best to spread those requests out by getting one every four months. And you’ll need to be ready to keep checking for a while — potentially years.
“Bad guys can be very patient with data,” Schulz said.
If you’re not ready for the freeze, Ulzheimer recommends setting up fraud alerts on your files. These force creditors to contact you directly, usually by phone, for approval before approving an account.
And if you’ve been a victim of repeated identity fraud, you can request a new Social Security number with the Social Security Administration.
In addition to the emergency Equifax website, https://www.equifaxsecurity2017.com/, you can also call 866-447-7559 for information. The company also says it will send mail to all who had personally identifiable information stolen.