Equifax Announces Cybersecurity Incident Involving Consumer Information

At Equifax, protecting the security of the information in our possession is a responsibility we take very seriously. This is to notify you of a data security incident that may have exposed some of your personal information, including your Social Security number and other identifying information. This site explains the incident and steps Equifax has undertaken to address it. In addition, we provide guidance below on what you can do to protect your personal information.

I. What Happened

On July 29, 2017, Equifax discovered that criminals exploited a U.S. website application vulnerability to gain access to certain files. Upon discovery, we acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.

II. What Information Was Involved

Most of the consumer information accessed includes names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed. In addition to this site, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. We have found no evidence of unauthorized access to Equifax’s core consumer or commercial credit reporting databases.

III. What We Are Doing

Upon learning of this incident, Equifax took steps to stop the intrusion, and engaged an independent cybersecurity firm to forensically investigate and determine the scope. Equifax also engaged the cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.

Equifax is focused on consumer protection and has established a dedicated website, www.equifaxsecurity2017.com to help consumers. We have provided a tool on this site for you to determine if your information was potentially impacted by this incident. To find out if you are potentially impacted, please go to www.equifaxsecurity2017.com, and click on “Potential Impact,” and enter your last name and last 6 digits of your Social Security number.

We are also offering free identity theft protection and credit file monitoring to all U.S. consumers, even if you are not impacted by this incident. This offering, called TrustedID Premier, includes 3-Bureau credit monitoring of your Equifax, Experian and TransUnion credit reports; copies of your Equifax credit report; the ability to lock and unlock your Equifax credit report; identity theft insurance; and Internet scanning for your Social Security number – all complimentary to U.S. consumers for one year. To find out more information on this complimentary offer and to sign up, please click on the tab “Enroll” on this site. You must complete the enrollment process by November 21, 2017.

IV. What You Can Do

In addition to enrolling in identity theft protection and credit file monitoring, please see the “Identity Theft Prevention Tips” below, and the “State Information” tab of this site. This information provides additional steps you can take, including how to obtain a free copy of your credit report and place a fraud alert and/or credit freeze on your credit report. In addition, please monitor your account statements and report any unauthorized charges to your credit card companies and financial institutions.

V. For More Information

Equifax is committed to ensuring that your personal information is protected, and we apologize to our consumers and our business customers for the concern and frustration this incident causes. If you have additional questions, please call our dedicated call center at 866-447-7559, available from 7:00 a.m. to 1:00 a.m. Eastern time, seven days a week.

Identity Theft Prevention Tips

We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit reports. You may obtain a free copy of your credit report from each company listed below once every 12 months by requesting your report online at www.annualcreditreport.com, calling toll-free 1-877-322-8228, or mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase a copy of your credit report by contacting any of the credit reporting agencies below:

Equifax
PO Box 740241
Atlanta, GA 30374
www.equifax.com
888-766-0008

Experian
PO Box 9554
Allen, TX 75013
www.experian.com
888-397-3742

TransUnion
PO Box 2000
Chester, PA 19016
www.transunion.com
800-680-7289

If you believe you are the victim of identity theft, you should contact the proper law enforcement authorities, including local law enforcement, and you should consider contacting your state attorney general and/or the Federal Trade Commission (“FTC”). You also may contact the FTC to obtain additional information about avoiding identity theft.

Federal Trade Commission, Consumer Response Center
600 Pennsylvania Avenue NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338)
www.ftc.gov/idtheft

Tips for Protecting your Information

We would like to remind you of the value of taking good security precautions. It is a good idea to develop strong and secure online passwords and to change them frequently. Below are a few tips for good password practices.

• Include numbers, symbols and letters.
• Use a combination of capital and lowercase letters.
• Do not use the same password across multiple sites.
• Do not store important passwords, such as your home banking password, in your email account.
• Monitor your accounts regularly for suspicious activity.

Report Suspicious E-mails

Internet scams are nothing new, and as more of us conduct our business online, we’re also becoming more business savvy in spotting suspicious e-mails. Unfortunately, the Internet scammers are becoming more sophisticated in their tactics, for example, creating fake websites which appear to be legitimate, but are actually designed to lure unsuspecting users into providing confidential information.

How the “PHISHERS” Lure You

Phishing (pronounced “Fishing”) is an online fraud technique used by criminals to entice you into to disclosing your personal information. One of the most common – and successful – techniques is to send you fake messages that mimic valid messages or websites from a company you trust, such as your financial institution, a credit card company, government agency, or online shopping site. The logos and the links all look correct.

Asking For Personal Information

Usually, the messages open by reporting a problem with your account, and will ask you to verify the following information:

• Name and online user name
• Address and phone number
• Social Security Number
• Account password or PIN
• Account number
• ATM/debit or credit card number
• Credit card validation code, (CVC). This is the code credit card companies use to authorize credit charges. American Express uses a 4-digit CVC number which appears on the front of your card, while Visa, MasterCard and Discover all use a three-digit number that is on the back.

Providing any of this information is the online equivalent of giving criminals the keys to your house. They can empty your financial accounts, run up charges on your credit cards or open fraudulent credit card accounts in your name. And it can take years to repair the damage to your financial integrity.

Suspicion = Protection

Be suspicious of e-mails that ask for personal information, and be alert to other common scams such as foreign lotteries, requests to transfer funds from overseas bank accounts and work-from-home opportunities.

• Delete any e-mail you don’t trust – even opening a “phishing” e-mail can plant a virus or spyware on your PC.
• Never send confidential information by e-mail. If you think you have been scammed and your confidential information compromised, contact your credit card companies and financial institutions immediately. Report it to the Federal Trade Commission . And contact all three credit reporting bureaus to have alerts placed on your credit reports.

• Equifax: equifax.com | 888.766.0008
• Experian: experian.com | 888.397.3742
• TransUnion: transunion.com | 888.909.8872

Remember, neither Motion nor any legitimate business will ever send you an e-mail asking for personal information. If you receive an e-mail that you’re suspicious of, don’t respond to it.

10 Ways to Protect Against Debit Card Fraud

1. Update your contact information with your financial institution. Your Credit Union can’t ask you about a suspicious charge unless it has your current phone number.

2. Copy the customer service phone number from the back of each of your debit or credit cards and keep this list in a separate location from your purse or wallet in case a thief steals the latter.

3. Let your financial institution and card issuers know your travel dates and destination. If your card gets swiped at an unusual location, the card issuer may decline the suspicious transaction.

4. Look out for ATMs that appear to be dirty or in disrepair. A fake machine may be set up to capture your card information.

5. Do not use ATMs with unusual signage, such as a command to enter your PIN twice to complete a transaction.

6. Watch out for ATMs that appear to have been altered. If anything on the front of the machine looks crooked, loose or damaged, it could be a sign that someone attached a skimming device.

7. Avoid using the ATM if suspicious individuals are standing nearby. Criminals may try to distract you as you use the machine to steal your cash, or watch as you type in your PIN.

8. Be aware that if your card gets stuck in the machine and someone approaches to help, it may be a scam. A criminal may be trying to watch as you enter your PIN code.

9. If your card gets stuck in the machine, call your financial institution promptly to report the incident.

10. As you key in your PIN, cover the keypad with your other hand to block anyone, or a camera, from viewing the numbers you type.

Important Note: Remember to check your balance on a regular basis. Federal law doesn’t protect debit cards to the same degree as credit cards when it comes to fraud. If you notify the bank within two days of discovering the card was lost or stolen, your loss is limited to $50. After two days, this amount jumps to $500, and after 60 days of receiving the statement with the fraudulent charges, your loss may be unlimited.

You can download a PDF of these 10 tips here.