After every other major breach in recent times, one of the things we’ve all been advised to do is to go to the credit reporting agencies and check for any unauthorized activity. And who are the credit reporting agencies? TransUnion, Experian and Equifax. Now we have news this week of Equifax having suffered a data breach of over 143 million Americans. That is about 40% of the population, and well over half of those who have any credit records at all. To help consumers begin to deal with it, Equifax has set up a site whose URL was apprently inspired by all the Equifax-themed phishing emails their staff have seen: https://www.equifaxsecurity2017.com. Regardless of the terrible URL, that is the correct site.
My personal advice is, go ahead and register for the Trusted ID service that finding your name on https://www.equifaxsecurity2017.com entitles you to. You can also choose to replicate a lot of what it offers by freezing your own credit reports and reviewing a copy of each one, which you can obtain via annualcreditreport.com.
Much has been made over the fact that the Equifax emergency site asks for some pretty detailed personal information before signing you up. My take on that issue is simple: Equifax had that information anyway, and much much more.
Here are a few other links to stories from the past few days. I have tried to filter out some of the more freaking-out ones.
That said: for evil, this story will appeal: Three Equifax executives sold a bunch of stock before the breach went public.
ZDNet says they tested the front end to the identity checker and got wonky results. I say, if it gets you signed up for the free services you want anyway, it’s fine.
Finally, Patrick McKenzie (@patio11) once made it his hobby to help people with identity-theft incidents. I like his advice mainly for its level-headed, “don’t panic” gestalt. Read: http://www.kalzumeus.com/2017/09/09/identity-theft-credit-reports/
There’s no value in freaking out.