It’s been nearly two weeks since we learned of a major cyberattack on the credit reporting agency Equifax, and it’s estimated the personal data of 143 million Americans was taken. But the news surrounding the hacking keeps getting worse.
There are now reports the company experienced another security breach earlier this year and that Equifax failed to install a patch that could have prevented the much larger theft of information that took place between May and July.
Last year, Equifax was hacked at least two other times, impacting hundreds of thousands of Kroger food store employees as well as some employees of Northwestern University.
Amid all this, federal investigators are now looking into what’s being characterized as “unusual” stock sales by Equifax executives.
Equifax’s CEO released this video after the mammoth hack was made public:
Here to tell us what you need to do to safeguard your personal accounts are: Ilyce Glink, the CEO of Best Money Moves who also wrote and managed the Equifax finance blog for seven years; Jacob Furst, a professor at DePaul University’s College of Computing and Digital Media who is an expert in cybersecurity and the director of the DePaul Information Assurance Center; and Terry Savage, nationally syndicated financial columnist and author.
The FTC and our guests have the following recommendations for consumers:
• Check to see if you have been affected by the Equifax hack. Go to www.EquifaxSecurity2017.com or call the dedicated hotline: 866-447-7559. The call center is open seven days a week, from 7 a.m. to 1 a.m. Eastern time.
• Regularly check your banking and credit information. Go to www.AnnualCreditReport.com to get a free copy of your credit report.
• Visit IdentityTheft.gov to find out what to do if you are a victim of identity theft.
• Consider placing a credit freeze on your files. FTC: “A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.”
• If you decide against a credit freeze, consider placing a fraud alert on your files.
Timeline of Equifax Breach
July 29: CEO Rick Smith: “On July 29th of this year, we discovered that hackers gained unauthorized access to certain Equifax data files. We acted immediately to stop the intrusion.”
Aug. 1-2: Equifax Chief Financial Officer John Gamble; Equifax President of U.S. Information Solutions Joseph Loughran; and the president of workforce solutions, Rodolfo Ploder, sell nearly $2 million in stocks.
Sept. 7: Equifax officially announces that there was a cybersecurity breach.
Sept. 8: Sen. Elizabeth Warren, D-Mass., rips Equifax on Twitter for trying to push customers to give up their right to join a class action lawsuit against the company.
Sept. 11: Leaders of the Senate Finance Committee, Sen. Orrin Hatch, R-Utah, and Ron Wyden, D-Oregon, demand details about the breach and the stock sale.
Equifax reverses its controversial decision to charge customer fees after a free trial of their credit monitoring service.
Sept. 12: Equifax CEO Richard Smith apologizes in a USA Today op-ed promising to make changes.
Sept. 13: Equifax CEO Richard Smith agrees to testify before the House Energy and Commerce Committee.
It was also reported that the company was exposed to hacks starting in May. Hackers exploited a software flaw at Equifax discovered by Apache Software foundation in March. “The vulnerability was Apache Struts CVE-2017-5638,” said Equifax. But Equifax didn’t install the security patch in March which could have prevented the massive breach at the end of July.
Sept. 15: Sen. Elizabeth Warren introduces the FREE Act, Freedom From Equifax Exploitation Act.
Sept. 18: The Department of Justice opens a criminal probe of possible insider trading with the sale of $1.8 million stock by Equifax officials.
Sept. 19: Attorney General Lisa Madigan joins attorney generals from 43 states and the District of Columbia in signing a three page letter criticizing Equifax for the handling of the breach and the company’s initial attempts to prevent customers from suing the credit reporting agency. Madigan’s office is also investigating the Equifax breach.
Sept. 11: Of Illinois’ 12.8 million residents, an estimated 5.4 million may have been impacted by the Equifax data breach. We review what you can do to protect yourself from potential identity fraud.
Sept. 8: Should cellphone users be better notified when apps seek their location data? Proponents of a new bill say more transparency is needed, but opponents say the measure is bad for business.
April 4: President Donald Trump signed a law Monday night allowing internet providers to sell your browser history. How worried should you be?