By now you’ve probably heard that the credit reporting company Equifax is having a very bad year. Last week it was announced that the personal information on about 143 million Americans had possibly been compromised. Here’s what we know so far.
Not a whole lot, other than that their response sucks.
If you go to the website they set up and type in your information to see if you were involved, it’s almost guaranteed to say you were. Yes, even if your name is “Test, 123456” you will get the message that you were affected.
By now you’re probably already up to your eyeballs in fraud calls and may the benevolent gods of patrol have some mercy on your soul you if you’re on any sort of desk or phone reporting duty. People will be lining up soon to report their newest identity theft is a result of this breach.
But here’s the thing: There’s just too many breaches these days to blame this one in particular for any uptick in complaints.
Every time another credit card breach is reported or another IRS scam is reported, people come flocking in to report that they were involved. This will be no different, and there’s just as much a possibility that the fraud they’re reporting will be the result of their information being leaked in previous data breaches.
Don’t believe me? Go to Google and type this in: Inurl:pastebin.com “[your state]” “cvv”
When I do that I click on the first link that was posted July 27 with someone’s credit card verification value (CVV) and get this:
If you get a message saying that particular post has already been taken down, have no fear. Google has it saved. Go to cachedpages.com and plug in your link, then hit “Google Cache”:
This will give you the saved copy of this particular set of credit card numbers that somebody already noticed and took down.
Pastebin.com is just one of many, many sites out there with leaked info. I was once looking for someone by their email and I found their email, along with SSN and credit card number, posted on a different site, but similar to Pastebin.
Moral of the story is this: The Equifax breach is just one more in a long—loooong!—line of breaches that people have been forecasting for a long time. Just because someone is experiencing identity theft or credit fraud today doesn’t mean that it’s absolutely related to Equifax. It could be, but chances are your information is already out there.
What Do We Do Then?
Get a credit freeze! The FTC set up a website a few years ago for dealing with exactly this sort of thing, IdentityTheft.gov. A credit freeze restricts access to your credit report by thieves and everyone else. As sad as a thought that is, yes, this is has been such an issue for so long that the government already set up a website to deal with this stuff a long time ago.
Credit freezes have the added benefit of cutting down on your junk mail and making it impossible to get new lines of credit in your name. Sadly, this means some extra hoops to jump through if you’re trying to get a new line of credit like a home loan or that new boat (which you’re probably only going to use once anyway). Either way, it’s probably something you should have done by now anyway if you haven’t. Consider this latest data breach a good reminder to get that taken care of.
Certain security experts like Brian Krebs have been preaching for years to just get a credit freeze. This incident serves as a fantastic reminder to go get that credit freeze taken care of.
And good luck with those fraud calls!