Um, Hacked Much? A Summary of the Equifax Breach

Written by Kathleen Heck on September 11, 2017

The country was appalled when recent news about the Equifax hack spread.

Equifax hack: What's the worst that can happen?

Equifax breach may kill repeal of CFPB mandatory arbitration rule

Seven aftershocks of the Equifax breach: What bankers need to know

How will this affect YOU?

First of all, try to determine if it does affect you. Equifax may or may not notify you. CNN tells you how to try to determine if you’ve been hacked in, “How to find out if you're affected by the Equifax hack.” And since this is about significantly more than a few thousand people, it may well be worth your time to investigate. Note that:

“Equifax said Thursday that 143 million people could be affected by a recent data breach in which cybercriminals stole information including names, Social Security numbers, birth dates, addresses, and the numbers of some driver's licenses.

Additionally, credit card numbers for about 209,000 people were exposed, as was 'personal identifying information' on roughly 182,000 customers involved in credit report disputes.”

Equifax Hacked

Credit.com tells us what thieves do with just your stolen credit card:

They take your stolen card data and add it to their stockpile.
They sell a group of credit card numbers to other cybercriminals on websites designed to process these transactions (think of it as an eBay for eVil).
The buyer of the group may resell them again or begin using the stolen data at online retailers.
The criminals also have hardware on hand to print fake plastic cards in case they want to use the them at physical stores.
The criminals make purchases of goods that they can resell for quick cash.”

But this is much bigger than just a stolen credit card. So what happens if someone gets your Social Security number and other information? The Washington Post paints this gloomy picture:

“Social Security numbers, especially when combined with other exposed data such as driver’s license numbers, birth dates and home addresses, can allow identity thieves to impersonate you. They can apply for loans, housing, utilities and even government benefits in your name. Or, more likely, they can sell this data on the open market to those who will use it for those purposes and perhaps for other crimes we can't imagine.

'Once your personally identifiable information has been stolen, people can use that information to basically impersonate you. They can create fake loans and fake bank accounts. And the names will be posted on lists that become available to future hackers,' said Fleming Shi, a senior vice president for Barracuda cybersecurity company.”

Equifax Security

What can you do about this right now?

  1. Call Equifax at 866-447-7559 with questions.
  2. Go to www.annualcreditreport.com and get a free (once annually) copy of your credit report and check it for errors or fraud.
  3. Add a fraud alert to your credit account. There is a small fee for this.
  4. Put a long term freeze on your credit. You’ll need to contact the credit bureau to remove this if/when you apply for a loan or need new credit.
  5. Scan bank statements for unauthorized charges.
  6. Sign up for credit report monitoring and identity theft protection. Starting soon, Equifax** is providing free service for one year through TrustedID Premier -- whether or not you've been affected by the breach. Go to www.equifaxsecurity2017.com and click on the Check Potential Impact tab. After data entry, you'll be given a date when you can return to the site and sign up for the service. Yes, of course this is also Equifax (which owns TrustedID Premier) capitalizing on its own mistake. Sorry, my cynicism is showing!
  7. File your taxes early, as soon as you have the tax information you need, before any scammer can. Tax identity theft can happen when a hacker uses your Social Security number to get a tax refund or a job. For more on this, see, “How Equifax hackers could file taxes in your name and get a refund from the IRS” in MarketWatch.
  8. If you have been hacked, contact your local police department to create a paper trail and to assist them directly, in case this is a local data theft endeavor.
  9. Visit, the Federal Trade Commission: IdentityTheft.gov, “When Information Is Lost or Exposed”.
  10. If your identity has been stolen, you may want to file a report with the Federal Trade Commission. To file a report, you can visit the government website FTCComplaintAssistant.gov or call 1-877-ID-THEFT (438-4338).

**And, OOPs, also see, “Equifax's hack checker is a hot mess -- here's what to do” from CNET and, “Monday Morning Cup of Coffee: Is Equifax telling the wrong people they were hacked?” from HousingWire. Yikes!

Bad Security

How will this affect the mortgage industry?

As HousingWire puts it, “In the wake of the company’s announcement, the Consumer Financial Protection Bureau, the House Financial Services Committee, and the office of New York Attorney General Eric Schneiderman stated that each is launching an investigation into the [Equifax] breach.” Having been in the mortgage industry over 20 years, you want almost anything except the Office of the New York Attorney general investigating you.  Oh my, oh my.

Beyond that, however, think of potentially 143 million credit explanation letters from mortgage applicants, all blaming Equifax!

This also ties right into a current Capitol Hill debate. From the same HousingWire report:

“As CNN points out, consumers who want to take Equifax up on its offer of free credit monitoring for a year have to waive their right to sue, something that the CFPB is currently battling over on Capitol Hill.

'Equifax’s credit monitoring product contains a mandatory arbitration clause that denies people their right to join together to sue the company for wrongdoing,' Gilford said.

'It is troubling that Equifax is forcing people to waive legal rights in order to receive fraud monitoring after the company’s breach put their personal information at risk,' Gilford concluded. 'Equifax could remove this clause so that consumers can receive this service without condition.'”

And how will lenders verify John Smith is actually the right John Smith and not the hacked John Smith? Further, approval decisions on mortgage applications and the associated interest rate are based, in a large part, on FICO scores. If you get hacked and your scores change, you’ll need to get this corrected before applying for credit. See, “The Mortgage Insider’s Guide: 5 Tricks To Get Your Mortgage Approved,“How Your Credit Score Affects Your Mortgage Rate,” or “Trended Credit Data (TCD): Put Down That Revolver.” The issues for all industries that rely on credit reporting may be staggering.

Cybercriminal

More on being “hacked” …

The Equifax breach is enormous, potentially disastrous and the credit reporting world’s combined Hurricanes Irma and Harvey at the same time. But it is not unique. It’s not even the largest. From CSOONLINE.com, check out the pre-Equifax top ten:
1. Yahoo -- Impact: 1.5 billion user accounts.
2. Adult Friend Finder -- Impact: More than 412.2 million accounts.
3. eBay -- Impact: 145 million users compromised.
4. Equifax -- Impact: Above.
5. Heartland Payment Systems -- 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.
6. Target Stores -- Impact: Credit/debit card information and/or contact information of up to 110 million people compromised.
7. TJX Companies, Inc. -- Impact: 94 million credit cards exposed.
8. JP Morgan Chase -- Impact: 76 million households and 7 million small businesses.
9. US Office of Personnel Management (OPM) -- Impact: Personal information of 22 million.
10. Sony's PlayStation Network -- Impact: 77 million PlayStation Network accounts hacked; estimated losses of $171 million while the site was down for a month.

On a related note, why is it that every time I Google search for Depends at a bulk discount price for my 96 year old father-in-law, or wholesale jock straps for my husband’s college athletic department, within 1 second, ads for both appear on every subsequent search I complete??? Or how about Recruiters and Sellers of “Productivity Programs” connecting with me regularly because they saw via Facebook, LinkedIn, or you-name-it that I was interested in something or someone they represent? Do you like those websites that state, “Other people who shopped for XXX also bought YYY”? And how about the new trend towards auto shipment for 5% off the price? Aren’t these all data breaches of a sort? Well, of course they are!

Sometimes, just for fun, I’ll complete online surveys and product reviews with outlandish data. I know this information is being sold to a zillion other companies who will subsequently solicit me for products and services I don’t want. So why shouldn’t I lead them to believe my favorite color is fuschia, my shoe size is 21 AAAAA, or my favorite pet is a tarantula?  (Just kidding, I neither complete online surveys nor product reviews. I’m much too honest, ha).

My point is that while data breaches are horrendous, dangerous, and annoying, I have actually  become sanguine about them. I am optimistic that it will be worked out best for all, that cyber criminals will be caught and dealt with, and all my personal data will be secure.  I also used to be an avid reader of the once famous Mad Magazine.

Mad Magazine

Posted Under: Credit
..
About Kathleen Heck

Kathleen Heck has worked with hundreds of top sales professionals, authors, corporate executives, educators, and management level professionals. She started her career as a college and high school educator. Later she changed industries and moved to financial services, first as a Mortgage Loan Officer and then rising to lead of team of over 2000 financial professionals. She is the author of "After the Beep" and "Meltdown: I Need a Plan". Currently serving as the President of the Croyance Group, Ms. Heck is a Certified Professional Coach and holds several Masters Degrees and a PhD. See more at Croyancegroup.com


Sep11

The country was appalled when recent news about the Equifax hack spread.

Equifax hack: What's the worst that can happen?

Equifax breach may kill repeal of CFPB mandatory arbitration rule

Seven aftershocks of the Equifax breach: What bankers need to know

How will this affect YOU?

First of all, try to determine if it does affect you. Equifax may or may not notify you. CNN tells you how to try to determine if you’ve been hacked in, “How to find out if you're affected by the Equifax hack.” And since this is about significantly more than a few thousand people, it may well be worth your time to investigate. Note that:

“Equifax said Thursday that 143 million people could be affected by a recent data breach in which cybercriminals stole information including names, Social Security numbers, birth dates, addresses, and the numbers of some driver's licenses.

Additionally, credit card numbers for about 209,000 people were exposed, as was 'personal identifying information' on roughly 182,000 customers involved in credit report disputes.”

Equifax Hacked

Credit.com tells us what thieves do with just your stolen credit card:

They take your stolen card data and add it to their stockpile.
They sell a group of credit card numbers to other cybercriminals on websites designed to process these transactions (think of it as an eBay for eVil).
The buyer of the group may resell them again or begin using the stolen data at online retailers.
The criminals also have hardware on hand to print fake plastic cards in case they want to use the them at physical stores.
The criminals make purchases of goods that they can resell for quick cash.”

But this is much bigger than just a stolen credit card. So what happens if someone gets your Social Security number and other information? The Washington Post paints this gloomy picture:

“Social Security numbers, especially when combined with other exposed data such as driver’s license numbers, birth dates and home addresses, can allow identity thieves to impersonate you. They can apply for loans, housing, utilities and even government benefits in your name. Or, more likely, they can sell this data on the open market to those who will use it for those purposes and perhaps for other crimes we can't imagine.

'Once your personally identifiable information has been stolen, people can use that information to basically impersonate you. They can create fake loans and fake bank accounts. And the names will be posted on lists that become available to future hackers,' said Fleming Shi, a senior vice president for Barracuda cybersecurity company.”

Equifax Security

What can you do about this right now?

  1. Call Equifax at 866-447-7559 with questions.
  2. Go to www.annualcreditreport.com and get a free (once annually) copy of your credit report and check it for errors or fraud.
  3. Add a fraud alert to your credit account. There is a small fee for this.
  4. Put a long term freeze on your credit. You’ll need to contact the credit bureau to remove this if/when you apply for a loan or need new credit.
  5. Scan bank statements for unauthorized charges.
  6. Sign up for credit report monitoring and identity theft protection. Starting soon, Equifax** is providing free service for one year through TrustedID Premier -- whether or not you've been affected by the breach. Go to www.equifaxsecurity2017.com and click on the Check Potential Impact tab. After data entry, you'll be given a date when you can return to the site and sign up for the service. Yes, of course this is also Equifax (which owns TrustedID Premier) capitalizing on its own mistake. Sorry, my cynicism is showing!
  7. File your taxes early, as soon as you have the tax information you need, before any scammer can. Tax identity theft can happen when a hacker uses your Social Security number to get a tax refund or a job. For more on this, see, “How Equifax hackers could file taxes in your name and get a refund from the IRS” in MarketWatch.
  8. If you have been hacked, contact your local police department to create a paper trail and to assist them directly, in case this is a local data theft endeavor.
  9. Visit, the Federal Trade Commission: IdentityTheft.gov, “When Information Is Lost or Exposed”.
  10. If your identity has been stolen, you may want to file a report with the Federal Trade Commission. To file a report, you can visit the government website FTCComplaintAssistant.gov or call 1-877-ID-THEFT (438-4338).

**And, OOPs, also see, “Equifax's hack checker is a hot mess -- here's what to do” from CNET and, “Monday Morning Cup of Coffee: Is Equifax telling the wrong people they were hacked?” from HousingWire. Yikes!

Bad Security

How will this affect the mortgage industry?

As HousingWire puts it, “In the wake of the company’s announcement, the Consumer Financial Protection Bureau, the House Financial Services Committee, and the office of New York Attorney General Eric Schneiderman stated that each is launching an investigation into the [Equifax] breach.” Having been in the mortgage industry over 20 years, you want almost anything except the Office of the New York Attorney general investigating you.  Oh my, oh my.

Beyond that, however, think of potentially 143 million credit explanation letters from mortgage applicants, all blaming Equifax!

This also ties right into a current Capitol Hill debate. From the same HousingWire report:

“As CNN points out, consumers who want to take Equifax up on its offer of free credit monitoring for a year have to waive their right to sue, something that the CFPB is currently battling over on Capitol Hill.

'Equifax’s credit monitoring product contains a mandatory arbitration clause that denies people their right to join together to sue the company for wrongdoing,' Gilford said.

'It is troubling that Equifax is forcing people to waive legal rights in order to receive fraud monitoring after the company’s breach put their personal information at risk,' Gilford concluded. 'Equifax could remove this clause so that consumers can receive this service without condition.'”

And how will lenders verify John Smith is actually the right John Smith and not the hacked John Smith? Further, approval decisions on mortgage applications and the associated interest rate are based, in a large part, on FICO scores. If you get hacked and your scores change, you’ll need to get this corrected before applying for credit. See, “The Mortgage Insider’s Guide: 5 Tricks To Get Your Mortgage Approved,“How Your Credit Score Affects Your Mortgage Rate,” or “Trended Credit Data (TCD): Put Down That Revolver.” The issues for all industries that rely on credit reporting may be staggering.

Cybercriminal

More on being “hacked” …

The Equifax breach is enormous, potentially disastrous and the credit reporting world’s combined Hurricanes Irma and Harvey at the same time. But it is not unique. It’s not even the largest. From CSOONLINE.com, check out the pre-Equifax top ten:
1. Yahoo -- Impact: 1.5 billion user accounts.
2. Adult Friend Finder -- Impact: More than 412.2 million accounts.
3. eBay -- Impact: 145 million users compromised.
4. Equifax -- Impact: Above.
5. Heartland Payment Systems -- 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.
6. Target Stores -- Impact: Credit/debit card information and/or contact information of up to 110 million people compromised.
7. TJX Companies, Inc. -- Impact: 94 million credit cards exposed.
8. JP Morgan Chase -- Impact: 76 million households and 7 million small businesses.
9. US Office of Personnel Management (OPM) -- Impact: Personal information of 22 million.
10. Sony's PlayStation Network -- Impact: 77 million PlayStation Network accounts hacked; estimated losses of $171 million while the site was down for a month.

On a related note, why is it that every time I Google search for Depends at a bulk discount price for my 96 year old father-in-law, or wholesale jock straps for my husband’s college athletic department, within 1 second, ads for both appear on every subsequent search I complete??? Or how about Recruiters and Sellers of “Productivity Programs” connecting with me regularly because they saw via Facebook, LinkedIn, or you-name-it that I was interested in something or someone they represent? Do you like those websites that state, “Other people who shopped for XXX also bought YYY”? And how about the new trend towards auto shipment for 5% off the price? Aren’t these all data breaches of a sort? Well, of course they are!

Sometimes, just for fun, I’ll complete online surveys and product reviews with outlandish data. I know this information is being sold to a zillion other companies who will subsequently solicit me for products and services I don’t want. So why shouldn’t I lead them to believe my favorite color is fuschia, my shoe size is 21 AAAAA, or my favorite pet is a tarantula?  (Just kidding, I neither complete online surveys nor product reviews. I’m much too honest, ha).

My point is that while data breaches are horrendous, dangerous, and annoying, I have actually  become sanguine about them. I am optimistic that it will be worked out best for all, that cyber criminals will be caught and dealt with, and all my personal data will be secure.  I also used to be an avid reader of the once famous Mad Magazine.

Mad Magazine

About Kathleen Heck
Kathleen Heck has worked with hundreds of top sales professionals, authors, corporate executives, educators, and management level professionals. She started her career as a college and high school educator. Later she changed industries and moved to financial services, first as a Mortgage Loan Officer and then rising to lead of team of over 2000 financial professionals. She is the author of "After the Beep" and "Meltdown: I Need a Plan". Currently serving as the President of the Croyance Group, Ms. Heck is a Certified Professional Coach and holds several Masters Degrees and a PhD. See more at Croyancegroup.com