Data Breach: Equifax Faces $70 Billion Lawsuit As Congress Probe Looms

by Ike Obudulu Posted on September 9th, 2017

Washington D.C. Sept 9th: As 143 million Americans, nearly half of the US population, fell victim to a massive cyber fraud at credit reporting agency Equifax, the US House Financial Services Committee has announced it would hold a hearing regarding the huge data breach. US Senator Tammy Baldwin (Democratic Wisconsin) has also requested a probe by the Senate Commerce Committee while a class-action lawsuit seeking up to $70 billion in damages has been filed against Equifax.

Lawyers for Mary McHill and Brook Reinhard, who had their personal information stored by the company, reportedly filed a complaint in the Oregon federal court against Equifax, seeking up to $70 billion in damages.

Hackers exploited a vulnerability in the company’s website application from mid-May through July and gained access to consumer information including names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers, Equifax earlier said in a statement. The breach also included credit card numbers of approximately 209,000 consumers and certain dispute documents with personal identifying information of approximately 182,000 consumers.

Equifax discovered the breach on July 29 but alerted the people only on September 7 after three senior executives sold shares worth almost $1.8 million, the report added.

“This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes,” Chairman and CEO Richard F Smith said in the company statement.

As part of its investigation into the application vulnerability, Equifax also identified unauthorised access to limited personal information of certain UK and Canadian residents.

After the company made the data breach public, Equifax’s stock fell by more than 14 per cent.

In its efforts to mitigate damages, the company has created a dedicated website — www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.


Photo: Credit reporting company equifax offices in Atlanta, Georgia

The company has said that it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.

Equifax was also reportedly contacting US state and federal regulators and has sent written notifications to all state attorneys general, which includes company’s contact information for regulator inquiries.

What To Do: 143 Million Americans Affected By Equifax Data Breach

Washington D.C. Sept 8th: If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies. Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps recommended by the  Federal Trade Commission, FTC, to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com.

Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll. You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.

Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.

Monitor your existing credit card and bank accounts closely for charges you don’t recognize.


Photo: Equifax data breach

If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.

File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

What To Do Next : Take a deep breath and begin to repair the damage.

Close new accounts opened in your name.

Now that you have an Identity Theft Report, call the fraud department of each business where an account was opened.

Explain that someone stole your identity. Ask the business to close the account.

Ask the business to send you a letter confirming that: the fraudulent account isn’t yours, you aren’t liable for it and it was removed from your credit report

Keep this letter. Use it if the account appears on your credit report later on.

The business may require you to send them a copy of your Identity Theft Report or complete a special dispute form.

Write down who you contacted and when.

Remove bogus charges from your accounts.

Call the fraud department of each business. Explain that someone stole your identity. Tell them which charges are fraudulent. Ask the business to remove them. Ask the business to send you a letter confirming they removed the fraudulent charges.

Keep this letter. Use it if this account appears on your credit report later on.

The business may require you to send them a copy of your Identity Theft Report or complete a special dispute form.

Write down who you contacted and when.

Correct your credit report.

Write to each of the three credit bureaus.  Include a copy of your Identity Theft Report and proof of your identity, like your name, address, and Social Security number. Explain which information on your report came from identity theft.

Ask them to block that information.

TransUnion.com
Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016
1-800-680-7289

Equifax.com
P.O. Box 105069
Atlanta, GA 30348-5069
1-800-525-6285

Experian.com
P.O. Box 9554
Allen, TX 75013
1-888-397-3742

If someone steals your identity, you have the right to remove fraudulent information from your credit report. This is called blocking. Once the information is blocked, it won’t show up on your credit report, and companies can’t try to collect the debt from you. If you have an Identity Theft Report, credit bureaus must honor your request to block this information.

If you don’t have an Identity Theft Report, you still can dispute incorrect information in your credit file. It can take longer, and there’s no guarantee that the credit bureaus will remove the information.

Consider adding an extended fraud alert or credit freeze.

An extended Fraud Alert:

lets you have access to your credit report as long as companies take steps to verify your identity.  It   stops all access to your credit report unless you lift or remove it. It is free to place and remove if someone stole your identity and this is guaranteed by federal law. It last lasts for 7 years.

A credit Freeze:

Stops all access to your credit report unless you lift or remove it.  Cost and availability depend on your state law. There might be a small fee for placing, lifting and removing. Lasts until you lift or remove it.

If you are dealing with  tax, medical, or child identity theft tHE FTC also recommends that you:

Step 1: Call the companies where you know fraud occurred.
Step 2: Place a fraud alert and get your credit reports.
Step 3: Report identity theft to the FTC.

You may choose to file a report with your local police department.

Author

Ike Obudulu

Ike Obudulu

Versatile Certified Fraud Examiner, Chartered Accountant, Certified Internal Auditor with an MBA in Finance And Investments who has both worked for and consulted with some of the world's largest companies on main street and wall street in over 20 countries, Ike brings his extensive reporting and investigations experience to bear on his role as Chief Editor.
Phone
Email

Leave a Reply