Equifax – What you can do to protect yourself

While the news of any cyber-attack is alarming, the nature of the data stolen during the Equifax hack makes this intrusion particularly worrying.

The data accessed predominantly affects US citizens with Social Security numbers, home addresses, birth dates, credit card numbers and drivers licence numbers being illegally accessed.

Information Security

However, Equifax have revealed that the data of up to 400,000 UK consumers may also have been accessed as a result of a process failure that saw some UK data stored on US servers. While home addresses and financial data were not included, names, dates of birth, email addresses and telephone numbers are reported to have been taken. This illegally obtained data could be sold on the dark web.

Equifax have said that they will write to all affected customers but they haven’t specified when this will be. In the meantime, if you suspect that your personal data has been accessed it’s important to take swift action even if the consequences may not be immediate.

Steps to Protect

If you’re one of the people in the UK that has had their data breached, the reality of someone successfully taking a credit card out in your name with the limited information obtained is slim. However, fraudsters now have some key information and will most likely use other attack methods to gather the remaining information needed to apply for a credit card or take out a loan etc.

Equifax themselves have a number of tools designed to alert you if someone applies for credit using your details. If your information has been accessed, Equifax will offer a free ID protection service which will allow users to monitor their personal data, such as credit information, and be alerted to any signs of potential fraudulent activity. Further information on this will be provided to affected customers by Equifax.

The UK’s National Cyber Security Centre (NCSC) also issued a statement following the Equifax cyber incident along with advice for UK citizens affected by the breach.

      • Be aware of phishing emails. The NCSC statement points out that the main risk is potentially targeted and realistic phishing emails.  These are likely to use the guise of well-known brands and, unlike other phishing emails, may use your real name or reference your phone number in an attempt to appear genuine. Be vigilant, especially if an email contains attachments or links or asks you to supply additional personal information.
      • Beware of phone calls. As phone numbers are thought to have been accessed it is possible that you may receive phone calls purporting to be from a legitimate organisation and asking you to confirm security information. If you receive such a call, do not divulge any information but hang up and contact the organisation concerned using their official contact details – do not call any numbers provider by the caller.
      • Check your credit report. There are three credit reference agencies in the UK, Equifax, Experian and Callcredit. Each of them holds a credit file (or report) and all credit reference agencies have a statutory obligation to provide you with a copy of your credit report for £2. There are also other providers who base their service on Equifax data and offer free access to your report. By checking your report regularly to ensure the data they hold is correct, you’ll also be able to see if there has been any activity you weren’t aware of, including potentially fraudulent credit applications.
      • Establish fraud alerts. You can contact one of the credit reference agencies and ask them to place a fraud alert message on your file. Fraud alerts can be ‘Initial’ for people who are concerned that they make be affected by fraud or ‘Extended’ for those who have been a victim of fraud. The ‘Initial’ fraud alert message will notify potential lenders that they need to take extra precautions before extending credit in your name. The ‘Extended’ alert is also known as a victim statement and means that any lender will need to verify your identity before they can approve any new credit application.
      • Monitor your accounts, bank, credit card, savings etc. Check your balances and statements regularly, if there’s any payments you don’t recognise report them to your bank or lender immediately.

Summary

      • Be alert to phishing emails.
      • Do not give security information out to unsolicited callers.
      • Establish fraud alerts
      • Check your credit report
      • Check your bank and credit card statements regularly

The notoriety of the situation will, like other high-profile breaches, subside, but it’s important not to be complacent. Remain vigilant to the threats and any potential damage is likely to be minimal and contained.