EQUIFAX Personal Data Breach Explained: Why it could impact so many for a long time

I didn't expect my second post to be about fraud and data security.  But I do happen to have a background in Fraud Investigation / Scenario Planning and with this latest data breach that broke in the news today I wanted to share some points that may help others make sense of the magnitude and understand why anyone with a credit history should be checking now and continuously to ensure their information is not being used fraudulently. 

Background Information:

• Equifax is one of the three main Credit Bureaus for the U.S.
• *A credit bureau is an agency that researches and collects individual credit information and sells it for a fee to creditors so they can make a decision on granting loans / credit. 
• *Credit Bureaus generate Credit Scores and are the source of Credit Reports
• *Credit reports contain PERSONAL IDENTIFIABLE INFORMATION such as
  • Current and previous addresses
  • Social Security numbers
  • Employment history
  • Number and type of accounts held
  • Detailed account information related to high balances, credit limits and the date accounts were opened

Meaning all of the above information along with Date of Birth and full name are held within the technical infrastructure (e.g. databases) of Credit Bureaus in order to generate Credit Reports.  Therefore all of the this information for anyone with a credit history during the Equifax breach has been exposed.  It is just a matter of if, when and how that information may be disseminated for unauthorized use.

The Equifax Breach occurred in July 2017 and was only disclosed to the public this week.  So in the last couple of months if you've seen fraudulent charges especially on multiple cards or accounts AT ONE TIME that is a good indication that you were a victim of this breach.  This is because it is not typical in the case of a single merchant type breach that information for multiple cards is available in one place to be exploited.

What isn't clear is what level of encryption there may or may not have been on some of the data held by Equifax.  In articles on the breach there are warnings that 140+ million people's (US Consumers) information was exposed in this incident.

As soon as possible it's best to:

• Request a credit report and review thoroughly for - 
  • Bank inquiries made to open an account in your name that you did not request
  • New credit cards accounts listed that you didn't open
  • New car leases etc. that you don't recognize
• Keep and eye on credit card statement activity for fraudulent transactions
  • CHIP-ENABLED CARDS ARE STILL AT RISK
  • Chip and Pin technology is close to being ubiquitous from a card issuer perspective but only about 60-80% of U.S. merchants have upgraded to the technology required to accept chip cards.  As long as this number is not 100% fraudsters can get away with encoding fake cards with your magnetic stripe data and using it and a mag-stripe only card.

You can always get charges reversed and a new credit card but SOCIAL SECURITY NUMBERS ARE FOREVER -more or less- which makes this worse because fraudsters may keep trying to use your SSN for different schemes in the future.  Once they have it..... they have it.  So be mindful always.

Hope this helps and good luck.  Let me know if you have and questions / comments.

*Source for definitions:

• http://www.investopedia.com/terms/c/creditreport
• http://www.investopedia.com/terms/c/creditbureau