Credit reporting firm Equifax revealed today that hackers gained unauthorized access to personal information for up to 143 million US consumers — more than a third of the country's population.
According to Equifax's investigation, the breach occurred around mid-May through July of this year, exploiting a website application vulnerability.
The company says it became aware of the breach on July 29, and then acted to stop the leak and conduct a forensic review for law enforcement.
Among the data stolen during the breach were customers' names, Social Security numbers, birth dates, addresses and even some driver's license numbers. So, yeah, important stuff.
Equifax also says approximately 209,000 US consumers also had their credit card information comprised and about 182,000 had dispute documents accessed. Equifax is mailing notices to consumers who had their credit card numbers or dispute documents accessed.
How to find out if you're information was stolen
Though a hugely worrying breach, Equifax claims it has found "no evidence of unauthorized activity" on the company's core consumer or credit reporting databases. Still, the information stolen is highly sensitive.
Equifax has set up a special webpage to help customers learn if their data may be at risk, and if so, what steps they can take to protect their identity.
Once on the page, you'll select the "Check Potential Impact" button. You're asked to enter your last name and last six digits of your social security number. We were admittedly wary to give this information considering the hack.
While Equifax says it will provide a message indicating whether your personal information may have been compromised, one TechRadar staffer received a message, another did not.
Whether or not your information was stolen, Equifax is offering consumers free enrollment in the TrustedID Premier program.
It appears a queue is being formed to allow users to sign up for the credit file monitoring and identity theft protection program; we were given an enrollment date of September 13 and told to return to this site then. No additional alert will be sent with a reminder to enroll. Enrollment will end on November 21.
You can also call an information line at 866-447-7559, though call volume is understandably high at the moment.
In the wake of the breach, it's important to be wary of suspicious emails, especially those posing to be from Equifax or other official source. Don't click on links or download material from emails that seem suspicious as phishing attempts often run rampant after breaches like this.
It's also always a good idea to change your passwords, and to keep an eye on your credit car and bank accounts. You can also monitor your credit with the US' two other large credit reporting companies, Experian and TransUnion.
While primarily a US-based cyber attack, Equifax also identified that "limited personal information" was also accessed pertaining to some UK residents, with more details to come regarding affected users outside the US.
- Your smart home may not be so smart against hacking