Equifax—one of the three major consumer credit reporting agencies in the United States—has reported a major security breach that may have exposed the personal information of up to 143 million people. Compromised information may include names, social security numbers, birth dates, addresses, and some driver’s license numbers, as well as about 209,000 credit card numbers and about 182,000 dispute documents that may include personally identifiable information.
The Office of the Chief Information Security Officer would like to share the following tips on how to protect yourselves:
- Assume you are affected. Equifax and other credit reporting companies can collect information about you from credit card companies, banks, or other financial institutions without your knowledge.
- Freeze your credit reports with all three major credit reporting companies: Experian, TransUnion, and Equifax. Visit the Federal Trade Commission’s Credit Freeze FAQ page for guidance on how to freeze your credit.
- Set fraud alerts with all three agencies. For guidance on how to set fraud alerts, visit the Federal Trade Commission’s Place a Fraud Alert
- Monitor activity on your credit accounts and reports carefully. Consider checking your credit rating regularly by asking for free credit reports from your bank or other credit service companies. Please note that while Equifax is offering free credit monitoring for those affected by this breach, there are reports (not confirmed by USC) that you may be opting out of your ability to join any class action lawsuits against the company if you sign up for Equifax’s credit monitoring.
- Be aware of tax return fraud. Criminals sometimes use stolen social security numbers and other personal information to file fraudulent tax returns and redirect tax refunds to their own accounts. For more information on how to protect yourself, see the Internal Revenue Service’s Taxpayer Guide to Identity Theft.
As this is a major and well-publicized breach, identity thieves and other criminals are likely to send out phish emails appearing to come from Equifax or other credit reporting agencies. It is important that you do not click links in any emails asking for your personal information or login details, no matter how legitimate the emails may appear. Instead, open a new browser window, navigate to the company’s website by manually typing its official URL in the location bar, and conduct any required business there.
You may forward any suspicious email to the Information Security Office at firstname.lastname@example.org.
For additional information on the Equifax breach, see the following links