Confused about what's going on with your personal data, your credit and the massive data breach at Equifax? You're not alone.
Equifax, one of the three major credit reporting agencies, handles the data of 820 million consumers and more than 91 million businesses worldwide. Between May and July of this year 143 million people in the U.S. may have had their names, Social Security numbers, birth dates, addresses and even driver's license numbers accessed. In addition, the hack compromised 209,000 people's credit card numbers and personal dispute details for another 182,000 people. What bad actors could do with that information is daunting.
This data breach is more confusing than others—like when Yahoo or Target were hacked, for example— according to Joel Winston, a former deputy attorney general for New Jerseyâ, whose current law practice focuses on consumer rights litigation, information privacy, and data protection law.
While other companies have scrambled to retain loyalty after consumer data has been compromised, the Equifax breach is different, says Winston, because we—the consumers—are not its customers.
"We are the product," he says. "Us and our data is what Equifax is selling to other people and companies, and they are scrambling to keep their customers, without much regard for actual consumers."
And while other breaches may have exposed credit card numbers or Social Security numbers, the information Equifax has—on almost all of us—is much more extensive, which makes us all feel very vulnerable.
There's a lot of information circulating right now. Here's a rundown of what's true and what's bunk.
1. "I have to put in my social security number to find out if I've been affected."
Yes. Well, part of it.
You do have to provide most of your social security number to discover if your information -- including your social security number—may have been exposed. And yes: providing more information to a company which was not able to protect your information is probably not reassuring.
To check, go to www.equifaxsecurity2017.com, you need to enter your name and the last six digits of your Social Security number, and check a box that confirms you are not a robot.
Data specialists say requesting six-digits is rare and suggests that the more commonly requested last-four-digits of your Social Security number were likely compromised, requiring you to reveal more, previously hidden, details.
2. "I can find out for sure if my information was hacked or not."
No. Not with 100 percent certainty.
At the Equifax security site, you can provide more personal information to the company to "determine if your information was potentially impacted by this incident," according to the company. Equifax will not be able to tell you definitively that your information has been compromised and it cannot tell you if your information is being used by a criminal.
3. "Equifax will tell me if there's a problem."
No. And it will be hard to prove that someone is taking out a loan in your name 15 years down the line is because of this. But it could happen.
In its statement announcing the breach, Equifax specifies it will send direct notices, via mail, to the 209,000 people whose credit card numbers were impacted and to the 182,000 people with credit dispute documents with personal identifying information that were affected.
But even if you don't receive that notification, there's still a chance other information like your name, Social Security number, addresses, or date of birth may have been revealed. It's up to you to keep an eye on your credit.
Equifax is offering, to those who were or were not compromised, a year of its TrustedID Premier credit monitoring service for free.
4. "If I take Equifax's offer for credit monitoring, I am giving up my right to sue."
No. Not anymore.
Initially, Equifax limited the legal options consumers had, but it has since updated its policy to say: "enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action."
Winston credits the quick response of politicians, attorneys general, the media and individuals on social media with Equifax's about-face on this issue.
"There was an arbitration and limitation of liability clause in place initially and they have removed those offending provisions, in the face of widespread outcry," says Winston. "But, it was a battle that consumers should have never needed to fight."
5. "I have to provide my credit card number to sign up for free monitoring."
Although TrustedID is one of many credit products that Equifax offers, the company is not requesting consumers' credit card information when they sign up for the free credit-file montoring and identify theft protection.
Additionally, Equifax says in an update, people who sign up for free won't be automatically enrolled or charged after the year's service.
This is important to see in writing because Equifax (and its peer agency TransUnion) were fined in January for their deceptive marketing strategies with regard to their credit products.