Oregon Attorney General Ellen Rosenblum is urging consumers not to rely on Equifax for protection from hackers who may have stolen the personal data of 143 million people from the credit reporting agency's files.
The hack, which occurred between May and July of 2017 but was not publicly reported by Equifax until Sept. 7, involved the theft of names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. Credit card numbers and credit card dispute documents with personal identifying information also were taken.
"This is a monster data breach," Rosenblum said on Saturday. "All of the personal information accessed by the hackers can be used fraudulently to validate the claimed identity of someone trying to open a bank or credit account. I urge Oregonians to assume your personal information has been hacked and take extra precautions to help ensure its safety."
Equifax has agreed to pay for one year of credit monitoring for affected consumers. The first step is to visit the company's website to find out if your information was exposed and then to enroll in Equifax's credit monitoring service. But Rosenblum is urging consumers not to do that.
"The website's terms of service potentially restricts your legal rights," she said. "Buried in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident. (Two Oregon residents asked a U.S. District Court judge to award class-action status to a lawsuit they filed in Eugene on Sept. 7; a court date has not yet been set.) And because the hackers gained access to the information through Equifax's U.S. website, it is unclear whether the information you enter to determine if your information has been compromised will be protected from future breaches."
Instead, Rosenblum said, consumers should:
• Check your credit report for inaccuracies. You can request your credit report for free from each of three reporting bureaus every year by visiting www.annualcreditreport.com or by calling 1-877-322-8228;
• Place a credit freeze. A credit freeze will halt any application for a new line of credit and remain in effect until you request that it be lifted. Keep in mind that a credit freeze won't prevent a thief from making charges to your existing accounts. For more information on how to place a freeze, visit www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft ;
• Place a fraud alert. A fraud alert is a statement in your credit file that notifies anyone requesting a copy of your credit report that you may be a victim of ID theft. There are three different types of fraud alerts: an initial alert, an extended alert and an active duty alert. For more information on these types, visit www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft ;
• File your taxes as early as possible. As soon as you have the tax information you need, file your taxes before a scammer does. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS; and
• Visit www.identitytheft.gov to learn more about protecting yourself after a data breach.
Under Oregon law, businesses with Oregon customers are required to inform customers and the Attorney General's Office about security breaches that have placed personal information in jeopardy. For more information on the law and to view a copy of the Equifax breach notice, visit justice.oregon.gov/consumer/databreach.
"In short: Do not rely on Equifax to help you deal with this data breach," Rosenblum said. "Consider taking these suggested actions to protect your information going forward. Check your credit report every four months or so. Thieves can use your information anytime and anywhere!"
— The Review