**This post contains affiliate links and the publisher may be compensated if you make a purchase after clicking on these links.**
News came out on September 7th that Equifax, one of the three major credit reporting agencies (AKA “credit bureaus”) in the United States suffered a data breach between May and July, and that the personal information of around 143 million Americans was potentially compromised, which is slightly under half of all Americans, but over half the adult population. With those sorts of numbers, Credit Wizard is in agreement with many other experts that believe it is best to believe your information was exposed while Equifax still works to provide a definitive method for checking if your personal information was potentially exposed. Equifax put together this webpage here about the incident and their response.
As explained in our overview page on credit reporting, individuals don’t generally maintain a direct relationship with the credit bureaus; instead the credit bureaus collect information from consumer finance companies (banks and other lenders) about the payment performance and other attributes of the credit accounts that consumers have with these banks and lenders. Even if an individual does subscribe to credit monitoring or other similar services offered by the other two major bureaus, Trans Union or Experian, or has cancelled any such service with Equifax in the past, the individual almost definitely has a credit report file at Equifax – there is no way for an individual to opt out of having a credit report file with a credit reporting agency, and that is regardless of choosing to do business with any of them or choosing to stop doing business with any of them for their other products (like credit monitoring).
There has not been any information released on the entity that committed the breach, and that is likely not going to be made public for awhile, but there would be only two main reasons to do such a thing:
- to be a nuisance and waste people’s time undoing the damage
- to get valuable data that can be turned into money
- Check your credit card statements closely going back to May (you should always be checking them, but in this case the breach happened as early as May, so use that as a starting point). Many transactions under $5 or $10 have minimal fraud checks done but if a data thief pulled off a few hundred thousand such fraudulent transactions that would be a multi-million dollar heist!
- Review any other revolving credit accounts besides your credit cards – revolving credit accounts are the ones where you can borrow again, up to your credit limit, if you have previously paid down your balance. The most common examples would be a Home Equity Line of Credit (HELOC), or Personal Line of Credit (often tied to either a bank account or personal loan).
- Check your credit report to see if there’s any unusual activity, especially in terms of new accounts being opened that you didn’t authorize. By law you’re entitled to a free copy of your credit report (but not your score) from each credit bureau each year. You can also get your credit score and credit monitoring for free from some providers. We recommend My Free Score Now.
We focused on credit cards and other revolving accounts, as well as new accounts, because those are the most obvious places where these data thieves could take the identity data stolen and turn it into money. With your installment loans: mortgages, car loans, student loans, and most personal loans, the ability to get more money from the lender is generally not present – but with the right information the data thief can update your address, or change other settings which will be a general nuisance to handle. That said, what may seem like a simple nuisance – like putting some nasty graffiti on the wall of a bank – may be part of a bigger plan. So while we advise to focus on those accounts where thieves can get cash or goods quickest, don’t ignore any of your financial accounts or any correspondence from your credit and finance providers, even if seemingly a mistake.