Blog Post

Equifax Breach - The Breach That Will Keep on Giving

At this point, if you haven’t heard of the Equifax data breach, it could only be because you have rightfully been glued to the coverage of (or living through) Hurricane Irma, Harvey or Jose.

On September 7, 2017, Equifax revealed that it was the subject of a cybersecurity breach over the summer. What people may not know or appreciate is that the Equifax breach is one of the, if not the, most significant and dangerous data breaches to date. While there were over 146 million files breached, it’s the highly sensitive and lucrative information at issue and the fact that many people may not even know Equifax has information on them. The nature and scope of information subject to the breach is everything one needs to steal your identity, buy items in your name, and clean out your bank accounts. For U.S. consumers alone, approximately 143 million names, birth dates, addresses and social security numbers were accessed by hackers.

During its investigation, Equifax also identified unauthorized access to personal information of Canadian residents. Further information on the impact on Canadians has not been released at this time. It has been noted that the Canadian breach may have involved names, addresses and social insurance numbers. Social insurance numbers are perhaps the most lucrative piece of information available and quickly opens up doors to identity theft and financial fraud. The Office of the Privacy Commissioner of Canada has stepped in and is reviewing the breach to determine the extent of the impact on Canadians’ privacy rights.

It’s not clear whether an Equifax-dedicated website and call centre set up last week will help Canadians because it uses U.S. social security numbers as identifiers, without offering an alternative. The Privacy Commissioner suggested Canadians can call Equifax at 1-866-828-5961 (English service) or 1-877-323-2598 (French service).

Many people may be thinking that they are safe because they don’t have any relationship with Equifax. That would be a miscalculation. Financial and credit information subject to the breach is often shared among credit reporting agencies under the guise of maintaining the integrity of the information within the credit reporting industry. This type of sharing is often in the fine print in the agreements with financial institutions and those other businesses from whom you’ve obtained credit, and people are often not aware that this happens.

Whether or not your financial and other personal information was exposed in the Equifax breach, it is a great time for everyone to start monitoring their credit score and activities, change banking passwords, check on their bank statements and credit statements regularly and talk with their bank about what else they can do to protect themselves. Perhaps every Wednesday at noon you’ll set aside some time to check on your bank accounts and credit card statements. Big inconsistencies in statements are easy to spot (and are often spotted by financial institutions themselves). However, little inconsistencies are what you also need to focus on. Identity theft and the draining of bank accounts can be done slowly, in increments and over long periods of time. Addressing the Equifax breach and all breaches involving similar information is not a short-term fix. It will take persistence, time and patience.