Yesterday, Equifax announced a data breach that has affected 143 million people. Data stolen includes personal identifying information, credit card numbers, and more. Equifax has created a web site to check to see whether your information may have been included in the breach, but before using the site there are a few things to keep in mind:
- The site requires you to enter more personal information, which is not a good thing to do to customers whose personal identifying information may have been stolen.
- Equifax is offering to provide a year free of credit monitoring service from its subsidiary, TrustedID, but you won’t be able to enroll in it until the 13th, at the earliest.
- By doing #2, essentially they are using their own data breach to advertise their credit monitoring service.
- By enrolling in their monitoring service, you waive all rights to sue or participate in a class action lawsuit.
- Equifax has screwed up literally every step of the way, including waiting for over a month to reveal the data breach (but their executives didn’t waste any time selling of some of their stock shares).
- Why would you trust such an incompetent company with even more of your personal data?
With that in mind, while the FTC has set up a web page with recommended actions to take (please take a minute to read the page here), I highly recommend against following their advice when they suggest using the new Equifax page. It’s much safer to assume that your data has been stolen and take the appropriate actions, since the breach affected nearly half of the entire US.
For more in-depth information regarding the Equifax data breach, I highly recommend reading the article about it over at Bleeping Computer. This data breach is easily the worst breach ever due to the volume of personal identity information stolen.