In May 2017, Equifax was the victim of a cyber-attack which put the personal information of over 100,000 UK customers at risk. And, even if you’ve never heard of the company, you could still become a victim of identity fraud. So what do we know about the Equifax data breach?
What is Equifax?
Equifax is a credit-reference agency. When you apply for a loan, mortgage, credit card or mobile phone, the company you are requesting credit from might use Equifax to check your credit report and decide whether to approve your application.
So, even if you are not an Equifax customer, they could hold your data, and this could now be at risk.
What information does Equifax hold?
Because of the nature of what it does, Equifax has a massive amount of information on people. This includes personal information, employment records, home addresses and financial details.
Phone numbers, dates of birth, driving licence numbers, email addresses, passwords and partial credit card details were all accessed in the latest breach, which is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this data gets into the wrong hands.
For example, with enough information, cyber criminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. To make matters worse, victims of ID fraud often have no idea that it is even happening until it is too late.
Signs that your identity has been stolen include:
- Bills or emails showing goods or services you haven’t ordered
- Unfamiliar transactions from your account
- An unexpected dip in your credit score.
A breach of trust
It’s clear that your data is a valuable commodity, but all too often companies do not protect this as well as they should do. So, it’s no wonder that data breaches are on the rise. Even worse, in most cases, data losses are entirely preventable; businesses just don’t like investing in cybersecurity, updating their systems, or training their staff.
With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.
In the Equifax case, the lack of care shown towards those who are affected was made even worse when it was revealed that a former Equifax executive sold his shares in the company before the news of the data breach went public. Earning roughly $1 million in the process, the executive was set to profit at the expense of millions of customers (in the UK and US). Luckily he has since been charged with insider trading, but his actions reflect a disdain for consumer data protection that is all too common.
Don’t be bought off!
As is common in such cases, victims of the Equifax data breach were offered a number of free services to reduce their risk following the hack. These included a credit-report monitoring service, a web monitoring service, the option to get a copy of your credit report by post, and registration to a fraud protection service.
But, if you are offered free services by any organisation following a data breach, it’s vital that you know your rights before you sign up. Make sure you are not inadvertently signing away your rights to pursue a compensation claim at a later date.
What can you do to protect yourself and your data following the Equifax data breach?
- Contact your bank or credit card provider immediately if your financial data has been exposed
- Check all bills and emails for goods or services you have not ordered
- Check your bank account for unfamiliar transactions
- Alert your bank or credit card provider immediately if there is any suspicious activity
- Monitor your credit score for any unexpected dips
- Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
- Never provide your PIN or full password to anyone (even someone claiming to be from your bank)
- Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
- Never automatically click on any suspicious links or downloads in emails or texts
- Don’t assume an email or phone call is authentic just because someone has your details
- Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details
- Know that, even if you recognise a name or number, it might not be genuine
- Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
- Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction
- Listen to your instincts and ask questions if something feels “off"
- Refuse requests for personal or financial information and stop discussions if you are at all unsure
- Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine
- Be cautious of unsolicited communications that refer you to a web page asking for personal data
- Don’t accept friend requests from people you don’t know on social media
- Review your online privacy settings.
- Register with the Cifas protective registration service to slow down credit applications made in your name
- Change your passwords regularly and use a different password for every account (a password manager can help with this)
- Protect your devices with up to date internet security software.
Make a compensation claim following the Equifax data breach
If you believe that Equifax has breached your data, contact us for further advice about what to do.
At Keller Lenkner UK, our expert data breach lawyers help people to make successful cybercrime claims against companies that have failed to protect their data from fraudsters and hackers.
Specialists in data breach law, we understand what it takes to make a successful data breach claim, regardless of the type of organisation involved.