JOHN YANG: The digital age has made our lives easier in many ways, from banking to shopping, to staying connected with loved ones across the country. But it’s also made it increasingly difficult, if not impossible, to protect our personal data.
Major breaches in recent years at places like Target, Home Depot and J.P. Morgan have exposed tens of millions of individuals’ information. But Equifax’s announcement yesterday might be the biggest and most significant yet.
One out of every two Americans stands to be a victim. Some 143 million consumers’ sensitive data is potentially compromised by a security breach at the consumer credit reporting agency.
Our own William Brangham has learned he was one of them, and so did I.
So, William, I am very interested in what you have to say.
What does Equifax say happened here?
WILLIAM BRANGHAM: What happened was, it seems that from mid-May to July of this year, there was a vulnerability on their Web site software, and that allowed hackers to get in during that period of time and access 143 million Americans’ information.
The company found out about this breach, they closed the loophole that allowed the hackers in, but not before this data got out.
JOHN YANG: And what kind of data are we talking about here?
WILLIAM BRANGHAM: It’s everything that would be in your credit report.
So, it’s Social Security number. It’s your name, it’s your address, it’s your driver’s license information, it’s your employers, it’s your payment history, it’s what bank accounts you have.
It is — if you were an identity thief, it is a gold mine or the Holy Grail, as one person described it to me. The thing that a thief could do with this information is, one, they could hack into your existing accounts once they have all that information. They could also set up new ones pretending to be John Yang or William Brangham and set up new accounts and then rack up big charges on those.
So, the great irony here is that Equifax is a company that actually sells identity theft protection, and here it is they have theoretically allowed a huge breach that could trigger a ton of identity theft.
JOHN YANG: So, what do people like you and I, what are we supposed to do?
WILLIAM BRANGHAM: The main advice that I have been given today is not to panic.
There are several things that you can do. You can set up fraud monitoring on many of your accounts, so you get an alert, a text alert, a phone call, an e-mail, if suspicious activity appears.
Several major consumer groups have urged people to freeze their credit accounts. That basically means it doesn’t allow any person to set up a new bank account in your name, a new mortgage in your name, a new loan in your name without you being alerted to it.
So, you have to contact not just Equifax, but the other two major credit reporting agencies to let them know about this. And you’re supposed to just basically monitor your bank and your credit card and look for suspicious activity.
JOHN YANG: And there’s a question about how Equifax handled all of this, isn’t there?
WILLIAM BRANGHAM: There is.
They found out about this on July 29, and we only found out about this breach on — this week. So, you’re supposed to, in these kinds of cases, immediately jump to do something about it. And it seems like they didn’t give consumers much time.
There was a long period of time where this information might have been out there. And, secondly, several executives at the company, after they found out about the breach, sold about $18.8 million worth of stock in their company before this news got out, the implication being they didn’t want their stock to tank and their stock to lose value.
And, sure enough, today, their stock value dropped about 13 percent. So, as one person said to me today this — quote, unquote — “stinks to high heaven.”
JOHN YANG: And Equifax is offering to help consumers like you and me, but there are strings attached, right?
WILLIAM BRANGHAM: That’s exactly right.
You can go to Equifax’s Web site, and they give you — if you put in your name and the six digits of your Social Security number, they will tell you if they think you might have been compromised. And you can sign up for one year free fraud protection from them.
The problem is, is that many of these problems — I mean, once your Social Security is out there, that’s not a one-year problem. That is a very, very long-term problem. So it’s a solution that also, if you sign up for it, you give up your right to potentially sue the company.
You have to — any argument you have with them has to be settled by arbitration, which almost always goes in the company’s favor.
JOHN YANG: William Brangham, I’m sure there’s going to be a lot more to talk about this in the days to come.
Thanks so much.