Business & Real Estate

What to do if you think your data was stolen in Equifax breach

Credit monitoring company Equifax has been hit by a high-tech heist that exposed the Social Security numbers and other sensitive information about 143 million Americans. Now the unwitting victims have to worry about the threat of having their identities stolen.

The theft obtained consumers’ names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. The purloined data can be enough for crooks to hijack the identities of people whose credentials were stolen through no fault of their own, potentially wreaking havoc on their lives. Equifax said its core credit-reporting databases don’t appear to have been breached.

“On a scale of one to 10, this is a 10 in terms of potential identity theft,” said Gartner security analyst Avivah Litan. “Credit bureaus keep so much data about us that affects almost everything we do.”

The data breach could affect around 44 percent of the U.S. population. Here are some steps suggested by and Tom’s Guide that you may want to take if you suspect you’re among them:

Find out if you’re affected: Equifax has established a website, , where people can check to see if their personal information may have been stolen, although some people are, perhaps understandably, wary of providing more information to a company already hit by one massive data breach. Consumers can also call 866-447-7559 for more information. About 400,000 people whose credit card numbers or dispute documents were stolen will receive direct mail notices.

Change your passwords: Especially any that you might have been exposed by the breach. If your online company offers two-factor authentication, use it.

Enroll in an identity protection service: These services check to see if your information’s used to open new credit accounts or if your social security number appears on suspicious websites. They also may insure you against some potential losses from identity theft. Equifax is offering free credit monitoring to all U.S. consumers for a year. However, a requirement that customers sign up for arbitration has drawn a backlash. Democrats in the House and Senate called on the company to pull back on its requirement that anyone who signs up for credit monitoring give up their right to sue Equifax in a class-action lawsuit.

Check your credit reports: The breach occurred three months ago, so take a look at your credit reports for any suspicious activity during that period. If you find something fishy, contact the credit card company’s fraud department immediately. You are not responsible for charges on a bogus card, but you must report the problem in a timely manner.

Be especially wary of phishing attempts: Fraudsters may try to use the stolen data to acquire other vital information or money from you. Watch out for suspicious phone calls or emails from people claiming to represent your credit card company, bank or other financial entities.

Set a fraud alert: A fraud alert forces credit card companies to verify your identity before opening an account. Obviously, this may be a good idea if you fear someone’s running around with your data. To set a fraud alert, contact one of the three credit card bureaus in the U.S. – Equifax at 1-888-766-0008, Experian at 1-888-397-3742 or TransUnion at 1-800-680-7289. Be aware the fraud alert must be renewed every 90 days.

If you’re really worried, you also can freeze your credit by calling the same three agencies. A credit freeze requires you, or anyone pretending to be you, to unfreeze your account by providing the PIN you got when you froze your credit.

Repeat these steps for loved ones: Particularly any seniors in your family who may be susceptible to phishing attempts or other fraud.

The Associated Press contributed to this report.

Related stories from Sacramento Bee