What you need to know about the Equifax data breach

Associated Press

NEW YORK

Equifax, one of the three main credit-reporting companies, said last week that a major data breach exposed Social Security numbers and other important information of millions of people.

The company discovered the hack on July 29 and publicly announced it more than a month later on Thursday.

Here’s what else you need to know about the breach:

WHAT INFORMATION WAS TAKEN?

Hackers had access to Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information. Those are all crucial pieces of personal data that criminals could use to commit identity theft. Those are what John Ulzheimer, an independent credit consultant who previously worked at Equifax, called “the crown jewels of personal information.”

Equifax’s security lapse could be the largest theft involving Social Security numbers, one of the most common methods used to confirm a person’s identity in the U.S.

AM I AFFECTED?

Equifax set up a site, equifaxsecurity2017.com, where you can type in your last name and six digits of your Social Security number to find out if your data may have been compromised. Consumers can also call 866-447-7559 for information. The company says it will send mail to all who had personally identifiable information stolen.

Equifax is also offering free credit monitoring for a year. Initially, though, there was a catch – signing up would also commit you to binding arbitration with the credit monitor, which would mean giving up your right to sue. Several politicians and consumer groups have criticized this provision. Democrats in the House and Senate called on the company to pull back that requirement. Late Friday, Equifax said the arbitration language that appears on its website “will not apply to this cybersecurity incident.”

WHAT SHOULD I DO?

You can view your credit reports for free at AnnualCreditReport.com. You’re entitled to get a free copy of your credit report from each of the three big agencies once every 12 months. Review it closely for unauthorized accounts or any mistakes.

WHO’S INVESTIGATING THIS?

Potentially, a lot of people. Credit bureaus such as Equifax are lightly regulated compared to other parts of the financial system.

U.S. Rep. Jeb Hensarling, chairman of the House Financial Services Committee, said he will call for congressional hearings. And Rep. Greg Walden, the chairman of the House Energy and Commerce Committee, said he’ll hold a hearing examining what went wrong and how to better protect against future hackings.