This is to notify you of a data security incident that may have exposed some of your personal information, including your Social Security number and other identifying information. This message explains the incident and steps Equifax has undertaken to address it. In addition, Equifax provides a guidance below on what you can do to protect your personal information.
I. What Happened
On July 29, 2017, Equifax discovered that criminals exploited a U.S. website application vulnerability to gain access to certain files. Upon discovery, we acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.
II. What Information Was Involved
Most of the consumer information accessed includes names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed. In addition to this site, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. We have found no evidence of unauthorized access to Equifax’s core consumer or commercial credit reporting databases.
III. What We Are Doing
Upon learning of this incident, Equifax took steps to stop the intrusion, and engaged an independent cybersecurity firm to forensically investigate and determine the scope. Equifax also engaged the cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.
Equifax is focused on consumer protection and has established a dedicated website, www.equifaxsecurity2017.com to help consumers. We have provided a tool on this site for you to determine if your information was potentially impacted by this incident. To find out if you are potentially impacted, please go to www.equifaxsecurity2017.com, and click on “Potential Impact,” and enter your last name and last 6 digits of your Social Security number.
We are also offering free identity theft protection and credit file monitoring to all U.S. consumers, even if you are not impacted by this incident. This offering, called TrustedID Premier, includes 3-Bureau credit monitoring of your Equifax, Experian and TransUnion credit reports; copies of your Equifax credit report; the ability to lock and unlock your Equifax credit report; identity theft insurance; and Internet scanning for your Social Security number – all complimentary to U.S. consumers for one year. To find out more information on this complimentary offer and to sign up, please click on the tab “Enroll” on this site. You must complete the enrollment process by November 21, 2017.
IV. What You Can Do
In addition to enrolling in identity theft protection and credit file monitoring, please monitor your account statements and report any unauthorized charges to your credit card companies and financial institutions.
V. For More Information
Equifax is committed to ensuring that your personal information is protected, and we apologize to our consumers and our business customers for the concern and frustration this incident causes. If you have additional questions, please call our dedicated call center at 866-447-7559, available from 7:00 a.m. to 1:00 a.m. Eastern time, seven days a week.
Identity Theft Prevention Tips
We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit reports.
If you believe you are the victim of identity theft, you should contact the proper law enforcement authorities, including local law enforcement, and you should consider contacting your state attorney general and/or the Federal Trade Commission (“FTC”). You also may contact the FTC to obtain additional information about avoiding identity theft.
600 Pennsylvania Avenue NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338)
www.ftc.gov/idtheftState Attorneys General: Information on how to contact your state attorney general may be found at www.naag.org/naag/attorneys-general/whos-my-ag.php.
You may obtain information from the FTC and the credit reporting agencies listed above about placing a fraud alert and/or credit freeze on your credit report. Please also visit the “State Information” tab of this site.