What you need to know about the massive Equifax data breach (Updated)

Update: Equifax's website (we link it in the article below) to check if your data were compromised in the breach was, at least for a while, returning positive results even for fake names and numbers. The tool was complete bullshit, in other words—much like the company's security and ethics in general—probably slapped together in a hurry to make it look like Equifax was actually doing something useful. It appears now that some steps may have been taken toward turning it into a non-bullshit tool (I just tried some fake names and didn't get a positive result), but who even knows at this point?—Chris Livingston

Original story: As you might have already read, the private data of 143 million Americans was compromised in a data breach that occurred at Equifax, one of three major credit reporting agencies in the United States. The breach took place between mid-May through July, with Equifax discovering the the unauthorized access on July 29. Now more than a month later, it is letting everyone know.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Chairman and Chief Executive Officer, Richard F. Smith. "We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.  We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U. consumers, regardless of whether they were impacted by this incident."

Smith is right in that this is "clearly a disappointing event," but that is not the only emotion floating around at the moment. Anger and frustration are two more that are held by many, especially as there seems to be more questions than answers.

Let's start with the breach itself. Equifax maintains there is no evidence of unauthorized activity on its core consumer or commercial credit reporting databases. However, that is hardly comforting, considering that 143 million people are affected by this. Last year's Yahoo breach was bigger, with up to 1 billion customer accounts being compromised, but the data revealed here is more serious. Much more.

Equifax says hackers primarily made off with names, Social Security numbers, birth dates, addresses, and in some cases, drivers license numbers. On top of all that, the breach exposed credit card numbers belonging to around 209,000 US consumers, and also dispute documents with personal identifying information for around 182,000 people.

While the US was hit the hardest, "limited personal information" belonging to UK and Canadian residents was also exposed, Equifax says. The company did not provide specifics.

How to check if you're affected

In the aftermath of all this, Equifax has set up a special website related to the breach, along with an online tool to check if you have been affected. It asks for your last name and last six digits of your Social Security number, and there's a reCAPTCHA box.

After doing so, here is what you don't want to see, but very well might:

As a mea culpa gesture, Equifax is extending free credit monitoring provided by TrustID to customers affected by the breach. Before you enroll, be aware that there is a pretty big string attached. If you read the fine print, enrolling in TrustID (which Equifax owns, by the way) waives your right to participate in any class action lawsuit against Equifax. Any disputes must be settled through arbitration.

That sounds pretty outrageous given that Equifax dropped the ball in a big way. The good news is you might still be able to participate in a class action suit over the original hack, even if you sign up. Alex Southwell, a privacy lawyer at Gibson Dunn and a former federal prosecutor in New York, told CNN that the original rules still left room for people to sue Equifax over the data breach, even if they can't sue over the credit monitoring.

Still, things are not entirely clear on that front. To make matters worse, even if you decide it is in your best interest to enroll, you will have to wait. Many users (and I've confirmed this myself) are being told to come back to the site at a specified later date. Furthermore, Equifax says the onus is on you to remember that date, because it will not be sending any reminders.

In my case (and many others), Equifx will not offer credit monitoring services until next week at the earliest. Boo, hiss!

The plot thickens

As if all this were not bad enough, Bloomberg reports that three Equifax senior executives sold shares worth nearly $1.8 million just days after the company discovered the security breach. That's a bad image for Equifax, though the agency is claiming the trio had no knowledge of the breach when they sold their shares.

"I don’t know how the board will allow these executives to continue in their positions," Bart Friedman, a senior counsel at Cahill Gordon & Reindel LLP, who advises boards on matters including corporate compliance and enforcement challenges, told Bloomberg. "Yes, they should have a careful investigation and have an independent law firm interview the executives and review their emails and determine what they knew and when, but the end result is likely clear."

Even if true, Equifax's claim that senior executives did not know the company had been breached days after it was discovered is troubling.

How does this affect me?

Obviously this does not have anything to do with gaming directly. However, given the number of people affected and the data that was compromised, we felt it was worth covering.

TechCrunch believes it's a foregone conclusion that you're going to be hacked as a result of this (assuming you're affected). There are numerous ways this could happen, such as attempting to open a credit card in your name or even spoofing your SIM card.

"Once your personally identifiable information has been stolen, people can use that information to basically impersonate you. They can create fake loans and fake bank accounts. And the names will be posted on lists that become available to future hackers," Fleming Shi, a senior vice president for Barracuda cybersecurity company, told The Washington Post.

One thing you can do is set up fraud alerts with all three credit monitor services. You can do that online at Equifax here, at Experian here, and at TransUnion here. After doing so, you will receive a notification whenever someone attempts to access your credit report. These fraud alerts are good for 90 days, after which you can renew.—Paul Lilly

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Hardware
A woman wearing a VR headset with dramatic, colourful lighting across the background
'World’s smallest LEDs' could lead to accurately lit screens with 127,000 pixels per inch and much more immersive VR
The NES themed 8BitDo Retro mechanical gaming keyboard on a blue background
I love the 8BitDo Retro C64 keyboard but I'd pick its cheaper NES-themed model near its lowest price ever during Amazon's Big Spring Sale
The snazzy red and black HyperX Cloud Alpha wireless headphones float in a teal void. The microphone is attached to the headset.
The best wireless gaming headset is now even better in the Amazon Big Spring Sale, boasting a more than $50 discount
A chip being held up in an Intel fab
Intel is reportedly 'working to finalize commitments from Nvidia' as a foundry partner, suggesting gaming potential for the 18A node
Amazon box
Don't panic! The 'Do Not Send Voice Recordings' option Amazon just removed was only used by 0.03% of customers and they can still have it
Digital generated image of people surrounded by interactive transparent and glowing panels with data. Visualising smart technology, blockchain and artificial intelligence
Now I shall demand the cookies! Proposed new browsing agreement turns the tables and lets users dictate terms to websites
Latest in News
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened