Are you among the 143 million people, or 44 percent of the U.S. population, whose personal information was stolen in a massive data breach at credit reporting agency Equifax?
You can find out in seconds at a company website here.
“The Equifax breach affecting over 140 million Americans appears to be the largest of its kind and is beyond troubling,” said Mike Litt, consumer advocate with the U.S. Public Interest Research Group. “The types of stolen information, including social security numbers and dates of birth, can be used to commit new account identity theft against all of these people. Additionally, stolen credit cards affecting over 200,000 people in this breach can also be used to commit existing account identity theft.”
Especially if you are among those affected, Litt recommended putting a credit “freeze” on all three major credit bureaus. That does not prevent all fraud but it makes it harder for someone to open new credit in your name, though you may have to unfreeze to establish new credit such as a car loan. Another option is a credit monitoring service, which Equifax is offering free for a limited time.
New York’s attorney general has raised questions about whether accepting the credit monitoring means customers give up their rights to join a class-action lawsuit and must take arbitration instead. Company officials said arbitration applies only to monitoring services, not the data breach, according to published reports.
Equifax is facing at least 23 lawsuits over the breach by consumers seeking class-action status, USA Today reported.
Insurer Nationwide “demonstrated true carelessness while collecting and retaining information from prospective customers,” New York Attorney General Eric Schneiderman said Wednesday as 32 states including Florida settled charges related to a data breach.
In a company statement, Nationwide said it “is pleased to have reached a settlement that we believe is consistent with our longstanding commitment to protect customer information.”
The breach dates back to 2012. The states allege it was caused by the failure to apply a critical security patch intended to prevent hacking and viruses, resulting in the loss of personal information belonging to 1.27 million consumers including Social Security numbers, driver license and other information.
Information was collected from prospective customers, many of whom did not ultimately buy policies from Nationwide Mutual Insurance Co. or subsidiary Allied Property & Casualty Insurance Co.
Nationwide will pay a total of $5.5 million. It agreed to a series of steps to strengthen security procedures including the hiring of a technology officer to oversee compliance.
A company spokesman said Nationwide does not believe it broke any data security laws:
“More than four years ago, a portion of our computer network used by Nationwide Insurance agents and Allied Insurance agents was subject to a sophisticated, criminal attack. We discovered the attack that day and took immediate steps to successfully contain the attack. We promptly reported the criminal attack to law enforcement authorities and notified individuals whose personal information we believed may have been compromised. We also offered those individuals a free credit monitoring and identity theft protection product.”
Retailer Target agreed to improve data security and pay 47 states including Florida $18.5 million, officials said Tuesday.
New York attorney general Eric Schneiderman called it an “important win” and said it was the largest multi-state settlement to date related to a data breach.
“This data breach jeopardized the financial information of millions of Target customers in Florida and across the nation,” said Florida Attorney General Pam Bondi. “Under our multistate settlement announced today, Target consumers are now better protected from cyberattacks.”
Other lawsuits with private attorneys representing consumers have produced higher amounts, such as $19.5 million announced last year to settle a 2014 Home Depot data breach.
Target’s 2013 data breach affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. A company statement said Target was “pleased to bring this issue to a resolution for everyone involved.”
The Target settlement agreement requires the retailer to maintain a comprehensive information security program and to employ an officer responsible for executing it, plus hire an independent, qualified third-party to conduct a security assessment.
In addition, it requires Target to maintain appropriate encryption policies and wall off its cardholder data from the rest of its computer network, state officials said. Earlier Target agreed to provide free credit monitoring to potential victims.