Equifax Data Breach: Information for the OSU Community

Updated: September 11, 2017

On Thursday, September 7th, the credit monitoring company Equifax announced that it had been the victim of a data breach and that personally identifiable information—including social security numbers, birth dates, and addresses—of 143 million Americans was accessed.

The impact is great: nearly half of the current US population’s data was leaked. The number exceeds the number of US households. If you’ve applied for any credit in the digital age, you’re likely included in that number.

What should I do to protect myself?

  1. Expect an increased amount of Phishing emails about the Equifax breach.

    Do not click on any links, or open any attachments, in emails about the breach. If you do, please contact your IT support team immediately.

    Also, please send all phishing emails you receive (using forward as attachment) to phishing@oregonstate.edu. This will help us take down/block any malicious sites used in the phishing scheme.
  2. Sign up for an online account with the Social Security Administration

    The information about you contained in the Equifax Leak provides enough information for a criminal to open an account in your name. Do it before they do!

    Go to https://www.ssa.gov/myaccount/ to sign up.
  3. Place a security freeze on your credit file with each of the major credit bureaus

    This is the single most effective thing you can do to prevent identity theft that is financially motivated. A security freeze blocks creditors from being able to view your credit file unless you take action to unfreeze your file beforehand.

    Yes, there is a small fee associated with it (some do it for free.) Yes, it is a bit of a pain. But it is a lot less painful than having to deal with a destroyed credit rating, having collection agencies hound you for payments, and dealing with all the other problems associated with having your identity stolen.

    To place a freeze, visit these sites: Note: You’ll get a PIN from each of the sites to unfreeze your credit. Do not forget that PIN! Write it down and store it in a safe place.
  4. Check your credit report at least annually.

    Each of the major credit reporting bureaus are required to provide you a free copy of your credit report each year. You can get a copy of yours by visiting http://annualcreditreport.com/

    Mark a date on your calendar, check it when you do your taxes, or on your birthday. But at least once a year.

    We’ll keep this page updated as we learn more information.

  5. File your taxes before a fraudster does.

    The Equifax data breach contains enough information to allow someone to file a tax return in your name. We’re suggesting that you file your return as early as you possibly can next year.

  6. Check to see if your information has been compromised and sign up for free credit monitoring.

    Update: Today, the Oregon Department of Justice issued a news release which advises people to not visit the Equifax site and to not enroll in their offer for credit monitoring.

    https://www.doj.state.or.us/media-home/news-media-releases/equifax-data-breach-need-know/

    The Washington Post article linked below has been updated with the following information:

    Update, Sept. 10, 2:25 p.m.: Equifax issued a new statement Sunday further clarifying its stance on the arbitration clause. "To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action," Equifax said. The company said it has now removed the arbitration language from the terms of use on its data breach notification site, equifaxsecurity2017.com. It also said Sunday that the terms of use on Equifax's main site, equifax.com, do not cover the TrustedID Premier service, which has its own terms of use. "Again," Equifax continued, "to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.”

    Equifax has a website, https://www.equifaxsecurity2017.com/ dedicated to this event. There you can check to see if your information was impacted. Regardless of if your information was accessed in the breach, take them up on the offer to provide free credit monitoring through TrustedID Premier. Follow the instructions exactly, and be sure to record the enrollment date. And enroll your family members as well. On your enrollment date, you will have to return to the link they gave you and continue through the enrollment process. Once enrolled, Equifax will monitor your credit and alert you if there is a problem.

    Please be advised the Washington Post has an article discussing the terms and conditions of the free credit monitoring offer may limit future legal action you could take against Equifax. Please make an informed decision: https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-kno...

The Federal Trade Commission offers the following recommendation for how to respond to the data breach. https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do