(WJBK) - Nearly half of Americans may have had their personal information compromised in a data breach at Equifax, one of the largest credit monitoring agencies in the country. The Atlanta-based company said Thursday it had been hit by a high-tech heist.
The theft obtained consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers. That data can be enough for crooks to steal an identity.
The Equifax CEO has apologized and reassured the thieves have not yet done anything malicious with the information. However, that doesn't mean we're all in the clear.
"We have to assume that all of our information has already been compromised. Just beacuse there's been no illegal activity yet, doesn't mean there won't be going forward," says David Derigiotis, a Michigan cyber risk expert.
HOW TO CHECK
The company established a website, www.equifaxsecurity2017.com, where people can check to see if their personal information may have been stolen.
Click here to see if your personal information is potentially impacted. You will be asked to enter your last name and the last six digits of your social security number.
Consumers can also call 866-447-7559 for more information.
Regardless of if your information may have been compromised, Equifax is providing everyone the option to enroll in TrustedID Premier for free.
Click here for more information on enrolling in TrustedID Premier. Note that you won't be able to enroll immediately Equifax will provide you a date to return to their website and enroll, in order to keep the system working efficiently and to minimize delays.
Derigiotis also suggests looking into a credit freeze.
"Anytime there's a social security number that's compromised - which, we know there was in this data breach - that's the crown jewel. It can be used for identity theft, medical identity theft, taking out loans in your name; you want to lock it down. And that's what a credit freeze will do."
Equifax discovered the hack July 29, but waited until Thursday to warn consumers. The Atlanta-based company declined to comment on that delay or anything else beyond its published statement. It's not unusual for U.S. authorities to ask a company hit in a major hack to delay public notice so that investigators can pursue the perpetrators.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Equifax CEO Richard Smith said in a statement. "I apologize to consumers and our business customers for the concern and frustration this causes."
This isn't the biggest data breach in history. That indignity still belongs to Yahoo, which was targeted in at least two separate digital burglaries that affected more than 1 billion of its users' accounts throughout the world.
But no Social Security numbers or drivers' license information were disclosed in the Yahoo break-in.
In addition to the personal information stolen in its breach, Equifax said the credit card numbers for about 209,000 U.S. consumers were also taken, as were "certain dispute documents" containing personal information for approximately 182,000 U.S. individuals.
Equifax warned that hackers also may have some "limited personal information" about British and Canadian residents. The company doesn't believe that consumers from any other countries were affected.
The Associated Press contributed to this report