Since news of the Equifax data breach first broke, we’ve kept you updated with all of the details and an explanation of how this breach impacts you personally.
In case you missed it, we now know that as many as 143 million Americans were impacted by a massive data breach at Equifax. Information including names, Social Security numbers, birth dates, addresses, and the numbers of some drivers licenses, were accessed by cybercriminals.
Credit card numbers for 209,000 Americans were also exposed. And it looks as though Equifax could have prevented this whole thing from happening, but left the door wide open to hackers.
Because of the media frenzy caused by this breach, sifting out fact and fiction can be somewhat overwhelming. Recently, we fact-checked six of the most popular rumors that were spreading, including your rights to sue Equifax if you sign up for the company’s free credit monitoring program.
More bad news for victims
Unfortunately, things aren’t getting much better for victims. As more details are released, additional concerns have emerged. Since Equifax’s free credit monitoring services can’t really be trusted, the best thing victims could do was freeze their credit with each of the three major credit bureaus.
Freezing your credit means that creditors can’t access any of your credit files unless the freeze is lifted. But there’s just one problem: Another security gap has been discovered with Equifax’s frozen files.
It all boils down to the PIN you’re given when you freeze your credit. If thieves have access to all of your private information, this PIN is the only thing that stops them from just removing the freeze you’ve set up.
We’ve taught you several techniques for creating uncrackable passwords, so we know you’re good in that area. But, unfortunately, when you freeze your credit with Equifax, the company chooses the PIN for you.
For the most security, we’ve told you how important it is to have complex passwords and PINs so hackers can’t easily guess, or use a computer program to figure out how to access your account.
Equifax’s PIN problem
It doesn’t appear that Equifax has the same motto. When freezing your credit, the PIN Equifax gives you may be as simple as: 0908171700. There’s really not much complexity at all. In fact, it only took a few minutes for journalist, Tony Webster, to figure it out.
In a post on Twitter, Webster shared exactly how the PINs were being generated: “Screenshot of when you’re assigned an Equifax security freeze PIN. It’s just a timestamp of when you made the freeze: MMDDYYHHMM.”
Wow, Equifax! Really?
Since each of the PINs are 10-digits long, it would have been more effective if Equifax had generated characters and numbers at random. That alone would have made the PINs nearly impossible to crack.
Typically, we offer an actionable item that you can take now to protect yourself from each digital threat we warn you about. In this case, however, the solution lies in the hands of Equifax. Until the company fixes this problem, your identity is still at risk of being stolen.
Does that mean you should forego freezing your credit altogether? No. It’s still a good idea to go through with the freeze. This way, you’re at least protected by the other two credit bureaus, Experian and TransUnion. (Click here for step-by-step instructions.)
The good news is, Equifax has responded to the concerns about its PIN generation and has issued a statement promising change.
“While we have confidence in the current system, we understand and appreciate that consumers have questions about how PINs are currently generated,” an Equifax spokesperson stated. “We are engaged in a process that will provide consumers a randomly generated PIN.”
In the meantime, just remember to keep checking your bank account regularly, watching for any suspicious activity. You should also keep an eye out for phishing scams, mail scams and phone scams, which are primary ways scammers could target you using the information they’ve stolen. Click here to learn six common tricks financial fraudsters use to steal your money.