NEW YORK — There's no way around it: The news from credit reporting company Equifax that 143 million Americans had their information exposed is very serious.
The crucial pieces of personal information that criminals may need to commit identity theft — Social Security numbers, birthdates, address histories, legal names — were all obtained. And once your personal data is out there, it's basically out there forever.
Unlike previous breaches at Yahoo, Target and Home Depot, Equifax's role in the financial industry makes this breach far more alarming. The company is basically a storehouse of Americans' most personal credit information, knowing everything about people from when they opened their first credit card, to how much money they owe on their houses, to whether they have any court judgments against them.
Lenders rely on the information collected by the credit bureaus to help them decide whether to approve financing for homes, cars and credit cards. Credit checks are even sometimes done by employers when deciding whom to hire for a job.
Atlanta-based Equifax, one of three major U.S. credit bureaus, said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year. Equifax discovered the hack July 29, but waited until Thursday to warn consumers.
For consumers, it may be time to take even more extreme measures to lock down their information, outside of the routine advice like checking your credit reports regularly and seeing if there are any abnormal transactions on your bank accounts and credit cards.
The strongest possible option a person can take immediately is placing what's known as a credit freeze on their credit files with the major credit bureaus — Equifax, TransUnion and Experian. A credit freeze locks down a person's information, making it impossible to open new accounts and bank cards in their name. But locking your credit also locks you out from opening new accounts as well.
"The credit freeze is the nuclear option of credit protection. But in the wake of a breach this big, it's worth considering," said Matt Schulz, an analyst with CreditCards.com.
Consumers will need to be even more diligent about checking their credit reports. U.S. law gives every American the right to pull their credit reports for free once a year from the major credit bureaus. It's best to spread those requests out over the year — do one every four months, experts say.
There are a lot of websites that market access to your credit reports, but the official one is annualcreditreport.com
Expect to check this information not just in the immediate future, but for the long term — potentially years. Once your personal data is out there, it can be used at any time.
"Bad guys can be very patient with data. This should be a wake-up call to be even more diligent with your information," Schulz said.
An even more extreme step? People can request to change their Social Security number with the Social Security Administration if they have repeatedly been a victim of identity fraud under their original number.
This isn't the biggest data breach in history. That indignity still belongs to Yahoo, which was targeted in at least two separate digital burglaries that affected more than 1 billion of its users' accounts throughout the world.
But no Social Security numbers or drivers' license information were disclosed in the Yahoo break-in.