Singletary: Equifax breach: Be informed, proactive




Michelle Singletary welcomes comments and column ideas. Reach her in care of The Washington Post, 1150 15th St. N.W., Washington, DC 20071; or

Just when you thought you’d heard the worst, Equifax announced that another 2.5 million consumers had their personal information stolen from its database, bringing the total to 145.5 million folks left vulnerable to identity theft.

This week, a House Energy and Commerce subcommittee held a hearing that immediately turned into a grilling of the credit bureau’s former chief executive, Richard Smith.

“Equifax deserves to be shamed,” Rep. Jan Schakowsky said during the hearing, and just about every legislator in the room did just that.

Smith apologized numerous times for the company’s failing to protect people’s data. But no matter what the company does, consumers can’t be made whole. Equifax can’t yank back our data from the hackers, who stole it after the company failed to do its job of protecting our information.

Smith said that under his leadership, Equifax put together a cybersecurity team of 225 experts around the world. Yet not one of them moved to adequately heed a warning from the Department of Homeland Security that certain software Equifax was using was vulnerable. According to Smith’s testimony, they knew about a patch but failed to implement it.

Lots of readers are asking me what they should do.

Most of all, stay informed. This means regularly visiting the website Equifax set up to provide updates on this data breach:

The company recently announced a few things you especially need to know.

• By the end of January 2018, Equifax will be offering a free credit lock for life. With this new service, you’ll be able to use your smartphone or computer to easily lock and unlock your Equifax credit file.

And if the lawmakers who blasted Smith at Tuesday’s hearing want to prove they care about the safety of our information, they should immediately pass legislation. Make credit freezes easy to place at all the credit bureaus through one portal, like where you can go to get your free credit reports ( Right now, state laws dictate the cost and ease of placing and removing a freeze.

• Equifax previously announced that people had until Nov. 21 to sign up for its free monitoring service, TrustedID Premier. The enrollment has now been extended until Jan. 31.

• The deadline to sign up for a free credit freeze — different from a lock — has also been extended to the end of January.

But consumers are still confused. For example, I recently received the following question: “I’ve gone to the Equifax security site several times to see if I was impacted by the breach. … Fortunately, if these numbskulls are to be believed, my information was supposedly not breached. Other than continuing to regularly check my account statements and getting the free updates from the three major credit reporting firms, should I do anything else (e.g., freeze and/or lock accounts, sign up for free monitoring with Equifax, etc.)?”

You may have checked the feature on to see if your information was stolen and found you were spared. But with the new disclosure, this may not be true anymore.

Equifax says that, to minimize confusion, it is mailing notices to the new folks. By Oct. 8, the website will be updated to reflect the additional impacted consumers.

But whether your personal information has been compromised or not, you can still enroll in the free monitoring service. I suggest you sign up.

Make no mistake: The Equifax breach was an epic heist of data by hackers. And now it falls on you to be as proactive as possible in protecting your personal information.

Michelle Singletary welcomes comments and column ideas. Reach her in care of The Washington Post, 1150 15th St. N.W., Washington, DC 20071; or