The Planner's Perspective: Equifax Data Breach

Paul Morrone |

By Paul Morrone CFP(R), CPA, MSA

As you may know, the credit reporting agency, Equifax, experienced a data breach which may have compromised the personally identifiable information of millions of Americans. Our organization does not have a direct relationship with Equifax, however, many of the companies that you as U.S. consumers use on a daily basis likely report data to, or use data from, Equifax’s resources. Given the widespread nature of this event, we wanted to provide you with a bit more insight as to what happened and what you can do to protect yourself over the next few months.

Below is an excerpt from the company’s website explaining the scope of the breach and how it may apply to you and your family:

“September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.”


When attacks of this nature occur, the obvious question is ‘what can I do to protect myself?’ While there is really nothing that you can do to guarantee the safety of your identity, there are several steps you should take to remain informed and be proactive against future threats.

  • Visit and click on the “Potential Impact” link at the bottom of the page.  Enter your information as prompted to determine if you were impacted by the breach.
    • IMPORTANT – The full scope of the attack has yet to be quantified. Continue to check back periodically as more information becomes available to see if your status has changed.
  • If you have been impacted, consider placing a freeze on your credit with each of the four credit reporting agencies in the US using the links below:
  • A heightened level of protection can be obtained (usually for a fee) through each of the credit bureaus that offer ongoing credit monitoring services.
    • Remember, credit monitoring services do not prevent identity theft but act as a first line of defense to notify you if suspicious activity has occurred on your credit profile.
  • Services such as LifeLock will also provide credit monitoring and fraud remediation services for those wishing for third-party protection.
  • When it comes time to file your tax return in early 2018, do so as quickly as possible to prevent someone else from filing under your name before your return is submitted.

We want to remind all our clients and friends that criminals can be very patient and just because you don’t notice any fraudulent activity over the next 30 does not mean you are out of the woods. Usage of your information may not occur for months or years after it has been obtained illegally.

Remember, the best defense you have against identity theft is your own diligence. This includes regularly reviewing your credit reports, financial accounts and credit card transactions on a regular basis. If you do notice any irregularities, taking quick action can help mitigate issue before they become more pervasive. We have written about the importance of identity security in the past, and this breach only reinforces the importance of remaining vigilant going forward.  If you have any questions, please contact our office for more information.