USA credit-reporting bureau Equifax has been hacked. The breach allowed hackers to access the personal information of "approximately 143 million" Americans, or about 44% of the populace. According to the company, names, Social Security numbers, birth dates, and some driver's license numbers were exposed by the attack. Other, much smaller leaks include the credit card numbers for about 209,000 people and credit dispute documents for about 182,000 people. The information leaked this way could allow criminals to apply for fraudulent credit accounts or engage in other sensitive activities that rely on Social Security numbers for personal identification.
Equifax was aware of this catastrophic exposure of personal information July 29, but sat on news of the hack until it had full details of the breadth of the intrusion. The company has set up an information portal for the breach so that Americans can check whether their personal data has been affected by the attack, and it's offering one year of its TrustedID Premier service to those who were victims of the breach. Be aware that signing up for TrustedID Premier could affect your legal rights in the event of a class-action suit over this breach. Equifax's general terms of service mandate individual arbitration for disputes with the company unless a customer opts out in writing, a practice that New York attorney general Eric Schneidermann has already called "unacceptable and unenforceable" in a Tweet.
My spouse and I have both been affected by this hack (along with TR business guy Adam Eiberger and his family). We plan to freeze our credit reports at all three of the major bureaus and set up credit monitoring for the foreseeable future. We may also be setting up more rigorous security protections with our existing financial service providers. Ars Technica has a list of other steps one can take to protect their identity, as well. Because of the largely fixed nature of Social Security numbers, I'm expecting headaches from this breach for many years to come, barring a major re-imagining of the way financial institutions and businesses handle identity verification. For now, all we can do is batten down the hatches and wait.