Credit reporting giant Equifax has yet to reveal how many Canadians had their personal information hacked over the spring and summer when the company’s database was breached.
Equifax discovered the hack July 29 but waited until Thursday to warn consumers that criminals exploited a U.S. website application to access files between mid-May and July of this year.
The breach exposed the information of an “unknown” number of people living in Canada and the United Kingdom.
Hackers were able to get consumers’ names, social insurance numbers, birth dates, addresses, credit card information and, in some cases, driver’s license numbers. This information is enough for the thieves to hijack the identities of people whose credentials were stolen.
“There are 26 million people who have credit scores in Canada,” financial literacy and credit score expert, Chantal Chapman said. “With the information that was taken, a person could fill out a mortgage application or buy a cellphone. It’s pretty scary.”
WATCH: Debit, credit slowly becoming Canadians favourite compared to cash
Have you been hacked?
Equifax established a website where people can check to see if their personal information may have been stolen. Consumers can also call 1-866-447-7559 for more information.
READ MORE: What to do when thieves get your cards and PIN
Equifax said it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.
What to do if your information has been hacked
If you do find your personal information may have been impacted, there are a few steps you can take to protect yourself from identity theft.
Get breaking National news
Monitor your Equifax credit score. You should watch your credit score as soon as possible and keep an eye on it to make sure nothing suspicious is happening, Chapman said. There are a number of free credit monitoring services out there, like Mogo. If you monitor your score monthly and then see your credit rating drop, it’s an indication something has happened, she added.
Watch your credit inquiry. “Anytime someone checks credit it’s a hit on your credit score,” Chapman said. There can be a soft hit (when you check your own credit) and then there’s a hard hit (applying for a credit card). You can order a credit inquiry through Equifax.
Freeze your credit reports. You can freeze your Equifax account, consumer advocate and chairman of security firm CyberScout, told Marketwatch. This restricts access to your credit report, which helps prevent other credit card companies from accessing it to open up new accounts.
If your SIN was stolen, file a police report. A social insurance number is the Holy Grail of identity theft, according to finance magazine, Kiplinger. You should file an identity theft police report and send a copy of it to Equifax.
Check your bank and credit card statements. Keep a close eye on your credit statements for suspicious activity over the past several months. Report any suspicious charges and cancel your compromised card for a new one.
Alert bank and strengthen your password. Let your bank, or any other company overseeing another financial account, know about the breach. You should also change your password with a two-factor authentication (password and confirmation via phone number).
WATCH: Warnings about card skimming
How many Canadians?
The breach exposed the information of an “unknown” number of people living in Canada. The company has not yet released how many Canadians are affected but said nearly 143 million Americans had their data breached.
“Equifax will work with U.K. and Canadian regulators to determine appropriate next steps,” the credit monitoring company said in a statement.
Why did Equifax wait to tell the public?
Equifax waited six weeks to disclose that sensitive information was hacked in a data breach.
“Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion,” Equifax said in a statement. “The company promptly engaged a leading independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.
LISTEN: Author of “Techno Creep” on how Canadians can protect their personal information online
“Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.”
The Atlanta-based company declined to comment on that delay or anything else beyond its published statement.
WATCH: Hacker steals data on 500 million Yahoo accounts
Three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered it had been hacked, according to documents filed with securities regulators. In a subsequent statement, Equifax said the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”
Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.
*With files from the Associated Press
Comments