Update: On May 24, 2018, President Trump signed into law the Economic Growth, Regulatory Relief, and Consumer Protection Act, enabling consumers to freeze and unfreeze their credit at all the credit bureaus free of charge starting September 21st, 2018.
How well do you know what happened during the recent Equifax data breach? Take this simple quiz to find out. Then learn what you can to do to protect yourself.
1. The software patch apparently needed to prevent the massive data hack was issued…
- A. The day Equifax announced the breach
- B. The day after the break-in was discovered
- C. The day before the break-in was discovered
- D. 2 months before the break-in
D. Believe it or not, it appears that Equifax had the tools to stop this breach from happening two months before it occurred. The security hole was discovered and a patch released in March 2017, but the crooks didn't strike until May. Why wasn't it fixed? Perhaps our next question offers a clue:
2. Equifax was distracted in March due to:
- A. The 2017 World Baseball Classic
- B. The death of Chuck Berry
- C. The first sighting of the night parrot in Western Australia in more than a century
- D. A breach of its computer systems
D. That's right; an earlier, less publicized breach may have involved the same intruders. Equifax claims that this was not related to the hack that exposed the data on 145.5 million Americans, but they are still investigating. How bad is their security? Next question:
3. TRUE OR FALSE: In Argentina, Equifax reportedly used the letters "admin" as both the username and password for an employee web portal designed to protect both employees and customers who submitted credit disputes.
TRUE! By using those simple terms, a criminal could have read 14,000 credit dispute complaints that weren't even encrypted. Why aren't their systems more secure? Let's answer that question with another question:
4. What was Equifax's head of security's college major?
- A. Information Technology Management
- B. Computer Security
- C. Information Systems Security
- D. Music Composition
If you guessed "Music Composition", you win… and 145.5 million Americans lose. The reported Chief Security Officer at Equifax, Susan Mauldin, has both a Bachelor of Arts and Master of Fine Arts in that field from the University of Georgia. She was allowed to retire soon after the hack was revealed, so she won't be around to face the music. Perhaps now she can write a sad song about it.
5. TRUE OR FALSE: During the Obama presidency, the Secret Service launched an investigation into potential hacking of personal information from Equifax of First Lady Michelle Obama, Vice President Joe Biden, and Hillary Clinton.
TRUE: In 2013, Equifax confirmed "fraudulent and unauthorized access to four consumer credit reports has occurred." So, if your identity is stolen, you're in good company. Although it's hard to believe that anyone would want to pretend to be Hillary Clinton right now.
6. Since 2013, how many consumer complaints have been made to the Consumer Financial Protection Board about Equifax?
- A. 10,000
- B. 20,000
- C. 40,000
- D. More than 64,000
D. Not only do they top 64,000 in total, but also the number has climbed year after year. Equifax is the target of more consumer complaints to the CFPB than any other company, including the other major credit bureaus TransUnion and Experian. And it looks like they're going to stay at #1!
7. TRUE OR FALSE: In his apology statement, Equifax Chairman and Chief Executive Officer Richard F. Smith said, "We pride ourselves on being a leader in managing and protecting data."
TRUE! However, we don't know if he had his fingers crossed. He, too, resigned, with an $18 million pension and millions more coming in bonuses next year.
8. Now that Equifax is on the case, the amount of time you need to worry about the hack leading to identity theft is:
- A. 1 week
- B. 1 month
- C. 1 year
- D. Forever
Forever! There's no way to tell if or when identity theft will occur, and it's up to you to protect yourself. A free membership to MoneyTips includes our credit monitoring service at no charge. Premium MoneyTips members enjoy more protection, including advanced identity theft and fraud alerts as well as $1 million identity theft insurance, for less than $5 per month.
9. TRUE OR FALSE: Regarding next steps to minimize damage, there's a big difference between placing a fraud alert on your credit versus a credit freeze.
TRUE! A fraud alert requires that any lenders or creditors take reasonable steps to verify your identity before issuing new credit in your name. There is no charge, and you only have to alert a single credit bureau. With a credit freeze, potential new creditors cannot access your credit report at all; therefore, they will not issue credit in your name. There are often costs involved, and you have to alert all three credit bureaus. Learn more about these two credit tools.
10. I didn't do anything wrong. Why should I have to pay to freeze my credit?
- A. Because you're not the customer. You're the product.
- B. Because the credit bureaus are allowed to charge for it.
- C. "Why, there ought to be a law!"
- D. All of the above.
D. Sadly, it's all true. We didn't ask the credit bureaus to hold our data. It doesn't seem fair that we have to pay for their mistakes. However, their customers are really the companies who extend us credit, not consumers. In the wake of this unprecedented breach, some US Senators are proposing legislation to make credit freezes free for the innocent victims.
How did you do on the test? Just the fact that these questions need to be asked means that consumers are not doing well. If you would like to monitor your credit to prevent identity theft and see your credit report and score for free within minutes, check out our credit monitoring service.
Photo ©iStockphoto.com/djedzura, tashka2000