Yesterday, the credit reporting agency Equifax revealed that the personal data of 143 million US consumers, as well as “limited personal information for certain UK and Canadian residents,” was exposed by an attack exploiting security flaws in the company’s website. Social Security numbers, dates of birth, addresses, and some drivers license numbers were all exposed—information which could be used to pose as individuals to gain access to financial accounts, open new ones in their names, or file fraudulent tax returns.
Equifax responded by offering all US citizens a one-year credit monitoring service. But the leaked data could have a much longer lifetime than a year on the black market for identity theft and credit fraud, because the information obtained in the attack is irreplaceable. Unlike relatively disposable data such as credit card information or bank account numbers, the data obtained from Equifax could be held for years before use and still be effective.
So what can affected consumers do? Unfortunately, as things stand, the burden is on you to protect yourself in the long term—and the credit reporting agencies stand to profit from it.