Equifax Data Breach
The Attorney General's office learned on September 7, 2017 that Equifax experienced a cybersecurity incident that could potentially affect 145.5 million U.S. consumers. More than 1.3 million Arkansans have been affected.
The breach occurred due to a vulnerability in Equifax’s website application program. The breach occurred in mid-May and lasted until July 29, when Equifax discovered it.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers and certain credit dispute documents with personal identifying information for approximately 182,000 U.S. consumers were accessed.
Equifax has hired a security firm to conduct a forensic investigation to determine exactly how the breach occurred. Equifax is offering one year of free credit monitoring, and it has also established a website, equifaxsecurity2017.com, to help consumers determine if their information was potentially impacted.
Consumers will be given a date after which he or she can return to the website and enroll in credit monitoring services. The enrollment period ends November 21, 2017.
Credit monitoring services are offered through TrustedID Premier. These services include credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and internet scanning for Social Security numbers – all free to U.S. consumers for one year.
Equifax has modified the language in its privacy agreement to state that you do NOT waive your right to sue by enrolling in free credit monitoring, if you choose to do so.
The Arkansas Attorney General's office, in connection with other states, will conduct a thorough review of this breach to assure that Equifax takes steps to minimize the exposure of Arkansans’ personal information.