AAFCPAs Guidance in Response to Equifax Data Breach

As you may be aware, Equifax, one of the United States’ three major consumer credit reporting agencies has been breached, and personal information of approximately 143 million Americans has been compromised.
Information, including: names, social security numbers, birth dates, addresses and driver’s licenses, stored in Equifax’s databases have been stolen. Additionally, credit card numbers for about 209,000 people were exposed, as was “personal identifying information” on roughly 182,000 customers involved in credit report disputes.
How do I know if I am impacted?
You may visit Equifax’s website (https://www.equifaxsecurity2017.com) and click the “Potential Impact” tab to check to see if your personal information is potentially impacted. In addition, Equifax has reported they will be mailing notices to people whose credit cards or dispute documents were affected.
What does AAFCPAs advise?

  • Visit the Equifax website to see if your personal information has been exposed. Equifax will require you to input your last name and last 6 digits of your social security number (Please be advised, Equifax is offering free identity theft protection and credit file monitoring services; however, CNNMoney is reporting concerns regarding enrolling in Equifax’s credit monitoring service.)
  • Monitor your credit card statements for charges you do not recognize.
  • Request a copy of your credit report. If you reside in Massachusetts, you are entitled to an annual, free credit report from each of the large credit bureaus.  AAFCPAs encourages clients to monitor data in your credit reports annually to make sure there are no errors.
  • Subscribe to credit monitoring through a source that uses the big three credit bureaus.  It is important that the service provides alerts related to name and address changes, as well as credit related events, such as inquiries and new credit instruments. Please be advised, kids are targets too, and some credit monitoring services allow for free monitoring of your kids’ social security numbers.
  • Request an initial 90 day fraud alert with the 3 credit bureaus.  This will require creditors to ask for additional information before granting credit. As a precaution, AAFCPAs recommends that consumers renew after the 90 day period.
  • Consider a 5 year credit freeze if there is evidence of fraud.

AAFCPAs would like to raise readers’ awareness about the likelihood of phishing emails. Those affected by the breach are at an increased risk of receiving more sophisticated phishing emails that use information obtained to appear more personal and accurate. As a best practice, consumers are advised to make transactions directly with the institutions.  Call the published number rather than one provided in an email, and visit the public website versus clicking on a link in an email.
Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.
For more information about cyber security and IT risk assessment, please contact your AAF Partner, or James Jumes, leader of AAFCPAs’ integrated business & IT advisory practice at: 774.512.4062 or jjumes@nullaafcpa.com.

About the Author

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.