Credit reference agency Equifax is writing to the near 700,000 UK individuals worst affected by its data breach – but will the letters cause further harm?
Five months after Equifax was hit by a major cyber-attack, the credit reference agency has begun writing to the 693,665 UK consumers who had details stolen.
The compromised information includes email addresses, passwords, driving licence numbers, phone numbers and partial credit card details. Equifax has said the letters will detail what data has been compromised for that particular recipient. To reduce the risk of identity fraud, Equifax is offering affected individuals a choice of free ID-monitoring services.
Yet there’s evidence that far from reassuring victims, Equifax’s letters are sparking panic among some recipients, with a few even questioning whether the letter itself is a scam.
That’s because many haven’t heard of the firm before and don’t know why it holds their data. Regrettably, the letter doesn’t answer these questions.
Who is Equifax?
Equifax has confirmed that just 3% of those it is contacting now were its direct customers. How is this possible?
As a credit reference agency, Equifax receives personal data from banks and financial institutions when someone applies for a bank account, mortgage or credit card. Consent for this is usually included in the application terms and conditions.
This means Equifax may hold data on you, even if you’ve never dealt with it directly. Others will have transacted with Equifax themselves by purchasing a credit report or identity-monitoring services from it.
What is Equifax offering?
If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering free services that monitor how your identity is being used online – some of them are run by Equifax itself, and one is run by anti-fraud body, Cifas.
If you’re concerned about the security of Equifax’s own products, you can opt to be enrolled in Cifas’s Protective Registration scheme. However, you will still have to give some personal information to Equifax so it can enrol you for free.
It is possible to enrol directly through Cifas, although this will attract a £20 charge (for two years’ cover).
We’re concerned that scammers may try to capitalise on concern around the data breach by posing as Equifax in order to dupe individuals out of their data or money.
If you receive a letter regarding the Equifax data breach, and you aren’t sure if it’s genuine, look up Equifax’s number independently via a search engine or directory enquiries. Then give it a call to confirm the letter is genuine.
Is Equifax doing enough?
We want to know what you think of how Equifax handled the data breach. Do you think it’s acted promptly and adequately to protect customers? If you’ve received one of its letters, did you understand it, and did you take up its offer of free protection? If not, why not?