As we previously said, the Equifax breach affects approximately 143 million Americans. While the hackers stole data that includes addresses, birth dates, full names and Social Security numbers, there are steps you can take today that will protect you from an identity theft worst-case scenario.

Assume the hackers stole your data

While no one wants to be in a situation where personal information was exposed, it is best to act as if that has already happened.

A credit reporting agency accumulates very specific data about consumers. At one point or another, one of the credit reporting agencies most likely gathered details about you, such as Social Security number, birth date, address, and more. A breach of a credit reporting agency's data could put your personal information in the hands of someone who should not have that information.

What should I do?

First, be patient, given the volume of people affected and the two hurricanes impacting call centers, response time will be slower than ideal.

What you can do right now is to put a security freeze in place with each of the three credit reporting agencies. This will stop the agencies from instantly issuing a credit report when someone is trying to get credit using your information, start a new credit card with your identity, or more.  A security freeze will enable you to allow or deny the completion of the credit request.

The three agencies:

Free security monitoring and other resources

Equifax is offering free security monitoring (they have removed the mandatory arbitration clauses from their terms of service).

Request a credit report from each of the credit reporting agencies and review what is on there right now. You are entitled to a free credit report annually. The FTC page has a link on how get a copy of your credit report for free (click here). For additional steps, see the FTC's Identity Theft website.

Employer risk

Employers often run credit reports on prospective employees. This can continue (even through Equifax). If there is a delay in getting a credit report on a prospective employee, you can proceed with the hiring process, pending a background check.

Employers should exercise care when making changes to employee benefits at the seeming request of an employee; first person verification is advised (not just email). Employers are supposed to use credit checks only when the information is relevant to the position, per Equal Employment Opportunity Commission rules, but sometimes too much information is used.  Now is a good time to revisit the use and relevancy of the information you are processing in employee background checks.

To view Foley Hoag's Security, Privacy and The Law Blog please click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.