More than 730,000 West Virginians could be affected by the hack of credit monitoring company Equifax, in which the personal information of roughly 143 million U.S. consumers was exposed, putting them at greater risk of identity theft, according to a news release from the office of West Virginia Attorney General Patrick Morrisey.
Equifax, one of three major U.S. credit bureaus, announced Thursday that “Criminals exploited a U.S. website application vulnerability to gain access to certain files” from mid-May through July. The hackers accessed information including Social Security numbers, names, addresses and birthdays, according to Equifax. In some instances, the credit card numbers for roughly 209,000 U.S. consumers and driver’s license numbers in some instances were also accessed, it added.
Equifax has advised that 730,119 of the consumers which hackers obtained files of reside in West Virginia, the Attorney General’s office release said.
“The Attorney General urges consumers to watch their bank and credit card accounts for unauthorized charges, monitor credit reports, strengthen passwords where necessary and be extra cautious with any unsolicited email, phone call or other attempt to gain your personal information,” the release said.
On its website established after the massive data breach, Equifax said consumers may enroll in “complimentary identity theft protection and credit file monitoring services” even if they may not have been affected by the hack. Consumers looking to find out through the site if their data have been compromised are asked to provide their last names and last six digits of their Social Security numbers.
In an FAQ on the site, Equifax said it learned of the breach on July 29 and waited until Thursday to make it publicly known because of a “complex and time-consuming investigation” in which it wanted to wait until there was “enough information to begin notification.”
The release from the Attorney General’s office said people should only visit Equifax’s website with a secured computer and an “https:” in the address instead of “http:” for an encrypted connection.
Shawn Morgan, a member of law firm Steptoe & Johnson’s Cybersecurity Breach Response Team, said if someone does not want to use Equifax’s services offered after the breach, he or she may want to enroll in an identity theft protection service like LifeLock.
“Any time you have 143 million people potentially affected, it’s a large-scale breach,” she said. “It’s always important to prepare and be proactive in trying to protect your identity, whether a breach is happening or not.”
There is always a chance personal information can be compromised, especially in a world growing more dependent on online services, according to Morgan, who said she was once a victim of identity theft.
“The only way you can completely protect yourself is to not use technology, and I don’t know if that’s possible,” she said. “You just have to be vigilant and keep the chances [of identity theft] low.”
The release from the Attorney General’s office said that consumers concerned their personal information was compromised can call the Attorney General’s Consumer Protection Division at 1-800-368-8808, the Eastern Panhandle Consumer Protection Office at 304-267-0239 or visit www.wvago.gov.
“The Equifax breach poses a significant threat to nearly half of our state’s population,” Morrisey said in the release. “Every West Virginia consumer must be aware of this incident and take the necessary steps to protect their finances. Those impacted also should monitor further developments.”
Reach Max Garland at email@example.com, 304-348-4886 or follow @MaxGarlandTypes on Twitter.