Are you affected by the Equifax hack?

By Mark Andrews | Business | Published:

It's hardly what you would call a red letter day.

"Your personal data has been accessed," says the letter which has landed on the doormat.

"Please read this letter and take action to protect yourself."

And, if you have not already had one of these letters, there is a real possibility you could be getting one of over the next few weeks.

The credit agency Equifax is writing to 167,000 people across the UK, on top of the 696,000 who were contacted last year, telling them their data has been stolen by cyber criminals. In total, it is estimated that 15.2 million files were compromised, so it remains to be seen whether this will be the end of the matter.

And just because you have never knowingly had any dealings with Equifax – indeed you might not even have heard of it – does not mean you are not at risk. Based in the American city of Atlanta, Georgia, Equifax is one of the "big three" credit reference agencies, which collects data on behalf of financial institutions to assess people's credit-worthiness. If you have a bank account, mobile phone contract, a credit card, or you pay your car or household premiums monthly, the chances are Equifax will have you on file.

So what should you do if you have had one of the letters? It is a sobering thought that if cyber criminals do use your personal details to steal, say, your life savings, the chances of recovering your money could be pretty slim.

"If someone hadn't got a system in place when they got hacked, you might have a claim, but if they do have a system in place, it's not generally the company's fault if they become a victim of hacking," says Andrew Pegg, of Shropshire law firm Lanyon Bowdler.

"The primary wrongdoer is the fraudster, and that is probably somebody sitting in their bedroom in Russia."


Mr Pegg says the first thing anybody does when they receive a letter purporting to be from Equifax is to check that it is genuine. The letters sent out by the credit reference agency feature a reference number top right, and it is possible to respond to the letter on the company's website If you are in any doubt, Equifax can be contacted on 0800 587 1584, although there have been reports of people struggling to get through. If your letter tells you to call a different number or use another website, that should arouse your suspicions right away.

The next thing you should do is change all your passwords. For those whose affairs are simple, that should not be too onerous, but many people these days have multiple online accounts all of which could be vulnerable. Online banking is an obvious one, but if you shop online, do online share trading, or have an account with a bookmaker all of those passwords will need to be changed too.

"The important thing is not to choose something obvious, that people can find out," says Mr Pegg.

"Don't use your date of birth, or the names of your children, because people will be able to find that out."


Mr Pegg adds that it is important to use a different password for each online account. He also warns that putting too much personal information on social media is a gift to identity fraudsters. Posting details about a landmark birthday lets the world know your date of birth for example.

"If you show a picture of your house, you might help somebody find your address, or it might show a car registration number, all of which could be useful to fraudsters."

He also advises anybody affected to keep a close eye on all their transactions, to ensure no fraud takes place.

It may also be advisable to inform your current account, credit card and mortgage providers that your details have been compromised.

At the moment Equifax is offering free services to those at greatest risk, which monitor whether your identity has been compromised online. The offer has been greeted with understandable scepticism in some quarters. To benefit from the free services, victims need to provide a name, address, date of birth and email address, as well as provide answers to some security questions. But many have questioned whether it is wise to hand even more personal data to Equifax, while others have questioned whether accepting the terms of the company's offer will compromise their rights should they wish to take action against Equifax in future.

Mr Pegg admits that people face a hard choice in this respect.

"It makes sense to get greater protection, so it makes sense to sign up for it, but often the heart rules the head.

"I think if I had trusted my data with somebody – I appreciate with Equifax they had not necessarily knowingly trusted their data – and it had not been properly protected, I would be somewhat loath to give them more information."

On the other hand, he says large financial organisations are under constant attack from hackers, and just because a company has been successfully attacked does not mean it is to blame.

If you are concerned about the security of Equifax’s own products, the company is also offering to enrol those affected onto the Protective Registration Scheme run by anti-fraud body Cifas. However, if you want to sign up to the scheme free of charge, you will still have to give some personal information to Equifax. If you are not happy with this, is possible to enrol directly through Cifas, though this will attract a £20 charge for two years’ cover.

While concerns about the hack are inevitable, Mr Pegg says the risk of being turned over is actually quite small, and there is no need for people to panic unduly.

"These days everything is done online, and you have to give all sorts of details out, if you didn't do that you wouldn't be able to do anything," he says.

"And it's not just doing things online. Anything that involves you giving details to another party, and that data being stored, could potentially be hacked."

Mark Andrews

By Mark Andrews

Senior news writer for the Shropshire Star specialising in in-depth features and commentary, investigative reporting and political matters.


Top stories


More from Shropshire Star

UK & International News