Equifax announced on Thursday that hackers had gained access to the personal information of 143 million people, mostly US citizens. According to the credit-reporting agency, the data included social security numbers, birth dates, and addresses. It is likely one of the largest hacks in history.
After announcing the hack, Equifax launched a suspicious-looking site to help people check to see if their personal data was included in the breach. Unfortunately, the page is confusing, looks scammy, and barely delivers on its claim to “see if your personal information is potentially impacted.”
In order to check, the page asks for your last name and last six digits of social security number. Some security experts criticized the site for requesting social security numbers in order to check if the company had leaked your social security number.
If you enter the requested information, it either tells you that the agency believes your information has not been impacted, and asks you to enroll in their “Trusted ID Premier” or it tells you to come back in a week or so for your “enrollment date” so you can complete the process of enrolling in TrustedID Premier, seemingly indicating that your data has been compromised in some way. However, the site doesn’t indicate what specific data might have been compromised for individual users or even explicitly state that a user’s data was involved in the hack.
TrustedID Premier is a credit-monitoring program, which Equifax is giving away free for a year. As TechCrunch pointed out, agreeing to the TrustedID Premier terms of service seem to waive users’ rights to sue Equifax.
And while an identity theft protection service will help you learn what happens to your stolen data, it doesn’t really clear up immediately whether or not you were pwned in this hack.
Update: The site now tells people their information may have been impacted instead of simply stating their enrollment date for TrustedID Premier. But ZDNet security editor Zack Whittaker has discovered that if you enter completely bogus information the site will still show you that you may have been affected.