By Lysa Myers
[ Update September 15, 2017: Equifax has
released more detailed information pertaining to the stolen data from
people in the UK. The names, dates of birth, email addresses and
telephone numbers of up to 400,000 people in the UK may have been
accessed.]
If you’ve been reading news about the recent Equifax breach,
you may have noticed that many articles mention briefly that people in the
United Kingdom and Canada are also affected. There has been little
clarification as to how many people were affected, or what exactly was lost.
The current statement from Equifax is
that there was “unauthorized access to limited personal information for certain
U.K. and Canadian residents.” Due to this heavy emphasis on customers in the
U.S., many of us have not really considered how much or how little this could
mean to people in the UK and Canada.
Breach Maths
Certainly, in terms of total numbers and dramatic
headlines, 143 million is a lot of victims. This means that 44 percent of all
Americans could have been affected. If we assume that this breach primarily
affects adults, it could be up to 60 percent of the population over the age of
18.
What we don’t currently know is how many people in
the U.K. and Canada were affected. We know that Equifax has data on 820 million
consumers worldwide and it operates in 24 countries. Of those 820
million, the company has information on 44 million people
in the UK and 26 million in
Canada.
If we assume again that this breach primarily
affects adults, and if we assume that these numbers are the maximum number of
possibly affected consumers in each country, this could mean that up to about
80 percent of adults in both countries may be affected.
While we do know that Equifax has found no evidence
of unauthorized activity on their core consumer or commercial credit reporting
databases, it’s entirely possible that this breach does not affect the total
number of Equifax customers in either country. As much as anything, people are
concerned about the lack of certainty.
Protect as if you’ve already been compromised
There is a popular saying in information security
circles that says that everyone should protect their data as if they’ve already
been compromised. While credit freezes were until recently considered a “drastic
measure” – only for people who had already had identity theft-related fraud
committed against them – they are now being widely recommended as a basic
preventative measure for everyone. Equifax is now waiving fees
for anyone wishing to set up this protection on their credit reports.
It seems wise, especially for people in the U.S., U.K. and Canada,
to be extra vigilant until more specific information becomes available. Even if
it turns out that few people in either country were affected, getting in the
habit of double-checking what’s happening with your financial accounts and
credit history is never a waste of time or effort.