Impact of Equifax Breach on Human Resources

Question:

With all the buzz about the Equifax breach, do we need to do anything for our employees?

Answer:

Most likely, your company is not under any requirement to notify your employees.  However, ensuring the data you have on your employees is secure and educating your employees on the breach may be helpful.

During the months of May through July, Equifax, one of the major consumer credit reporting agencies, was hacked.   143 million Americans, which is 44% of the population, were impacted.  Anyone with a credit report has a chance that their confidential personal information including Social Security numbers, birth dates, addresses, and driver’s license numbers, was stolen. The stolen information could be used to commit financial crimes against your employees.

As an employer, you may encounter an employee needing to take off time to deal with this Equifax Breach. Employees can find out if they were affected by the breach by using a secure computer or encrypted network connection, to go to the Equifax website, www.equifaxsecurity2017.com. Scroll down and click on ‘Potential Impact.’ You will be asked to provide your last name and the last six digits of your Social Security number. (Note: be sure you use this specific website as there has been “spoof” sites created that look legitimate).

If an employee’s data was breached, Equifax is offering enrollment in their TrustedID Premier. The program provides up to $1 million in ID theft insurance, Social Security Number Scanning, 3-bureau credit file monitoring, and the option to freeze your Equifax credit report. Plus, the employees should consider placing a fraud alert or credit freeze on their credit reports from the other agencies including Experian, TransUnion, and Innovis.

  • A fraud alert warns lenders to take reasonable steps to verify your identity before providing credit.
  • A credit freeze restricts access to the employee’s credit report and the credit agency will send a personal ID number (PIN) that the employee will have to use to unfreeze their accounts. Note, it can take 24 – 72 hours to unfreeze an account with the PIN.

Your employees can freeze their credit with each of the major credit bureaus online using the following links. They WILL need to enter personal information to do so.

Equifax – https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp  

Experian – https://www.experian.com/freeze/center.html

Transunion – https://www.transunion.com/credit-freeze/place-credit-freeze

Innovis – https://www.innovis.com/personal/securityFreeze

Encouraging your employees to update passwords on all online accounts with personal information is a good regular practice. Each account should have a unique password.  There are various password management tools that can be used to store and retrieve passwords such as KeePass or LastPass.  

Training your employees on cybersecurity will help provide them with the knowledge and tools to prevent other potential hacks. A good resource is our previous Question of the Week: Should HR Be Concerned About Cybersecurity And Phishing Scams?

Is your head spinning? Too many new employment laws to keep up with? Let strategic HR inc. assist you with navigating the employment law minefield. We can help you with any of your Legal Compliance needs. Please visit our Compliance page for more information or feel free to call us if you have a specific question or need.