5 million Georgians may have had data impacted in Equifax breach

Surprisingly few calls have rung through to the Georgia attorney general's consumer protection unit since Equifax acknowledged a massive data breach: 65 as of late last week, despite 5 million Georgians potentially having their private data affected.

It’s not clear whether that’s a sign of not knowing the state has its own group of consumer watchdogs, or residents caught up in the mess are taking matters into their own hands in reaching out to credit companies or online resources to ascertain how it affects them.

Nonetheless, state Attorney General Chris Carr has the unit taking part in an ongoing investigation with attorneys general from across the nation. And he and others said residents should take seriously their calls to sign up for alerts and use other steps to safeguard their personal information, saying the breach should be a final wake-up call.

“I want them to know we’re on their side,” Carr said. “That when your sensitive data is potentially out there in an era of identity theft, when your identity can be bought and sold online, I understand the fear. I understand the anger. And I understand the anxiety that they have.”

State officials have been in what they say is almost constant communication with Equifax and other companies since last month, when the credit reporting bureau announced what it said was a criminal breach of its systems.

The unauthorized access was discovered July 29, according to the company, although the data was taken between mid-May and the end of July. Overall, the personal information of 143 million consumers was potentially affected.

In addition to Social Security numbers, birth dates, addresses, and driver’s license and phone numbers were exposed in the breach, as were some individual credit card account numbers.

Liz Coyle, the executive director of the consumer group Georgia Watch, said Carr's office had done a good job so far in recommending how Georgians can move forward. She was also encouraged that Carr had joined a bipartisan group of attorneys general that has urged Equifax to do more outreach to affected consumers and take other action, including reimbursing consumers affected by the breach who incur fees to completely freeze their credit.

She wasn’t sure why so few Georgians so far had checked with the office otherwise, although she didn’t think it had to do with disinterest.

“There is certainly a flood of information out there for consumers related to the breach,” Coyle said. “My guess is more people are searching for that information online.”

Officials with the state consumer unit declined otherwise to go into specifics about the investigation, although they noted that their investigations may include subpoenas and bringing company officials in for statements.

They were also mum on whether the breach may prompt changes to Georgia’s consumer protection laws during the state’s next legislative session, which starts in January.

Coyle would like to see Georgia join a dozen other states that limit how entities can use a person’s Social Security number as a piece of data. For example, some health care providers may ask for the number as a way to track someone in their system.

“That has to stop,” Coyle said.

Carr, meanwhile, said he is focused on finding out what happened and how the state can do better.

His office has consumer hotlines for both metro Atlanta residents — 404-651-8600 — and a toll-free 800-869-1123 number for residents in other parts of Georgia to report issues, including concerns about the Equifax breach. There's also a way to get digital consumer alerts via a newsletter sign-up on the homepage of the state's "consumer ed" website: consumered.georgia.gov.

“If we don’t get the facts,” he said, “we aren’t going to know what happened and we’re not going to know what to do in the future to protect Georgians down the line.”

Additional ways to protect yourself

Georgia Attorney General Chris Carr is recommending that in addition to freezing their credit and monitoring their accounts, Georgians take these further steps following the Equifax data breach:

Tax refunds: Register for an "Identity Protection PIN" from the Internal Revenue Service at www.irs.gov. Be aware that you then must provide the PIN now and in the future when you file your taxes in order for your return to be accepted. Why do it? Without knowing what the PIN number is, an identity thief cannot file a fraudulent return.

Social Security: Create a "my Social Security" account on the Social Security Administration's website at www.ssa.gov. The idea is to prevent a thief from registering as you and changing the listed address for your benefits.

Health insurance: Review bills and statements carefully; and register online with your insurance provider. If available, sign up for fraud alerts from your provider. You can also review a free annual MIB Consumer File at www.mib.com to see what medical and personal information about you has been reported by health, life, disability and other member insurers. You can track your prescription drug purchase history by requesting a copy of your Milliman Intelliscript report at www.rxhistories.com.

Driver's license: Create an online account with the Georgia Department of Driver Services at dds.georgia.gov. Doing so allows you to check your driving history for discrepancies or changes to your record. If someone has used your driver's license fraudulently, file a report with your local police department.

Source: Office of the Georgia Attorney General