Equifax Data Breach: What You Need to Know

While the potential reach of the Equifax data breach is large, affecting approximately 143 million Americans, it is important to not overreact. If your information was included in the breach, it does not mean you are a victim of a cyberattack or identity theft. It simply means that some of your information may have been accessed.

What you need to know:
  • At this time, it appears there were just over 200,000 credit cards among the 143 million records potentially compromised.
  • The biggest risk posed by this breach is the threat of identity theft.
  • Equifax has indicated that debit cards were not exposed – therefore criminals are unlikely to have the capability to withdraw funds from a checking account.
  • It’s important to understand that Equifax is a credit bureau, not a bank.
  • Equifax has set up a website at www.equifaxsecurity2017.com to help consumers determine if their information was breached. Equifax will also mail notices to consumers whose credit card numbers or dispute documents were breached.
  • Equifax has established a dedicated toll-free number to answer questions you may have about the Equifax data breach and its effect on your personally identifiable information. You may call them at 866-447-7559.

To protect your identity and personal information, First Citizens Bank strongly encourages our customers to take the actions noted below.

As with any potential data breach, you can proactively take these steps to help protect your accounts:

  • Internet/mobile banking is your friend here. Monitoring your accounts and credit report for unauthorized transactions or accounts is critically important. In addition, you can order a free copy of your credit report from all three of the credit reporting agencies at annualcreditreport.com. You are entitled to one free report from each of the credit bureaus once per year.
  • If you spot any suspicious transactions, please contact First Citizens Bank immediately.
  • Consider if you should place an initial fraud alert on your credit report (see https://www.consumer.ftc.gov/articles/0275-place-fraud-alert).
  • Consider if you should freeze your credit file (see https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs).
  • Before deciding to place a credit freeze on your accounts, consider your personal situation. If you might be applying for credit soon or think you might need quick credit in an emergency, it might be better to simply place a fraud alert on your files with the three major credit bureaus. A fraud alert puts a red flag on your credit report which requires businesses to take additional steps, such as contacting you by phone before opening a new account.
  • Watch out for scams related to the breach. Do not trust e-mails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.


First Citizens Bank offers a service called ID TheftSmart Credit Monitoring. A First Citizens checking or savings account is required in order to register for this service. Please click here further information.

Review your credit reports for accuracy. Call any one of the four credit reporting agencies to receive your free annual credit report or visit www.annualcreditreport.gov.

1. Experian • PO Box 9554 • Allen, TX 75013 • 888-397-3742 • www.experian.com
2. TransUnion • PO Box 2000 • Chester, PA 19016 • www.transunion.com
3. Equifax • PO Box 740241 • Atlanta, GA 30374 • www.equifax.com
4. Innovis • 875 Greentree Road • 8 Parkway Center • Pittsburgh, PA 15220 • 1-800-540-2505 • www.innovis.com

You should also contact the credit reporting agencies to notify them of any suspected fraud or identity theft.  If you believe you are the victim of identity theft, contact your local law enforcement office and/or your state attorney general.

You may also want to consider reviewing information about recovering from identity theft, which is available from the Federal Trade Commission (FTC) at https://www.identitytheft.gov/ or by calling 1-877-IDTHEFT (1-877-438-4338). The FTC also offers general information to protect your online presence at https://www.consumer.ftc.gov/topics/privacy-identity-online-security.

Protect Against Fraud Scams:
  • Practice email safety: don’t click on links in emails or open attachments unless the email was expected and verified; confirm a message is legitimate by contacting the sender directly via pre-determined contact information.
  • Be suspicious of email or phone requests to update or verify personal information.
  • Be wary of offers that are too good to be true, require fast action or instill a sense of fear.
  • Be on guard against fraudulent checks, cashier’s checks, money orders or electronic fund transfers with a request to return part of the funds via wire transfer.
  • Use security and privacy settings on social network sites and beware of random contacts from strangers.
  • Research “apps” before downloading, only download from an “app” store (iTunes, Play Store, Windows Store), and don’t assume an “app” is okay because the icon resembles that of a bank.
  • Beware of disaster-related scams where scammers claim to be from legitimate charitable organizations.

Protect Personal and Financial Information:
  • Review monthly bank and credit card statements closely and contact the financial institution immediately if any unknown transactions occur; better yet, if online or mobile banking is available for deposit and credit card accounts, make a habit of reviewing every few days to ensure immediate actions can be taken.
  •  Safeguard credit cards, social security numbers and other personal information: o Only provide sensitive information over secure websites or emails:
    • Only provide sensitive information over secure websites or emails.
    • Do not provide personal information or log onto critically sensitive accounts (email, online banking, etc.) via public computers, like a hotel or library kiosk, or while using public WiFi.
  • Wherever possible, utilize two-factor authentication to provide an additional layer of account logon protections; twofactor authentication requires two pieces of information to login to an account, usually the password and a code from an SMS text message or approving the login via phone call. To check whether a website offers two-factor authentication, check this site: https://twofactorauth.org.
  • Use password protections:
    • Create long passwords with at least 10 characters and using a mix of alpha-numeric characters (A, b, 1, 99) and symbols (@, $, %, *).
    • Instead of a password, use a passphrase, a long (15-25 char) phrase or sentence that only makes sense to you and is easy for you to remember; do not use something common like “Maryhadalittlelamb.” and use something uncommon like “MichaelWhassocceronThursdays.”
    • Use a password checker to verify the strength of the selected password; do NOT put a valid password into an online password checker; instead, use a variation that is similar but not the same.
    • Do not use the same password for two critical websites or online accounts, do not share passwords with others and do not use the “Remember My Password” feature in web browsers.
    • Unless you use a very long and difficult password, change passwords often; and o Use a password manager to enable longer passwords without having to write them down.
  • Shred bills, bank statements, pre-approved financial solicitations and other confidential information before discarding them.