A little more than 1 million Puerto Rico residents could potentially be affected by the cybersecurity breach unveiled by credit information firm Equifax late last week, Consumer Affairs Secretary Michael Pierluisi said.
The incident could potentially impact some 143 million U.S. consumers, Equifax said.
“This does not mean that one million consumers have been victims of identity theft or fraud. It means that the information belonging to those people was in the files that criminals had access to, so there is the possibility of being impacted. That requires taking preventive measures immediately,” Pierluisi said.
In a statement, Equifax said criminals exploited a U.S. website application vulnerability to gain access to certain files, which included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.
“The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” it said in the release.
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.
“In that application the consumer will access the area classified as ‘Potential Impact.’ There, they will know whether they should take precautions by inserting their name and the last six digits of their Social Security number,” said Pierluisi.
In addition, the company will be offering free credit monitoring reports to those affected, and those interested even if they have not been involved in the incident.
“In the Department of Consumer Affairs, we have been vigilant and are monitoring this situation, specifically in communication with the Federal Trade Commission and Equifax, seeking ways to help those involved in this cybersecurity incident,” he said.
The FTC has provided consumer protection guidelines, including asking credit companies to offer a free fraud alert service, or a security freeze on the companies.
DACO does not process complaints for identity theft cases, which must be filed with the FTC.
“It is important that consumers regularly request copies of their credit reports if they are on the list of people who could be affected. This is, however, is a practice that all consumers must follow,” said Pierluisi.