But Mr. Anderson was lucky: The thieves have not used his information so far.
Many people can’t say the same. The consequences of cyberattacks can be devastating and take years to untangle, at great financial and personal cost. Last year, 15.4 million American victims of identity theft lost $16 billion, an increase in both victims and losses from the previous year, according to Javelin Strategy & Research.
But hackings often go unnoticed — at first.
One man said the thieves had so ruined his credit, he was unable to secure a needed mortgage refinance.
Janis Barbour said her Social Security number was used to fraudulently file taxes in Ohio. She and her husband live in Berkeley, Calif.
They learned of the theft only when the Internal Revenue Service confronted them for not declaring a tax refund as income. And that was just one problem.
Her credit card details were stolen in data breaches at Target and Home Depot, she said. A digital attack at her health insurance provider made more private information vulnerable.
She said she had spent nine months trying to get the I.R.S. to agree that her identity was stolen. She had to report the intrusion to local police, then file an affidavit, then contact the credit bureaus and then the Ohio government.
Ms. Barbour, a retired marketing researcher, said she has never had a physical credit card or Social Security card stolen. Several years ago, she and her husband locked their credit reports from activity from outside parties.
Then on Friday, she learned she and her husband were included in the Equifax breach. “It feels like there’s nothing you can really do to protect yourself,” she said.
In the first half of 2017, there were a record 791 data breaches in the United States, up 29 percent from the same period a year earlier, according to the Identity Theft Resource Center. From Jan. 1, 2005, to Sept. 5 of this year, more than 907 million records were exposed in nearly 8,000 attacks.
As a result, consumers like Kate Fairweather say they feel that they cannot prevent their information from leaking into the shadows of the internet.
“I thought, ‘Well, here we go again’,” said Ms. Fairweather, an employee of the Federal Emergency Management Agency, who found out this week that the Equifax attack made her data vulnerable two years after it was stolen in the Office of Personnel Management hacking.
Michael Harwood, an engineering manager in Melbourne, Fla., said his information was stolen two years ago.
“Initially, it’s really terrifying, especially having your Social Security number taken,” said Mr. Harwood, who noticed a mysterious attempt to transfer $1,000 from his bank account. “You’re worried about the tremendous implications this could have and the possibility of it going on for years.”
He said he had managed to trace the transaction through his PayPal account to his eBay profile, where he discovered an intrusion that laid bare a trove of personal information.
He spent the next month trying to repair the breach. He went to the local police station, set up a program to screen for suspicious activity stemming from his Social Security number and financial data, changed his eBay password and created a new bank account.
That meant a long wait for new credit and debt cards, a temporary freeze of his assets and a hold on withdrawals and transfers while the bank handled the move.
“That was a major pain,” Mr. Harwood said, adding that his original account and routing numbers had been linked to a slew of automated payments and shopping sites, including Amazon and travel booking sites. “It ends up being fairly far-reaching and inconvenient — you’re still making discoveries months later that there’s another account you have to correct.”
He said he now watched his accounts closely and signed up for services from LifeLock, an identity theft protection company. He also counts his blessings.
“It could’ve been much worse.”
Continue reading the main story