DAVID GREENE, HOST:
Equifax, the big credit reporting agency, reports that it was hacked in May. Whoever did the hacking seems to have gained access to Social Security numbers, home addresses, driver's licenses and a lot of other information for up to 143 million Americans. Craig Timberg covers technology for The Washington Post and joins us. Hey there, Craig.
CRAIG TIMBERG: Hi David.
GREENE: So if this took place in May, why are we just hearing about this now?
TIMBERG: Boy, is that a great question?
TIMBERG: Equifax says they discovered it on July 29, which, by my math, is about six weeks ago. And they have not answered my questions about why it took so long. I will say it's not unusual for companies to wait a while. But, man, I might've wanted to know over the last six weeks that my Social Security number might've been kicked around on some dark website.
GREENE: Yeah. I mean, isn't there stuff you might've done, like, to protect yourself - or get new credit cards or something like that in all these weeks?
TIMBERG: Potentially, yes - and for a lot of people, yes. This is an issue that Congress and some state legislators have looked at. But, in fact, there aren't really any rules about how quickly and what kind of information companies need to disclose. And it's a source of some frustration.
GREENE: For everyone, including reporters who were trying to get information out of the company, it sounds like (laughter).
GREENE: So if - let's say you're an American, and you were not already vulnerable to identity theft. Are there just tons more people now in the country who are going to be vulnerable because of this?
TIMBERG: I think so. There's no way, really, to know how vulnerable you are. There have been just so many hacks. And so much information has spilled out over the past few years that to think that you weren't vulnerable is probably naive. On the other hand, this does kind of feel like the big one, right? I mean more than half of all American adults seem to have been caught up in this. So, you know, if I wasn't - (laughter) if my information isn't out there, my wife's information probably is.
TIMBERG: So, yeah. It's terrifying.
GREENE: Any advice that that experts are giving for what to do now if you think that you might've been hacked and part of this?
TIMBERG: You know, the main thing is to keep an eye on things like your - you know, on your credit card reports and things like that to make sure weird charges don't show up. It's also good - you know, there are these credit monitoring services that Equifax, in fact, sells and is offering everybody for free for the next year. But I don't know. I feel pretty powerless, to be honest. I don't know what I'm supposed to do to protect myself.
GREENE: Yeah. No, it's getting to that point. And we have no idea who did this, - right? - as of now.
TIMBERG: No, not yet. I mean, we presume the FBI has been on this for at least a few weeks. They're pretty good. But let's say they find, you know, someone in Belarus who pulled off this hack. It's not like our credit information or, I mean, credit card information or Social Security numbers are suddenly going to come back into the protected zone.
GREENE: Right. The hackers are not going to hand it back and say, we're sorry.
TIMBERG: No, I don't think so.
GREENE: Craig Timberg is national technology reporter for The Washington Post - talking to us about this huge hack at Equifax, which may have made vulnerable the information of upwards of 143 million Americans, which is a lot of people. Craig, thank you.
TIMBERG: Thank you, David.
(SOUNDBITE OF JON HOPKINS' "OPEN EYE SIGNAL") Transcript provided by NPR, Copyright NPR.