News / The Equifax Credit Data Breach: A New High-Water Mark in Cybersecurity Risk Management. Here’s What You Should Do Now.

September 8, 2017

Equifax is one the largest consumer credit agencies in America. It is the Fort Knox in the financial crime world, consisting of the complete financial DNA — the Personally Identifiable Information (“PII”) — of its customers. Equifax failed its customers as the custodian of this valuable information and was breached by what appears to be a sophisticated attack on one of its U.S. servers. Now, the hacker community is feasting on, trading, selling and exploiting the PII of millions, which reportedly includes information such as names, dates of birth, social security numbers, addresses and in some cases, prior home addresses, credit card information and actual disputed transactions. Indeed, the hacking community just advanced their position in the war on Cybersecurity and just took their most valuable beachhead to date, easily and swiftly. Moreover, at least 143 million of us are in the crosshairs of the financial attacks that have likely already ensued.

Purely in terms of scale, the Equifax Credit data breach of potentially 143 million U.S. customers is dwarfed by other recent high-profile data breaches like those against Yahoo and the Adult Friend Finder network. Yahoo email’s data breach, which occurred during 2013-2014 and was announced in September 2016, affected over 1.5 billion users. The Adult Friend Finder Network in 2016 had over 412.2 million accounts. However, it’s the quality of the information that was stolen from Equifax that makes this data breach an attack of cyber-geddon proportions.

The facts so far:

  • Equifax reported that data on 143 million U.S. customers were potentially obtained in a breach against one of its U.S. servers. The breach may also affect U.K. and Canadian customers.
  • The breach was discovered on July 29th, but went undisclosed to the public until September 7th.
  • Personal data including birth dates, credit card numbers and more were obtained in the breach, and in some instances, specific disputed transaction information.
  • Three Equifax executives sold shares in the company days after the breach was discovered.

Equifax is one of three nationwide credit-reporting companies that tracks and rates the financial history of U.S. customers. The companies calculate credit scores based on information supplied to them on data regarding loans and credit cards, and data covering a vast range of sensitive information from employment history, to missed payments and home addresses.

The data stolen from Equifax will enable identity thieves and hackers to impersonate individuals with lenders, creditors and service providers, who rely on PII from Equifax, to make financial decisions regarding customers. Unlike other data breaches, some of the individuals affected by the Equifax breach are not even aware that they are customers of the company. Equifax acquires its data from financial institutions including credit card companies, banking, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies.

 

What can you do if you believe you are affected?

  • Change your passwords on all online accounts including personal/business finance, social media, email, on-line retail, etc. You may want to use a password-vaulting service.
  • Consider using credit monitoring services. Remember Identify thieves and hackers are patient. They may not use information that they have right now, and they can wait days, months and years before utilizing the information.
  • Obtain a copy of your credit report. There are several options available – some are free and some are fee-based.
    Equifax is offering free Identity Theft Protection and Credit File Monitoring to U.S. Consumers (https://www.equifaxsecurity2017.com/)
  • Ensure your laptops, desktops and personal devices, including mobile devices are updated with the latest patches.
  • If you don’t already, obtain immediate access to your banking, credit card and other services online. Such access gives end users the ability to monitor transactions near real-time versus traditional paper statements that are mailed home. The latter of which can easily be delivered to the wrong residence and accidentally opened.

The Equifax data breach comes less than three months after the global Non-Petya ransomware attack, which spread through computers in over 65 countries. Additionally, the cyber-attack comes on the heels of the widespread “WannaCry” ransomware virus, which infected computers globally this past May. Unfortunately, this most recent attack highlights the evolving threat landscape and the general state of unpreparedness in both the corporate and personal contexts. Now more than ever, all consumers must also evolve, and learn how to protect their personal financial information and consumer credit profiles.

No one is immune.

About the Author

Vinod Paul, Chief Operating Officer
Vinod Paul brings over 20 years of in-depth financial services and technology experience to his role as Align Cybersecurity’s Chief Operating Officer. Previously, Vinod led and innovated a leading global Managed IT Service provider, establishing this firm as a premier Managed Service provider in the alternative asset management space. Vinod also serves on the global board of directors for Help for Children/Hedge Funds Care.

 

Align Cybersecurity™ offers an unparalleled suite of Cybersecurity Risk Management services. Combining solutions around technology, governance and education, Align Cybersecurity is the only end-to-end solution in the world that creates a triple threat to hackers.

For more information about our services, contact cyber@align.com or visit www.aligncybersecurity.com.

Additional relevant articles: