On September 7th 2017, Equifax — one of the three major U.S. credit agencies — announced that sensitive personal information of 143 million people was hacked, exposed, and stolen. While most of those 143 million are U.S. residents — a staggering 44% of the nation’s population — this major data breach also includes some Canadian and United Kingdom residents.
As one of the largest data breaches in U.S. history, it’s particularly important to understand how serious this security threat is to everyone. “On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said one identify theft and fraud tracking expert. U.S. Senator Mark Warner and vice chairman of the Senate Select Committee on Intelligence also said that this would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”
According to their website, “[Equifax] organizes, assimilates and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, and its database includes employee data contributed from more than 7,100 employers.” And while Equifax has found “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” the fact that nearly 44% of the U.S. population’s secure information is no longer secure is staggering and alarming.
Keep reading as we cover everything you need to know about protecting yourself, your credit score, and your finances — personal or business related — following the Equifax data breach.
Exposed in the Equifax Breach
For the 143 million exposed Equifax customers, it’s reported that hackers gained access to the following sensitive information:
- Social Security numbers
- Birth dates
- Driver’s license numbers
- Other private information
- Credit card numbers (around 209,000 consumers affected)
- Dispute documents with personal identifying information (around 182,000 U.S. consumers affected)
If you’re thinking about the possibility of ruined credit, identity theft, driver’s licenses made in your name (and all that can entail), countless credit cards in your name, and more, you’re not alone.
How the Equifax Breach Happened
The Equifax security breach occurred because cyber criminals “exploited a U.S. website application vulnerability to gain access to certain files,” said Equifax. On the surface, many are calling this a “relatively unsophisticated attack,” as the “same web application vulnerabilities from decades ago are still some of the primary vectors that are leveraged by hackers in modern attack scenarios.” Learn more about what exploits and vulnerabilities are in our blog, Exploits: What They Are and How to Protect Your Computer.
Quick Timeline of Equifax Breach
Mid May-July 2017: Hackers access consumer information on Equifax.
July 29, 2017: Equifax discovers the breach.
After July 29, 2017: Equifax states they acted immediately to stop the intrusion with the help from an independent cybersecurity firm.
August 1, 2017: Three top Equifax executives sell Equifax shares or exercised options to dispose of stock worth about $1.8 million. Equifax said the executives were unaware of the breach upon selling.
September 7, 2017: Equifax announces the cybersecurity breach.
September 7, 2017: Equifax states that their investigation is substantially complete, but remains ongoing. They expect the investigation to be complete in the coming weeks. They also state that they will send direct mail notices to consumers whose sensitive information was impacted.
Were You Affected by the Equifax Breach?
Finding out if you’re among those impacted by the Equifax data breach has proven a bit lacking. However, Equifax set up the website equifaxsecurity2017.com to help consumers find out if their information was compromised and to sign up for a year of free credit monitoring through TrustedID Premier.
Once on equifaxsecurity2017.com, you must enter your full name and the last six digits of your Social Security number. You should then receive a message whether or not you’ve been affected. However, users have stated they entered a bogus name with the digits 123456 and still received a message that they may have been affected. If you do enter your actual information and plan to continue with credit monitoring, you may be prompted to sign up immediately or at a later date. The last day to enroll is November 21, 2017.
Things to consider:
- Many consumers are already leery about submitting personal information to and signing up for credit monitoring with a company that already failed to keep their information secure.
- Phishing scams, including phishing domains for Equifax, are on the rise. Over 1000 fake websites (as of September 13, 2017) targeted at concerned Equifax consumers have already been discovered. They’re mostly variations of the real website, so make sure your spelling is accurate! See the full list of Equifax scam websites here.
Protect Yourself in the Aftermath and the Future
Whether you decide to put your trust in a credit monitoring company or not, there are a few things you can do on your own to protect your identity, credit, credit score, and finances.
- Consider freezing your accounts after signing up for credit monitoring. With a freeze in place, credit can only be extended after the applicant (you) provides a unique pin number. Equifax is now generating random PIN numbers for this, but they weren’t always. Full story here.
- Watch your personal or business finances closely. Report unauthorized activity immediately.
- Monitor your credit report. Review personal information and check for credit card applications filed in your name.
- Review these tips from the Federal Trade Commission (FTC).
- Visit the Federal Trade Commission (FTC) to learn more about protecting yourself from identity theft. If you’re a victim of identity theft, immediately file a complaint with the FTC.
- Read our blog and contact us to learn more about how to make sure your business is secure and impenetrable to security breaches like these.
Learn More about Cyber Security for Businesses
While this is attack was focused on gaining secure personal information, it was taken from a business — one that apparently didn’t take the proper precautions to ensure that their systems were secure. Use this major incident as a reason to ensure that your business — and all of its secure information — isn’t a future target. Eliminate vulnerabilities in your system. Make sure you contact Integracon to learn more about managed security suites and other IT solutions.