The Equifax Data Breach of 143 Million Consumers should place CyberSecurity at The Front of Your Mind
CyberSecurity is Something Everyone Should take Seriously, even the NOT so Technically Saavy
This week Equifax, a Consumer Reporting Agency and Credit Risk Assessment company, reported that a cybersecurity incident through a website application vulnerability allowed Cyber Criminals to access the names, Social Security numbers, birth dates, addresses, and driver’s license numbers of 143 Million potential consumers. That probably sounds extremely shocking to you, and it really is but the Equifax Data Breach is a pretty big deal that you should be concerned about.
Equifax has setup a site–www.equifaxsecurity2017.com–to help consumers determine if they’ve been compromised and to aid in helping them get assistance.
I would recommend you reach out to them and take steps to ensure you haven’t been compromised.
In a statement from Equifax they also stated, “the company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
What does this mean?
Two things.
- Within the Equifax Data Breach, they word “potential” is used here because they probably aren’t certain of the breadth of information that the criminals took off of their systems. If I go into your computer and I have access to files on your computer without your knowledge, it’s not like you can count the number of files I copied or took off of the computer. The word “potential” in this case means that the systems that they found to have been exposed most likely account for the records of 143 million people. That’s a LOT of people’s personal information to have access to!
- Most consumers are familiar with Equifax as one of the “Big 3” credit reporting agencies next to TransUnion and Experian. You know, where you go to check your credit score? So when we think about Equifax we think about the systems that house all of our personal information inside our credit report. The statement above from the company says that their “core consumer and commercial credit reporting databases” as far as they can tell, show no evidence of being breached. I know Equifax has a myriad of businesses and services that they offer consumers. The company has over 9,000 employees worldwide so without doing too much digging and research it’s fair to assume that they do more than just offer credit reports. However, from this statement I assume that the systems where my credit report sits were essentially untouched.
All of this as far as I can tell has to be taken at face value.
Cyber forensics is a very challenging process where it isn’t always clear “who” is responsible and “what” was compromised.
Not too long ago Target was the focus of a breach that compromised millions of individuals personally identifiable information, or what is called (PII).
This is an abbreviation in the tech world to classify data that can be traced or linked to an individual person, i.e. Social Security numbers, addresses, and the like.
If their core credit reporting databases were untouched but the Cyber Criminals were still able to get access to social security numbers and addresses and some 200,000+ drivers license numbers, then in my mind the compromise is just the same.
The distinction here isn’t very clear for the average person reading this, and I get it.
You may be wondering, what does all of this mean?
The fact is that breaches are so common and happening so frequently that we are becoming desensitized to the fact that things like this are happening at such an enormous scale and frequency.
The average consumer doesn’t understand privacy and technology and the security dangers behind it all to even know how to protect themselves when you have one of the largest data mining companies in the world suffer a breach of their own.
I’m not sure if this has something to do with the fact that Equifax has been around since 1899, but I can tell you that most companies are slow to adopt the latest trends and best practices when it comes to CyberSecurity. The Equifax Data Breach along with the countless number of other companies that have been hacked this year is proof that Internet security needs to be top of mind for everyone.
Most recently President Trump signed and Executive order making NIST the mandatory CyberSecurity standard government wide. NIST stands for the National Institute of Standards and Technology, and this standard is a very complex framework on how to secure an organizations infrastructure and technology environment.
President Trump’s Homeland Security advisor Tom Bossert said:
“The executive order outlines three key priorities for the Trump administration’s efforts in cyberspace: Protecting federal networks, updating antiquated and outdated systems, and directing all department and agency heads to work together “so that we view our federal I.T. as one enterprise network,” Bossert said.
How to Protect Yourself
The Equifax Data Breach like all other breach events means that your personal data, stored by the company, makes you susceptible to identify theft. Hacking is prevalent everywhere and identity theft is a very major concern that you should be aware of at all times. If someone hacks your computer and your accounts they can potentially take thousands of dollars from you or cause even further harm.
With the compromise of the 143 Million records from Equifax systems it is quite possible that someone could fake your identity and use it to purchase something or gain credit approval from a bank or retailer.
The first thing you should do is contact Equifax and get the credit monitoring service that they are offering.
The next thing you should do is pull your most recent credit report from all 3 credit Bureaus. Most people don’t do this on a regular basis, as they should, and if that’s you–now is the time!
Lastly, begin to lock down all of your online accounts with strong passwords and two-factor authentication.
I use a password management application for storing and generating all of my passwords. Use the max number of characters for all of your online accounts, and if you can and use a combination of numbers, special characters, and letters.
What is two-factor authentication?
Two-factor authentication involves the use of a “second factor” for logging into a system. It’s an added layer of protection which makes it more difficult for hackers to break into your online accounts.
CNET has a really good article on that subject here.
Facebook for instance has a two-factor authenticator which sends you a code that you have to enter after you enter password.
Google has the Google Authenticator app which integrates with other apps for providing a 6-digit code that you have to enter after you enter your password.
The idea here is that you have 2 different factors that are physically, or somewhat separate that have to be accessed in order for you to login.
Be mindful that as the internet and things becomes more inter-connected the higher the risk.
Protect yourself. Do your research.
See a statement from Equifax Chairman and Chief Executive Officer, Rick Smith.
You can read my previous blog post below.