Massive Personal Data Breach at Equifax
A massive data breach at Equifax has exposed the crucial personal information, including Social Security numbers of at least 143 million customers in the US, UK, and Canada. Equifax, a credit rating company, had announced on Sep 9, that its databases had been hacked. Though it came to know about the breach on July 29th, Equifax chose to reveal the breach only in September. The implications of this breach are huge, because all credit reporting systems use the same data, and this data has now been breached and stolen. This data cannot be recovered.
What data has been stolen
- Names, birth dates, social security numbers, home addresses, and drivers’ license information of at least 143 million customers
- Credit Card numbers of approximately 209,000 consumers
How to find out if your data has been stolen
Equifax reports that it has launched a website: www.equifaxsecurity2017.com to help consumers find out if their information could have been stolen. It also offers customers credit file monitoring and identity theft protection for a year. However, customers and cyber security experts who tried to find out if they were affected found that the website was broken. It was not giving proper results, raising the suspicion that Equifax was probably just buying time. The website was displaying the message that credit monitoring services were not available and to check back later. Further, it was displaying the same message for any type of gibberish typed in.
In an announcement on its website, Equifax Chairman and Chief Executive Officer, Richard F. Smith, stated: “This is clearly a disappointing event for our compan, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
The Vulnerability and Who Suffers
Hackers had been able to exploit a vulnerability in website application to breach the data. Equifax has not provided further details of the breach. It has, however, hired the services of the computer security forensic firm -Mandiant to investigate the breach, as well as the global PR firm Edelman PR to handle the way to notify affected consumers in the safest manner.
Immediately change the passwords you used for your dealings with Equifax, such as the pin code for your credit card. This may help you only regarding safeguarding your credit card and card data. However, all other personal details that have been stolen are now in the hands of cyber criminals.
Credit monitoring services do not protect you against identity theft. Hence, utilize security freezes (freeze your credit) to prevent others from taking any new credit lines in your name.
Get your recent free credit report and evaluate for any malicious activity. Also, set up a fraud alert.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.