On Thursday, Sept 7th, Equifax reported one of the largest data breaches in history had happened. They reported that up to 143 million Americans may have had their personal information compromised, including social security numbers, and home addresses. Along with that around 209,000 credit card numbers were also exposed. The breach had also spread to the U.K. and Canada. The hack occurred sometime between the middle of May and July. It wasn't discovered until July 29th. The worst part about this data breach is that most people have no idea that they are even customers of Equifax.
Equifax is a nationwide credit monitoring company. They develop credit scores for their customers based upon their financial history. This isn't a company you sign up for though to be a customer, they get their information through banks, credit card companies, retailers, and other financial businesses, often without you knowing. They then use this information to develop the credit score that you see online.
Equifax is doing their best to get ahead of this data breach but it seems to be fighting a losing battle. They are sending out letters to all of their customers that had their personal information compromised. They are also allowing customers to sign up for free credit file monitoring and identity theft protection for a year. They are actually offering this to all of their customers not just the ones that have been affected by the breach. No letter, or free credit monitoring will make up for the fallout of compromising millions of Americans personal information
How did this even happen? No one has taken responsibility for the hack yet, but Equifax says that the criminals “exploited a U.S. website application vulnerability to gain access to certain files.” Right now the New York Attorney General is investigating the breach. Along with the Consumer Financial Protection Bureau, The House of Financial Services Committee, and the House of Judiciary Committee.
What can we do now? CNN posted an article about 5 things you can do now to protect yourself. I have linked the article there but to summarize they talk about how you need to monitor your credit activity and put fraud alerts on your credit.
How can a type of breach like this be prevented? As I mentioned in my first blog Equifax could have hired HackerOne to help them prevent this type of breach. Your in house IT team can only find so many vulnerabilities and repair them. You are better off hiring a group of freelance hackers to look into your website and to see what they can find. When it comes to information as sensitive as this there is no price tag. Especially because I would imagine that Equifax will be paying a hefty fine for this breach, along with any potential lawsuits.
- Parker Fifield
No comments:
Post a Comment