Last week, Equifax, one of the three largest consumer credit reporting agencies in the United States, reported that a massive data breach exposed the Social Security numbers, driver’s license numbers, and other private information of more than 143 million US residents.
Hackers were apparently able to access the company’s files for two months this summer, exploiting a vulnerability in Equifax’s website between May and July. Equifax reported that it discovered the data compromise on July 29th and in the ensuing six weeks has uncovered no further evidence of illicit access to its consumer and commercial credit reporting databases.
In addition to the hacked Social Security numbers and driver’s license numbers, cybercriminals reportedly accessed birthdays, credit card numbers, and addresses for more than 200,000 users, while documents used in disputes that contained personal information were lifted from more than 175,000 more users. Data on British and Canadian residents was also compromised.
How bad is the Equifax breach?
Nowhere near as widespread as Yahoo’s hack, which in total affected nearly one billion accounts. But the scope of the Equifax breach as it pertains to such important information is much wider and potentially more troublesome — the company houses data on more than 820 million consumers and 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers. “This is about as bad as it gets,” Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group, told The New York Times. “If you have a credit report, the chances are better than 50% you may be in this breach.”
Finding out whether you were affected hasn’t been easy.
Equifax set up a website to help consumers determine whether their data was at risk, but the site asks customers to enter their last name and the last six digits of their Social Security number, a risky proposition given the current cybersecurity landscape. If you do, however, you may not receive a concrete confirmation about whether your data was affected. Instead, the site provides an enrollment date for a free year of identity protection service, which can be inadequate both in the days until the service starts and after the year is up, when any compromised data can still be sold on the black market.
So what should you do next?
1) Security experts say you should set up fraud alerts and credit freezes on your accounts.
This process can be time-consuming, complicated, and expensive, but right now it’s the first line of defense against cybercriminals trying to apply for credit in your name. Consult with a financial professional before taking such steps, and be extra careful with the PINs generated by the credit reporting bureaus that can be used to “thaw” your credit freeze when you need to use it for legitimate means.
2) Consider more effective password management with comprehensive management tool.
Many computer users jump to manually change passwords for each financial, health care, social media, retail, and email account they use every time a breach happens. In the Equifax case, passwords were not the main credential stolen — but if hackers can access Social Security numbers and driver’s license numbers, it stands to reason that they can easily steal passwords, as well. That makes a strong, secure password management solution that automatically handles frequent password changes and the creation of long, unique log-ins so critical. Don’t assume your old password is safe — especially if you use it across multiple portals.
3) Use two-factor authentication.
Two-factor authentication requires you to enter something you know (like your password) and something you have (typically a unique code delivered to you via text message or email). While no security measure is entirely foolproof, using two-factor authentication not only makes a password breach statistically less likely but also can alert you to any suspicious activity related to your accounts with major providers like Google or Yahoo. Monitoring our accounts in such a fashion to keep a vigilant watch out for suspicious activity might just be the new norm.
4) Employ proactive monitoring and maintenance to protect your data.
If the steps above sound difficult to implement, consider working with a team of IT experts to surround your information with a strong security perimeter. At CMIT Solutions, we keep a 24/7 eye on your computers, your networks, your email, and the links your employees click, all in the name of comprehensive online security. That way, if an intrusion is attempted, we can spot it and suppress it before it wreaks havoc on your business.
Nervous about the prospect of your personal information being stolen in the Equifax breach? Contact CMIT Solutions right away. We specialize in multi-layered security solutions that go the extra mile to keep you safe. Our extensive network of more than 170 North American offices and 800 technicians stay updated on every cybersecurity development so that we can offer our clients the best protection in the industry. In short, we worry about your IT so you don’t have to.