On September 7, 2017, Equifax reported a data breach that occurred between mid-May and July. In terms of pure numbers—it reportedly affects 143 million consumers—this isn’t the largest data breach; however, due to the data content that was lost, it’s being reported as the most damaging breach.
The data that was accessed includes names, Social Security numbers (SSN), birthdates, and potentially driver’s license numbers. On top of that, Equifax also reported that 209,000 credit card numbers were stolen along with dispute documents containing information for about 182,000 people.
How Can You Protect Your Personal Information?
Even if your information was part of the breach, the Federal Trade Commission outlined some steps to help you protect it from being misused.
Check if You Were Exposed
Equifax set up a dedicated website to allow customers to check if their information was part of this data breach.
When you visit the site, you’ll click on “Potential Impact,” where you’ll enter your last name and the last six digits of your SSN. Anytime you enter your SSN, do it from a secure computer with an encrypted network connection.
Free Credit Monitoring
After checking to see if your information was compromised, the Equifax site will give you a date to return and enroll for a year of free credit monitoring and other services. Equifax has indicated this is available to US consumers whether or not your information was exposed. You have until November 21, 2017, to enroll.
Other Questions and Tips
The site also includes a list of frequently asked questions to explore if you have other concerns.
Here are some other tips:
- Credit freezing. This prevents a creditor from obtaining a credit report or score and makes it harder to grant credit.
- Fraud alerts. These can be sent to each credit reporting agency and are generally only good for 90 days, but it should force lenders to verify you are actually the one applying for credit.
- File your taxes early. Once you have all the necessary information, file your taxes before someone else can using your identify and potentially stealing a tax refund.
Could This Have Been Prevented or Minimized?
The details of the actual hack haven’t been released, but Equifax reported the breach occurred through a flaw in the open-source software, Apache Struts.
On a personal level, there is very little that could have been done to protect your data in this instance. There are, however, preventative steps you can take to help protect your data against the next, inevitable breach. For companies, the risk is even greater because the ramifications affect your clients as well, which can be a devastating hit for your brand reputation. Some steps to consider:
- Enroll in a credit monitoring program
- Conduct an IT risk assessment to test your security measures
- Perform quarterly vulnerability scans and share results with IT leadership
- Conduct a professional internal and external penetration test
- Review all externally facing websites and applications for vulnerabilities
- Fix any subsequent issues that arise
- Create an action plan in the event of a breach
We’re Here to Help
If you’d like to learn more about how your organization can better secure its web applications or infrastructure or if you want assistance assessing the security of your existing IT environment, contact your Moss Adams professional.