In Wake Of Equifax Breach, What To Do To Safeguard Your Info
The top story, the massive data breach at Equifax is the latest of security experts and they say it is the worst of a series of test. Hackers were able to access personal information from as many as 143 million people, including Social Security numbers, birthdates, and credit card numbers. Equifax is one of the three big credit reporting agencies keeping records on the financial histories of Americans. A silver lining is that Equifax says it has not picked up on any data breach related unauthorized activity turning up on its own credit reporting service. Joining me is Darin Anderson. He is the founder of CyberTECH and cyber United, a cyber security firm. Welcome. Hello. Why are experts saying this reach is more significant than the massive hack of Yahoo in 2016 because more people were affected by the Yahoo breach. The main reason is because you have the numbers, those were large but the quality of information from a perpetrator standpoint was lower. Here, you have a very rich pool of information and personal data on the people that were affected. You mentioned at the start, you know, the kind of information that the drivers license, birthdates and so forth. Why is the public just learning about this data breach when Equifax learned about it in July ? This is the third data breach in the last 24 months. A lot of times, companies are trying to do a couple of things. One is to determine what is the level of the breach and what are the reportability requirements that they are required to make to the public. The other is, what to try to see if they can attribute to the perpetrators themselves so they will set up a sting operation. Then they can gather more information on the companies or the people that are trying to hack them. Other credit reporting agencies make money from selling our data to financial companies. Doesn't that increase the company's responsibility to protect this information ? My personal view is that they should take a greater level of responsibility for. They are monetizing the data. That is a product that they have. Just like my car should not drive off the road, my reporting, I personal information to a source that sells it as a product in my view, it should protect my safety and privacy and digital security. How would you like to see Equifax held accountable? What do you think would be most effective except one, they have to have full disclosure about what happened so people can protect themselves. In my view, you have to be responsible for your digital security. At Equifax or another corporation or government or something, most people understand that. I call it the Calvary is not coming. Equifax needs to own its mistakes and live up to the breach and do what it can to protect customers moving forward. In a take -- a case like this, they announced a couple of measures, and one is credit monitoring for those that were breached and a special hotline that is manned 24 seven edit -- 24/7. There is a website and people can find out if they have been affected. How do hackers use the information they steal? If you monitor your credit statement and you do not see anything, are you in the clear? Not necessarily. Think of data as a viable commodity like oil or gold. It is traded on the market. They call it the dark web. Just like any other product, or commodity, it is traded based on the quality of information. It is more unique to this case, the value of the personal information is in my view, a higher-quality and it can command a higher price on the dark web. How long would an average consumer have to be on guard? I would say that the average consumer should be constantly vigilant and always on guard. It is really about taking charge of your own personal -- I'm sorry -- your own digital security the way you take charge of your own personal security. Do you have an idea how this breach could have occurred? With this be an inside job the way we have heard about some of the breaches before? You think hackers got through security on their him? The general attribution that we have seen thus far indicates that a group of outside hackers, you never know if they are from the inside but our view is that at this point, it was an outside hacker group and foreign in origin. There is a professional group that hacked into the system through a website vulnerability, an actual application that is part of the Equifax website that was breached and that is how they appear to of gotten in. When you say farm -- for, do you mean Russia expect you always have to look at Russia. You have to look hard at China. You have to look hard at the Middle Eastern atmosphere. The threats are everywhere. A different types of threat actors. The ones we decide -- we discussed our motivated. I do not know that there is too much on the country of origin yet but certainly, you have to rely on Russia and China and some of these other known powerful hacking groups. I have been speaking with Darin Anderson , the founder of CyberTECH. Thank you so much. It is always a pleasure. Thank you for the time.
There's no way around it: The news from credit reporting company Equifax that 143 million Americans had their information exposed is very serious.
The crucial pieces of personal information that criminals may need to commit identity theft — Social Security numbers, birthdates, address histories, legal names — were all obtained. And once your personal data is out there, it's basically out there forever.
Unlike previous breaches at Yahoo, Target and Home Depot, Equifax's role in the financial industry makes this breach far more alarming. The company is basically a storehouse of Americans' most personal credit information, knowing everything about people from when they opened their first credit card, to how much money they owe on their houses, to whether they have any court judgments against them.
Lenders rely on the information collected by the credit bureaus to help them decide whether to approve financing for homes, cars and credit cards. Credit checks are even sometimes done by employers when deciding whom to hire for a job.
Atlanta-based Equifax, one of three major U.S. credit bureaus, said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year. Equifax discovered the hack July 29, but waited until Thursday to warn consumers.
For consumers, it may be time to take even more extreme measures to lock down their information, outside of the routine advice like checking your credit reports regularly and seeing if there are any abnormal transactions on your bank accounts and credit cards.
The strongest possible option a person can take immediately is placing what's known as a credit freeze on their credit files with the major credit bureaus — Equifax, TransUnion and Experian. A credit freeze locks down a person's information, making it impossible to open new accounts and bank cards in their name. But locking your credit also locks you out from opening new accounts as well.
"The credit freeze is the nuclear option of credit protection. But in the wake of a breach this big, it's worth considering," said Matt Schulz, an analyst with CreditCards.com.
Consumers will need to be even more diligent about checking their credit reports. U.S. law gives every American the right to pull their credit reports for free once a year from the major credit bureaus. It's best to spread those requests out over the year — do one every four months, experts say.
There are a lot of websites that market access to your credit reports, but the official one is annualcreditreport.com
Expect to check this information not just in the immediate future, but for the long term — potentially years. Once your personal data is out there, it can be used at any time.
"Bad guys can be very patient with data. This should be a wake-up call to be even more diligent with your information," Schulz said.
An even more extreme step? People can request to change their Social Security number with the Social Security Administration if they have repeatedly been a victim of identity fraud under their original number.
This isn't the biggest data breach in history. That indignity still belongs to Yahoo, which was targeted in at least two separate digital burglaries that affected more than 1 billion of its users' accounts throughout the world.
But no Social Security numbers or drivers' license information were disclosed in the Yahoo break-in.
Equifax's security lapse could be the largest theft involving Social Security numbers, one of the most common methods used to confirm a person's identity in the U.S. It eclipses a 2015 hack at health insurer Anthem Inc. that involved the Social Security numbers of about 80 million people.
Any data breach threatens to tarnish a company's reputation, but it is especially mortifying for Equifax, whose entire business revolves around providing a clear financial profile of consumers that lenders and other businesses can trust.
In addition to the personal information stolen in its breach, Equifax said the credit card numbers for about 209,000 U.S. consumers were also taken, as were "certain dispute documents" containing personal information for approximately 182,000 U.S. individuals.
Equifax has established a website, https://www.equifaxsecurity2017.com/ , where people can check to see if their personal information may have been stolen. Consumers can also call 866-447-7559 for more information.
The company warned that hackers also may have some "limited personal information" about British and Canadian residents. The company doesn't believe that consumers from any other countries were affected.
Three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered it had been hacked, according to documents filed with securities regulators. Equifax said the three executives "had no knowledge that an intrusion had occurred at the time they sold their shares."
Equifax shares fell about 13 percent to $123.75 in heavy trading. The decline equates to about $2.28 billion in lost market value.