Equifax, one of the major U.S. credit agencies announced that it had suffered a massive breach. This announcement was made on 7 September 2017. They reported that the breach potentially affects personal information relating to 143 million Americans. The hackers were able to access social security numbers, addresses, driving license numbers, and birthdates of these people.
Additionally, credit card details for about 209,000 U.S. consumers and dispute documents that hold personally identifying data of 182,000 Americans were accessed by the hackers. Equifax also reported that the hackers had accessed limited personal information for certain UK and Canadian residents. According to Equifax, the breach lasted from mid-May through to the 29th of July when it was discovered by the company’s IT experts.
Details of the incident
On 29 July 2017, the security team of Equifax observed suspicious network traffic that was linked with its U.S. online dispute portal web application. After investigating the suspicious traffic, the security team was able to block the suspicious traffic they had identified. However, on July 30, 2017, the security team observed other suspicious activity. In response, they had to take offline the affected application immediately to continue their investigation. They realized vulnerability in the Apache Struts web application framework which was the path the hackers used to gain access to the information. After patching this application, they were able to bring it back online.
On August 2, 2017, Equifax sought out the services of Mandiant –independent cybersecurity firm- to assist in conducting a privileged, all-inclusive forensic review to help determine the scope of the intrusion and the specific data affected. The security firm was able to identify the extent of the intrusion.
What measures has Equifax taken since the attack?
The chief information officer and the chief security officer of Equifax have both steped down since the incident happened. Mark Rohrwasser was appointed the interim chief information officer, and Mr. Russ Ayres has been named interim chief security officer.
This change was made as part of the firm’s review of the cybersecurity breach. Its internal investigation is still ongoing and is working closely with the FBI in its criminal probe.
How can you protect yourself after such a data breach?
If you have a credit report with Equifax, there are several ways you can prevent your information from being exploited.
1. Find out if you are affected
The first step is to visit, www.equifaxsecurity2017.com, to find out if your information was exposed. Click on the “Potential Impact” tab and then enter the last six digits of your Social Security Number and your last name. Make sure you are using a secure device and an encrypted internet connection when entering your social security number. The site will tell you if your information was impacted by the breach or not.
Either way, Equifax is offering all its consumers a year of free credit monitoring and other services. To access this service, you need to sign up for these services officially.
2. Freeze all credit inquiries through the four, not three credit agencies:
A credit freeze will help to make it difficult for anyone trying to open a new account in your name. Still, it is important to note that a credit freeze cannot stop an fraudster from making charges to your current accounts.
3. Check your credit history
Whether you use Equifax, TransUnion or Experian, always check your credit report by logging onto annualcreditreport.com. Through this website, you will be able to check your account for any suspicious activity that you do not recognize. Such information could be an indication of identity theft. Also, make sure to log ontoIdentityTheft.gov for more information on identity theft.
4. Monitor your current credit card and Bank accounts carefully
Check these accounts regularly for any unfamiliar charges.
5. Set a fraud alert on your files
If you opt not to use a credit freeze, place a fraud alert on all your current records. This way, creditors are warned in advance to verify their identity since you may be a victim of identity theft.
Always file your taxes immediately you get the tax information to prevent scammers from accessing it. Most times, tax identity theft occurs when a hacker tries to use your Social Security number to get a job or a tax refund. In addition, always respond to IRS letters immediately.