All data breaches are bad data breaches, but the Equifax data breach is particularly disastrous due to the volume and sensitivity of the data the attackers were able to access. When it comes to data breaches, the Equifax attackers hit the identity theft jackpot.
Data breaches are, unfortunately, an all-too-common occurrence, and it’s not unusual for tens of millions of accounts to be compromised. In most data breaches, however, attackers gain access to tidbits of valuable information—a name, and maybe an email or mailing address. Sometimes, the attacker might strike gold and also get a Social Security number or bank / credit card account. Equifax has all of the above and then some.
Marie White, President and CEO at Security Mentor, points out that the data exposed in the Equifax breach potentially includes names, birth dates, Social Security numbers, and credit card numbers, but she also notes that Equifax data may include even more insidious data. “Credit reporting companies also have information on credit accounts including the type of account, when it was opened, the limit, and the balance and payment history. They also have information on consumers’ address history and debt. With all this information, the risk of identity theft is far greater. For example, hackers can now answer questions that are typically required to access financial accounts.”
White also marveled at the scope of impact of the breach. “The US population is currently 325 million; with 143 million consumers impacted by the Equifax data breach, that is almost 50 percent of all US citizens! Imagine if one out of every two people walking down the street dropped their credit card, along with a sticky note on the back with all their personal information needed to access that card. Now imagine that happening in every city across the county.”
“This is the motherlode,” agrees Ajay Arora, co-founder and CEO of Vera. “This is where we have all of our crown jewels.”
Arora expressed concern over the fact that we give credit agencies ownership of our digital life—and not even by choice, really. “This is very concerning because these are the people that are supposed to safeguard your information better than anyone.”
“Smart companies are moving to more proactive security technologies to put security measures in place to track and monitor what’s happening to the data, encrypting the data, and controlling access to protect customer data,” says Arora. “More companies need to start taking a more protective approach, rather than reactive approaches.”
A shift in security posture like the one recommended by Arora may very well have avoided—or at least minimized—the fallout of the attack on Equifax. It seems that keeping servers and applications—especially public-facing servers and applications—patched and updated for known vulnerabilities also plays a crucial role.
If you’ve received a notice, you should look into placing credit alerts on your records to get notified in the event someone tries to open up credit cards, take out loans or make large purchases. Maintain and monitor your information and notify the credit bureau if you see something suspicious.
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022
- Maggie MacAlpine Chats about Collaborative Threat Intel Initiative - October 14, 2022
- Intel Outlines Focus on Innovative Security Technologies - October 8, 2022