Major hacks and breaches seem like they are becoming a monthly occurrence. Most recently, on September 7, Equifax Inc., one of the three largest consumer-credit reporting companies in the U.S., announced an over two-month data breach, which lasted from mid-May to the end of July. The hack may have exposed the information of 143 million U.S. citizens, providing the hackers with names, addresses, birth dates, and social security numbers – enough details to assist identity thieves in taking out loans and applying for credit cards in your name. The hackers also stole the credit card numbers of 209,000 people and documents with personal identifying information for about 182,000 people. They even grabbed information about people in the U.K. and Canada.
The case is already surprising, as it potentially impacted nearly half of U.S. consumers. But what may be even more shocking is Equifax’s poor handling of the situation. Firstly, Equifax Security first discovered the intrusion on July 29, a whole six weeks before revealing it to the public. Not only did they drag their feet on the announcement, but the whole breach could have potentially been avoided if proper security measures were taken. According to USA Today, the breach was due to a vulnerability in free, open-source software – Apache Struts – that is used to create Java web applications. Apparently, cybersecurity professionals discovered the vulnerability and alerted Equifax two months before the attack. Additionally, per The Apache Foundation to USA Today, “The Equifax data compromise was due to their failure to install the security updates provided in a timely manner.” The case has become so convoluted that Equifax is now under federal investigation by The Federal Trade Commission.
So what is one to do? If you’re reading this, there is nearly a 50 percent chance you were affected by the attack. Firstly, you want to check your credit reports, credit cards, and bank accounts to see if there are any accounts or activity that you do not recognize. You can also establish a credit freeze on your files, making it much harder for somebody to open a new account in your name; however, this will not prevent identity thieves from making charges to your existing accounts. You can also place a fraud alert on your accounts, warning creditors that you may be a victim of identity theft and that they should confirm that anybody seeking credit in your name truly is you. Finally, Equifax has set up a website to help people monitor the situation and stay updated. It’s a good place to start if you think you may have been affected by the attack.
It’s still not completely clear whether the attack was a result of the company’s negligence or not. The federal investigation should clear things up in the coming weeks. But, with major firms being consistently hacked, it raises the question, can we trust anyone with our data?