A Summary of the Equifax Hack and What to Do Next

What Happened?

Last Thursday, Equifax disclosed an information security breach that compromised personal information on approximately 143 million people in Canada, the United Kingdom, and the United States. The compromised data included:

  • Social Security Number (SSN)
  • Date of Birth (DoB)
  • Address
  • Driver’s License (DL) Number

The breach also disclosed the Credit Card (CC) Primary Account Number (PAN) for 209,000 people. Another 182,000 people suffered the compromise of their Personally Identifiable Information (PII). [1] [2]

So What?

This is a Big Deal™ because Equifax is one of the three primary credit reporting companies in the United States and drives the credit reporting industry and this breach affects 45% of the U.S. population. Given the volume and sensitivity of the data involved, this is one of the most significant breaches in the last 5 years. [3] [4]

As a result, you or someone you know is probably affected by the breach.  This increases the chances of becoming a victim of identity theft because Equifax collects the following information to create your credit report [6]:

  • Name
  • Address
  • SSN
  • Financial account numbers
  • Credit agreement details
  • History of when and how you pay your bills
  • Amounts you owe
  • Types and lines of credit
  • How much credit you have available
  • Inquiries into your credit over the past 2 years
  • Delinquency status of your accounts
  • Collection information
  • Public records

What Should I Do?

A breach of this magnitude and scope can be overwhelming if you think about it too much. The good news is that you can take steps to limit its impact on you and your family. Here are steps you can take immediately to avoid falling victim:

  1. See if you are affected using the Equifax Cybersecurity Incident & Important Consumer Information web page. There has been some discussion regarding the accuracy of the results, but it is a good place to start. [5]
  2. Use the Equifax page above to keep an eye on the situation.
  3. Check your accounts for unusual activity.
  4. Consider implementing a credit freeze. You can learn more from the Federal Trade Commission.
  5. File taxes as soon as possible to avoid fraudulent submissions.
  6. Use 2-Step authentication whenever possible. This is usually done through a one-time PIN sent via text message.
  7. Be extra vigilant for phishing attacks and other scams.
  8. Enroll in an independent credit and identity monitoring service. Here is a good assessment of the offerings available.

References

[1]     Equifax, Inc., “Cybersecurity Incident & Important Consumer Information,” 9 September 2017. [Online]. Available: https://www.equifaxsecurity2017.com/potential-impact/. [Accessed 11 September 2017].

[2]     M. Nunez, “Everything you need to know about the massive Equifax data breach,” Mashable, 9 September 2017. [Online]. Available: http://mashable.com/2017/09/08/everything-you-need-to-know-equifax-hack/#tFkncQmf7kqd. [Accessed 11 September 2017].

[3]     T. Seals, “Equifax Breach , Affecting 45% of US Population, Raises Big Questions,” Infosecurity Magazine, [Online]. Available: https://www.infosecurity-magazine.com/news/equifax-breach-affecting-45-raises/. [Accessed 11 September 2017].

[4]     Information is Beautiful, “World’s Biggest Data Breaches,” 10 September 2017. [Online]. Available: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/. [Accessed 11 September 2017].

[5]     B. Krebs, “Equifax Breach Response Turns Dumpster Fire,” Krebs on Security, 8 September 2018. [Online]. Available: https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/. [Accessed 11 September 2017].

[6]     D. Moogalian, “How Does Equifax Get the Information for My Credit Report?,” 8 October 2012. [Online]. Available: https://blog.equifax.com/credit/how-does-equifax-get-the-information-for-my-credit-report/. [Accessed 11 September 2017].

[7]     D. Eitelbach, “Best Identity-Theft Protection 2017,” Tom’s Guide, 8 September 2017. [Online]. Available: https://www.tomsguide.com/us/best-identity-theft-protection,review-2083.html. [Accessed 11 September 2017].

[8]     L. Myers, “Equifax breach: 5 defensive steps to take now,” Sophos, Inc., 11 September 2017. [Online]. Available: https://www.welivesecurity.com/2017/09/11/equifax-breach-5-defensive-steps/. [Accessed 11 September 2017].

[9]     L. Spitzner, “Awareness Officers – What to Communicate About the Equifax Hack,” SANS Awareness Blog, 8 September 2017. [Online]. Available: https://securingthehuman.sans.org/blog/2017/09/08/awareness-officers-what-to-communicate-about-the-equifax-hack. [Accessed 11 September 2017].

[10]     E. Price, “What to Do If You Were Affected by the Equifax Hack [Updated],” Lifehacker, 10 September 2017. [Online]. Available: http://lifehacker.com/what-to-do-if-you-were-affected-by-the-equifax-hack-1803081696. [Accessed 11 September 2017].

[11]     P. Wagenseil, “What to Do After a Data Breach,” Tom’s Guide, 08 September 2017. [Online]. Available: https://www.tomsguide.com/us/data-breach-to-dos,news-18007.html. [Accessed 11 September 2017].

Leave a Reply

%d bloggers like this: