DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Data
  4. With 40% of the US Population Potentially Affected by the Equifax Data Breach, Here's What You Need to Do

With 40% of the US Population Potentially Affected by the Equifax Data Breach, Here's What You Need to Do

Here we go again. Another large scale security breach that will affect millions of people has struck. What should you do to keep your data safe?

Cate Lawrence user avatar by
Cate Lawrence
CORE ·
Sep. 08, 17 · Analysis
Like (3)
Save
Tweet
Share
4.25K Views

Join the DZone community and get the full member experience.

Join For Free

Credit and consumer data company Equifax this week announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers, roughly 40% of the US population.

Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017.  The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for some UK and Canadian residents. 

What's the Big Deal?

What is significant about the latest attack, is not only the sheer size of it but the potential harm through identity theft and future fraud as cyber criminals can use these identifying factors to open bank or credit card accounts, access medical information, file taxes and receive the refunds, or make new purchases in your name. This attack will have a legacy effect as those affected will not be changing their specific identity features so they could be subject to attacks anytime in years to come. 

It's the third major cybersecurity threat for the agency since 2015. Between April 2016 and March 2017, TALX, an Equifax subsidiary that provides online payroll, HR, and tax services, was hacked, with cyber criminals able to change the four digit customer employee password and steal tax data after successfully answering personal questions about those employees. Using a pin number instead of two-factor authentification is bad enough, but to have it followed by an even worse attack shows that the company is lacking in preventative vigilance. 

What Happens Now?

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes:

  • 3-Bureau credit monitoring of Equifax, Experian, and TransUnion credit reports; and copies of Equifax credit reports.
  • The ability to lock and unlock Equifax credit reports.
  • Identity theft insurance, and Internet scanning for Social Security numbers - all complimentary to U.S. consumers for one year.

However, many are critical of this approach which in effect signs people up for the monitoring without providing any definitive answer as to whether they've been subject to a data breach. The company has also been robustly criticized after three Equifax senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach.

What You Can Do

With any attacks like these, it's vital that consumers stay vigilant. Some things that may help:

  • Monitor all of your accounts for any suspicious activity (someone may be using your social security number for example) and contact the provider as soon as you are concerned.

  • Change passwords and use two-factor authentication where available.

  • Get help from Identitytheft.gov if there are any irregularities as they provide a detailed action plan in the effect of any misuse from changing ID to freezing credit reports and clearing your name of criminal charges. They're the kind of activities you hope you don't have to deal with, ever, but it's good to have all of the information in a central place, coordinated by a legitimate source of knowledge.

  • There is also the option of long term security monitoring for a fee. Equifax's offer to date is only for a year, highly inadequate considering the repercussions of the breach could last years. 

Currently, we have no idea for what purpose the data was stolen or by whom. It could have been career criminals ready to sell the information on the dark web, opportunistic hackers who struck it lucky or those with links to international governments. Our identity is like a far reaching web which shoots threads into all kinds of places from our social media to our banking to our images posted online. This is not the first of these kinds of attacks and the severity shows that those professionals we expect to protect our information offer little evidence that they are able to do so. We need to take personal responsibility to secure our own cyber identity. 

Data (computing) consumer

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • The 31 Flavors of Data Lineage and Why Vanilla Doesn’t Cut It
  • Deploying Java Serverless Functions as AWS Lambda
  • The 12 Biggest Android App Development Trends in 2023
  • Utilize OpenAI API to Extract Information From PDF Files

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: