What do you do when you lose your wallet? Or worse, if it’s stolen? You contact your bank, you check your credit cards, you freeze your accounts – you’re on high alert for any suspicious activity that could lead to any form of exploitation. Now imagine, 145.5 million wallets being pickpocketed all at once by the same gang. Things get a lot more complicated.
In September of 2017, Equifax, one of the three major credit bureaus in the US, announced that they were hacked. In their statement, they mention the information that was accessed included the following: names, birth dates, home addresses, Social Security numbers, and in some instances, driver’s license numbers. An additional estimated 200,000 credit card numbers and over 180,000 personal identifying information of US consumers may have been accessed as well. There was also unauthorized access detected to limited personal information for certain UK and Canadian residents but further investigation is still underway.
If you’re thinking “Isn’t there anything in place to prevent this sort of thing?” and “What’s the worst that could happen?” then we urge you to read on.
Cyber security in a nutshell
Cyber security is the set of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. The level of cyber security depends on the nature of an organization and what sort of data they handle. For a national credit bureau, that would fall under highly sensitive which would require a high level of protection and a watchful eye for possible threats. But in the past two years alone, organizations have seen the likes of WannaCry and WikiLeaks among other malware and hacking groups taking hold of their information. Equifax, however, still takes the cake for being the largest data breach for 2017 but what exactly happened?
Here’s what we know
Equifax stated that the data breach occurred sometime between May and July 2017; this angered many consumers due to the fact that the company announced it after nearly three months had passed and pinned it on not knowing the scale and scope of the breach. It didn’t help their case that three senior executives reportedly sold a combined $1.8 million in company shares shortly after the breach was discovered, prior to the public announcement. None of which were pre-scheduled trades.
There is much speculation and debate surrounding the data breach but no concrete evidence has been found leading to who or what exactly got into their systems, consumer information, and credit reporting databases. As of now, they are under federal investigation and have set up a site for their consumers to check whether or not they are affected by the breach.
What’s at stake?
Oh, the irony of it all: a company built to safeguard consumer information with the promise to proliferate finances, losing over half of the US populations’ confidential data, making them targets for identity theft, credit fraud, and then some. So how bad is bad?
If the fraudsters start using the wrongfully acquired details in any monetary transactions, victims may find themselves buried in debt. And though it is possible to declare that it is not in fact you spending your money and pardon yourself of the debts, it’s still quite the task to convince banks, agencies, and the like otherwise. Let’s say you were successful in catching a fraudster; resolving incorrect information could still take weeks or even years, and ultimately reflects poorly on your credit score. A bad credit score, which is reliant on credit bureaus such as Equifax, makes applying for loans more difficult. Children may also be affected as some of their parents submitted documentation to support their credit information.
On top of all that, having your Social Security number stolen puts you at risk for criminal, medical, and even government benefits and documents fraud. Seeing as the perpetrators have yet to be exposed, there’s no telling when they may strike so it is highly advised to take necessary steps in order to check and protect your accounts and not wait until it’s too late.
Equifax’s Business Data
Such a breach in data also would inevitably lead to an audit of their internal security systems and process. To see if the hackers breached other parts of their internal network and if they made attempts to hack even more confidential data such as company financials, reports, and secrets.
Assumingly, Equifax was able to negate any more leaks from its internal business data with the bulk of the leaks coming from the consumer’s side.
Currently, Equifax is offering a complimentary service to all its US consumers whether or not they were impacted by the breach. The free service, TrustedID Premiere, includes identity theft protection and 3-Bureau credit file monitoring for Equifax, Experian, and TransUnion credit reports. Subscribers will be able to lock and unlock their Equifax credit report, identify theft insurance, and run an Internet scan for their Social Security number.
The process requires consumers to input their data then after a few days, they will receive a notification informing them that they’re eligible to enroll for the service. The offer will stand until January 31, 2018 and TrustedID Premiere will be made available to the public.
A website was also set up to go with the service to help consumers although
the reception suggests it has brought about more problems instead. Consumers were quick to call Equifax out on several bugs and hitches they discovered on the site, the biggest issue being an initial statement saying should they enroll for the service, their right to sue the company would be waived. They have since clarified the statement but it seems as though Equifax is not giving its consumers enough credit when it comes to reading the fine print.
Make your resolution, a reliable solution
If there’s any takeaway from this and data breaches of years past, it’s that they are inevitable but there are ways to cushion the blow.
Although consumers must accept the risks that come with putting personal information out there, especially in credit bureaus and even more so in light of recent events – when possible, they should opt for services and solutions that do not require highly sensitive data.
A company must always be prepared to have the necessary solutions and systems in place to negate these kinds of attacks. From using a board management software to protect internal boardroom data, to incorporating enterprise-grade systems in their business, this will help them bounce back and restore consumer’s trust in their company.