Follow-up Advice from the Equifax Hack


Following up on my previous post about the giant Equifax hack, I wanted to share some additional recommendations from my friends at KnowBe4.


“Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:

  • Phishing emails that claim to be from Equifax where you can check if your data was compromised.
  • Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information.
  • Calls from scammers that claim they are from your bank or credit union.
  • Fraudulent charges on any credit card because your identity was stolen.

Here are 5 things you can do to prevent identity theft:

  • First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that).
  • Check your bank and credit card statements for any unauthorized activity.
  • If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.

And as always, Think Before You Click! “

Some additional things to keep in mind.  It’s still very early in the process of assessing the impact of this hack.  I’ll post more updates as I learn more.

For now, the above advice is good to consider.  This hack is unique because a credit bureau track just about every piece of information needed to compromise your credit and your identity.  You don’t have to be an actual customer of Equifax for them to have this data on your personal identity.  We have to assume that your personal information is now in the hackers hands and likely for sale on the Dark Web to those looking to steal identities.

It appears that Equifax was hacked due to a web-app vulnerability.  This is why it is critically important that your business scan for these types of vulnerabilities.  It’s not just about penetration testing and vulnerability scans.  Yes, they are important, but so are scans against any web facing systems you have that allow access to confidential information.  These web-apps need to be regularly scanned to be sure they are safe and most importantly, so is the information behind them.

If your business does not have a proactive cyber security scanning program in place, this should be a glaring warning that you need one.  If a company as large and technically savvy as Equifax can be hacked, so can your business.

3 thoughts on “Follow-up Advice from the Equifax Hack

  1. Mike Beuster

    Mr. M. J. Shoer, President and Virtual Chief Technology Officer at Jenaly Technology Group, Inc.

    Mr. Shoer:


    We wish the US Government was equally as up to date

    We want to know what ‘Deep Panda’ and China’s main military intelligence service that has been linked to cyber attacks the Third Department of the General Staff, or 3PLA, which conducts cyber warfare have done with my March 1997- SF86, Nov 2001 – SF86, Sep 2006 – SF86 Security Clearance Background information in their OPM Hack along with 22+ million other Americans private? information. ”
    Ex- President Obama, Attorney General Loretta E. Lynch and Department of Homeland Security Secretary Jeh Johnson, together with Chinese State Councilor and Minister of the Ministry of Public Security Guo Shengkun have tried to cover it up.
    Dan Tentler, founder of cybersecurity firm Phobos Group argued that the government’s obsession with compliance to appease lawmakers and auditors alike is lazy, and doesn’t fundamentally make their systems any more secure. His security firm, which has a business interest in penetration testing and red-teaming, preaches that best practices and security compliance tend to be bare-minimum efforts, and should not dictate how security operates.
    “The reason [the attack on] OPM happened is because people didn’t care about security. People did the barest minimum. And even when people aren’t qualified, they refuse to let qualified people in, and they don’t want to admit they have problems,” he said.
    Other government departments, he said, are heading in the same direction.
    “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said. “But the bad guys can scan whatever they want, for as long as they want, and exploit whatever they feel like.”
    “Well, Russia and China don’t care,” he added. “You can bet they’re scanning those networks.”

    Why didn’t OPM Head and her CIO go to jail instead of being allowed to retire?

    Why did the FBI not mention the OPM Hack when they arrested Yu Pingan?

    OPM HACK Girard Gibbs as Lead Counsel filed a complaint on March 14, 2016. The complaint is filed on behalf of “All current, former, and prospective employees of the federal government and its contractors, and their family members and cohabitants, whose sensitive personal information was compromised as a result of the breaches of OPM’s electronic information systems in 2014 and 2015 or the breach of KeyPoint’s electronic information systems in 2013 and 2014.

    Respectfully yours,

    Mike Beuster
    Blairsville, GA

  2. MJ Shoer

    Dear Mr. Beuster,

    I know several people who were also exposed due to the OPM hack. While I have not researched all the details of the hack, I do not believe there was any cover-up. Rather, some very specific steps were taken as a result, including moving custody of clearance information from OPM to DoD under Cyber Command, to help fortify the protection of the information. While I can appreciate the level of upset you have, the actions of OPM officials were not criminal. The primary thing that everyone needs to understand is that is impossible to guarantee 100% safety of data. That’s the reality that we presently live in. When the likes of OPM and Equifax get hacked, it should send a loud and clear message that absolute data security is not yet possible. Are there steps that can be taken to better secure data, of course. Are there more aggressive monitors that could be employed to detect breaches, most likely. At the end of the day, any organization that houses data has to assume they will be hacked. The question becomes, as I have heard numerous FBI cyber agents say, will you know when you have been hacked? I have attended numerous FBI briefings where they have been quite clear about who the Chinese actors are that have perpetrated these hacks. There are active warrants for their arrests, but as I’m sure you know, they can’t be arrested in China itself. It’s a complicated problem and the government does need to do better, as do companies from the local gas station to our largest multi-national corporations. It’s a very fluid situation. Thanks for taking the time to comment.


    MJ Shoer
    Director, Client Engagement & vCIO

    • Mike Beuster

      MJ Shoer Director, Client Engagement & vCIO Onepath

      Mr. Shoer:

      Thank you for the quick response.

      The OPM ‘Officials’ were warned eight separate times by the OPM IG their systems were at risk and they did nothing – causing criminal violations of the ‘Privacy Act’. As well as National security violations. We know the government is covering up.

      CIA pulled officers from Beijing after breach of federal personnel records

      Unfortunately moving custody of clearance information from OPM to DoD under Cyber Command and the investigation process back to the DOD as well is like taking two steps backwards.

      Re: DAILY NEWS Lawmakers seek to let Defense Department take over security clearance investigations
      July 10, 2017 | Justin Doubleday – Congressional defense committees are pushing to allow the Defense Department to take over background investigations for its security clearance applicants, as the backlog of open investigations at the Office of Personnel Management approaches 700,000 cases. The Senate Armed Services Committee’s fiscal year 2018 defense authorization bill would require the Pentagon to prepare to take over security clearance investigations for its personnel and contractors no later than Oct. 1, 2020, according to a committee aide…’

      Here’s and example of what I am talking about. Before strapping into a Counterintelligence polygraph required to keep my job around 1997 (every five years) the investigator said “Mike do you have any issues/concerns”? I said “Yes, If I had gone to Moscow at the height of the Cold War/Vietnam War and had gone to a Peace Conference January 2, 1970, then taken a 40 day trip behind the Iron Curtain, would I be sitting here today”? He said “Probably NOT”! I said “we know who did don’t we – Bill Clinton”.

      See:- CLINTON’S CZECH-COMMUNIST CONNECTION Published: 04/30/1999 at 1:00 AM –

      See: Bill Clinton’s Soviet Connection by Reed Irvine and Cliff Kincaid on September 12, 2001 –

      See: Published 1996 – Unlimited Access : FBI Agent Inside the Clinton White House – by FBI Agent (Ret.) Gary Aldrich – page 255 – Epilogue – Summary – Recommendation – Normally, no suggestions or conclusions are offered to a reader at the end of a summary background investigation. But in view of the evidence, the following recommendations is made: That the application of Bill Clinton and Hillary Clinton for security clearances, permanent White House passes, and ACCESS TO THE WHITE HOUSE BE DENIED.

      Judge orders feds to release details of Clinton email probe after FBI refused request

      We see a pattern here that shows a double standard in the National Security Clearance System/Process. Over the years I have said to the government they need to start at the top – CINC on down, must strap in, no exceptions. Will never happen. The ‘Elites’ think they are better than we are. We don’t think so.

      Respectfully yours,

      Mike Beuster
      Blairsville, GA

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.