“Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:
- Phishing emails that claim to be from Equifax where you can check if your data was compromised.
- Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information.
- Calls from scammers that claim they are from your bank or credit union.
- Fraudulent charges on any credit card because your identity was stolen.
Here are 5 things you can do to prevent identity theft:
- First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that).
- Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/.
- Check your credit reports via the free annualcreditreport.com.
- Check your bank and credit card statements for any unauthorized activity.
- If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.
And as always, Think Before You Click! “
Some additional things to keep in mind. It’s still very early in the process of assessing the impact of this hack. I’ll post more updates as I learn more.
For now, the above advice is good to consider. This hack is unique because a credit bureau track just about every piece of information needed to compromise your credit and your identity. You don’t have to be an actual customer of Equifax for them to have this data on your personal identity. We have to assume that your personal information is now in the hackers hands and likely for sale on the Dark Web to those looking to steal identities.
It appears that Equifax was hacked due to a web-app vulnerability. This is why it is critically important that your business scan for these types of vulnerabilities. It’s not just about penetration testing and vulnerability scans. Yes, they are important, but so are scans against any web facing systems you have that allow access to confidential information. These web-apps need to be regularly scanned to be sure they are safe and most importantly, so is the information behind them.
If your business does not have a proactive cyber security scanning program in place, this should be a glaring warning that you need one. If a company as large and technically savvy as Equifax can be hacked, so can your business.