I run a cybersecurity operation for a multi-billion dollar financial institution. So, as you can guess, I spent a good portion of the last 24 hours researching and understanding the impact this breach had on our customers. I want to share (what I can) the results of that research with you. Most of which was confidential, and not pertinent to you, has been removed.
With that, please take a look and make sure to follow the instructions to check if you are impacted and to sign up for identity theft protection.
As a side note, if you are looking to protect yourself from a popular form of cyber-attack, please check out my other article on ransomware:
Update on Equifax Legal Rumors
Highlights of Equifax Breach
Highlights from Rick Smith’s statement, Chairman and CEO of Equifax:
- Discovered unauthorized access to “certain Equifax data files” on July 29th
- Equifax acted immediately to stop the intrusion
- Equifax engaged a leading cybersecurity firm to investigate and determine scope of intrusion
Conclusions from the Investigation
- Unauthorized access occurred during Mid-May and July
- No evidence of unauthorized activity on Equifax’s core credit reporting databases
- For approx.. 143,000,000 U.S. consumers: Names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers
- For approx.. 209,000 U.S. consumers: Credit card numbers
- For approx.. 182,000 U.S. consumers: Certain dispute documents with personal identifying information
Equifax Offering Protection
Equifax is offering every US consumer:
- A comprehensive package of identity theft protection and credit file monitoring
- Special call center (866-447-7559) and dedicated website (www.equifaxsecurity2017.com) to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection
From the Equifax incident website (www.equifaxsecurity2017.com):
The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year.
The website also provides additional information on steps consumers can take to protect their personal information.
Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers.
The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.
How to Check for Impact and Enroll in Protection
Consumers should follow these instructions to check if they have been impacted by the breach as well as to enroll in one year of free identity theft protection and credit card monitoring services.
1. Go to www.equifaxsecurity2017.com and click Enroll
2. On the next page, click Begin Enrollment
3. Enter your last name and the last 6 digits of your Social Security Number, and click Continue
4. You will be presented with a message indicating whether or not you have been impacted by the breach
5. Click Enroll again
6. You will be given an enrollment date for TrustedID Premier. On your assigned date, come back to https://faq.trustedidpremier.com/ or https://www.equifaxsecurity2017.com/enroll/ and click Continue Enrollment to complete the enrollment process.
Other Intel – Spike in Online References to Equifax
- There have been 17,688 references to Equifax Inc over the past 60 days
- 17,617 of those references occurred in the last 7 days
- 16,818 of those references occurred in the last 2 days
This information is mostly comprised of news sources and social media mentions about the breach itself.
First off, please make sure you follow the instructions listed above (and below) to protect yourself.
Second, it’s not uncommon now-days for most of our information to be well-circulated on the dark web due to various breaches of major organizations.
I think it’s safe to always assume that your information is compromised and to take other precautions, we call them “mitigating controls” in the cybersecurity field.
Freeze Your Credit
Remember that hackers also know about this “free one year of credit monitoring” as well. They can read the news. They can also wait for two or three years before using your data. Happens all the time.
That’s why placing a freeze on your credit is so important (see below for details).
- Contact each of the credit reporting companies (use the web link or phone number) to place a freeze on your credit. This will prevent new lines of credit from being established in your name:
Equifax – 1-800-349-9960
Experian – 1‑888‑397‑3742
TransUnion – 1-888-909-8872
Change and Protect Your Passwords
- Change passwords for online financial accounts
- Use unique user/password combos for your accounts (if one is compromised, an attacker will try other sites to see if those same credentials work)
Yes, this is a difficult feat to accomplish. Welcome to 2017 where password managers have come a long way. I use Dashlane to manage over 200 complex and unique passwords, and love it:
General Security Recommendations
- Use an up-to-date anti-virus software on your computer
- Never use someone else’s computer to log into a sensitive site
- Never connect someone else’s USB drive to your computer (or CD/DVD if you can avoid it) – malware can deploy itself from these mediums
- Never open attachments or click on links from unknown or unexpected email senders
Anything to add? Questions?
Please let me know in the comments. If you found this helpful, definitely share it using those nifty share buttons. Subscribe for more helpful article like this.