By: Bob Risk
If you maintain a credit score, there is a high chance you are one of the 143 million Americans whose sensitive information was uncovered in the recent data breach at Equifax, one of the country’s three largest credit reporting agencies. This breach, which lasted from May to July, swiped people’s names, birthdates, Social Security numbers, addresses, and in many cases, driver’s license numbers. What’s more, these cybercriminals accessed millions of people’s personal information in the United States, United Kingdom, and Canada, snatching credit card numbers from roughly 209,000 users and dispute documents with valuable personal identifying information (PII) for roughly 182,000 users.
Below are immediate next steps to take to help safeguard your sensitive information:
- Familiarize yourself of the cyberattack. Crowned the largest risk to sensitive information in recent years, it is crucial to grasp the extent of this calamitous cyberattack and what specific personal information was targeted. Dangers unearthed during the cyberattack include:
- Wire fraud. This crime involves hackers stealing accounting information and requesting funds to be wired to overseas accounts if the wiring financial institutions have weak wire security policies in place.
- Fake Credit Accounts. After accessing personal information, hackers can create new credit card accounts in the name of the people whose information was stolen.
- Possible breach-existing Bank and Financial institutions on-line access to accounts. This action is a little harder to execute, as passwords and security questions were not part of this information stolen; however, there is enough information leaked to trick institutions into letting hackers reset security passwords and security questions
- Tax Return Fraud. With access to names, social security numbers and account information, it is easy for hackers to now submit fraudulent tax returns next January 2018.
- Double check your credit. Sites like Equifax, TransUnion, Experian, and Credit Karma all allow users to access their credit information—for free. In light of this attack, look at your information, check for new credit checks, credit cards and providers you do not recognize. Do this on a regular basis. Activity or accounts that you don’t instantly recognize could be a sign for trouble and you should contact the company on the credit report to let them know this is not you. For more information on monitoring your credit, visit this New York Times Article.
- Weigh your options. If you believe your information was compromised, there are many different routes you can pursue: placing a fraud alert on your files—lasting only 90 days, a credit freeze, or even filing your taxes early. However, note that a credit freeze may be difficult to complete due to the large volume freeze request Equifax has received to shut down their server for an hour on 9/13/17.
- Stay protected. To keep your personal information secure, join a paid-for credit monitoring service like LifeLock (approximately $10 per month). You can also change your on-line passwords and make sure they are complex and at least 10 characters in length. For more information on additional measures to protect yourself from future cybercrimes, visit the New York State Office’s Attorney General’s page, which details the investigation he opened for this attack.
To soften the blow of this breach, Equifax is monitoring its services around the clock and offering free credit-monitoring services to their customers. Nonetheless, from analyzing the extent of this cyberattack, it is clear that Equifax’s delay in making the breach public and the clumsy, if not irresponsible, way Equifax rolled out the free credit monitoring for effected people shows they had no breach plan in place to handle disasters like this. Companies large and small are simply not paying enough attention to the risks and damages that weak cyber security and planning present, which is why it is vital for you to take steps to protect your credit information.
Since cybercrimes can leave behind a devastating trail of tax fraud, it is important to also monitor any correspondence you receive from state tax authorities or from the IRS website. To learn more about recovering your information after a data breach, visit The Federal Trade Commission’s website on exposed or lost information. For reliable updates and notices on the caller scams arising from the breach, visit dependable websites identitytheft.gov and annualcreditreport.com.
If you have any questions regarding the protection of your information, please contact our cybersecurity expert Bob Risk.
Robert Risk is Director of Technology Advisory Services at Wiss & Company, LLP. If you would like to contact Bob, you may reach him at firstname.lastname@example.org or at 973.994.9400.