Equifax, a leading credit reporting agency, said today it had been breached by cyber criminals, exposing the names, social security numbers and other sensitive data of as many as 143 million United States consumers. Officials said the reported cybersecurity breach could be one of the largest in U.S. history.
Hackers reportedly exploited a website application vulnerability to gain access to certain Equifax consumer files sometime between May and July 2017. Details of the manner in which the cyber criminals accessed the Equifax system were not immediately revealed.
Equifax officials said they were working to determine the cause and manner of the massive breach, which also affected certain UK and Canadian residents. The company set up a website for consumers to check if their information was involved in the breach as well as a dedicated call center to handle consumer questions at 866-447-7559.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Proficio Reacts to Equifax Breach
John Humphreys, Proficio Senior VP of Business Development and Alliances, said the Equifax breach demonstrates the vulnerabilities of web applications, which often are not properly secured by developers or scanned for weaknesses by IT officials.
“The recent Equifax Breach is doubly unfortunate,” Humphreys said. “On one count, vulnerabilities to web applications have been well understood for many years. One would hope that software developers are following publicized guidelines to produce secure code and their counterparts in IT security are using commercial tools to scan for vulnerabilities. Second, there will be significant impact on a huge number of consumers. The type of data stolen will be very valuable for cybercriminals planning to commit identity theft or bank fraud.”
Today’s massive Equifax breach should serve as a warning to all companies and organizations about the importance of maintaining solid cybersecurity. As a result of lax monitoring of its security, Equifax is now suffering a public relations nightmare, damage to its brand and a financial disaster that could take years to clean up.
Proficio’s Director of Cyber Defense, Steve Groom, weighed in on the Equifax breach by sharing that threat actors around the world are highly motivated to steal personal identities and financial information because it yields the highest return on the black market, making headlines like this attack, which seem like a daily occurrence.
“To combat these types of attacks organizations need to evolve the maturity of their security program at a much faster pace and leverage service providers where necessary to provide an in-depth defense strategy in areas that are still under development,” stated Groom. “There is no question that Equifax has spent a lot of money, time and resources trying to secure their customers data, which should make everyone pause and ask the question: Have we done enough? Security programs need to be tested in the exact same way that they are tested in real life. Hackers don’t have a scope of work to follow and they certainly don’t have to play by your rules. Performing an annual security red team assessment with a qualified group of ethical hackers that closely mimics a real-world attack is critical these days when getting a full understanding of how strong your security program truly is. Monitoring your network 24×7, with eyes on glass will help you detect threats in real-time, and may provide you with a fighting chance.”
Companies must plan for the inevitable breach through building an incident response plan and testing it regularly so they can respond swiftly and effectively if a possible breach does occur. This attack preparedness could be the difference between you or someone else’s company being in the headlines next time.
To learn more about Proficio’s cybersecurity services that can help protect your company or organization from these types of attacks visit Proficio.com.
Online Security Best Practices and Tips
In light of the massive data breach at Equifax, Proficio’s security operations center experts put together a list of best practices and tips consumers should always follow to help protect their online information.
- Reset or Change Passwords. Especially if the password contains any personally identifiable information such as a name, date of birth or address. A key element of ensuring secure online accounts are safe is keeping track of your “password reset” questions. While you may have a robust password system and password manager, many time we see that users will reuse answers to password reset questions on multiple sites. As a significant amount of PII was stolen from Equifax, we recommend updating your password reset questions as well.
- Enable Multi-Factor Authentication. When possible, use Multi-Factor Authentication to ensure that your accounts are protected by more than just a password.
- Increase Awareness. Consider signing up for additional monitoring from banking providers and ID Theft protection services and take inventory of any additional services or accounts tied to personal or financial data.
- Be Cautious. Be careful what information is provided to others; especially when choosing an ID Theft monitoring service. Do proper research when signing up for any additional monitoring or providing sensitive information and be sure to read the Terms & Conditions. Be wary of emails, texts, and phone calls from individuals claiming to be from any of your service providers. This includes banks, Experian, and any other institution. Malicious actors will utilize fear and other phishing tactics to solicit additional sensitive information from a victim.
