Equifax Data Breach: The Largest Cyberattack In U.S. History

December 8th, 2017 by admin

On September 7th, Equifax announced it was the victim of what is now being called the largest cyberattack in U.S. history. For nearly three months (mid-May to July 2017) hackers were undetected while accessing hundreds of millions of Social Security numbers, names, and other personal information. The CEO of Equifax, Richard Smith, resigned shortly after the breach. The company has since offered free credit freezes to those who will potentially be affected, but the real damage has not taken place yet. 143 million Americans have been compromised and have limited options to defend themselves going forward. The majority of people who had their information stolen will never have any problems come up, but the other few will not be as lucky. We discuss the options available to victims of fraud, the likely long-term impact of the breach, and what you can do to avoid becoming a victim of similar attacks in the future. If you or anyone you know has been directly affected by the breach, you may want to check out the official FTC guidelines. Equifax is one of the nation’s three major credit reporting agencies and has access to highly sensitive information. The company discovered a vulnerability in March that somehow slipped under the patch radar until May, when hackers started to abuse it. In this three month span they had complete access to millions of Social Security numbers and over 200,000 credit card numbers. Breaches like this happen every day, but of a much lower caliber. The technical specifics vary widely based on the hacker’s methods and what vulnerabilities they find. There are also many tools for hackers to abuse security failures in a website and steal sensitive information about that sites users. Imagine your local Chinese restaurant doesn’t have protection against SQL injection, you buy some Kung Pao and now your credit card information might get nicked. A month or two later you have some weird charges on your card, you file for fraud and hope for the best. Having your data stolen is easy if you don’t know how it works or what to look out for. The most important things to keep in mind with data breaches is that they take a lot of work for the hacker, they are exponentially more difficult to pull off on secured websites with SSL certificates (https websites), and they rely on abusing people who don’t know what they are doing. Hacking takes a lot of work. This is why hackers are usually looking for something of value or something they can hold for ransom. Any IDs, credit cards, or even social media accounts that have value may be targeted. A growing trend is to steal Instagram and Twitter accounts with a lot of followers, as these can be sold online for thousands of dollars. Know the value of your assets so you know if they will be targeted. When using these assets, be extra careful and set extra secure passwords. Only make purchases from secured SSL certificate websites. Anywhere you make a purchase will have your credit card information and could potentially lose it. So if that mom-and-pop store hasn't invested in a secure website, use cash. Hackers try to take advantage of people who are less knowledgeable about computers. They will use multiple scams and tricks to try and get the information they need. Watch out for sites that look suspicious (lots of flashing buttons and warnings that you are in trouble if you don’t click). Watch out for odd messages with links in them - even from friends or family. If their account has been hacked, hackers will send malicious links to their friends. Keep in mind hackers are a bit like vampires, for the most part they need your permission to enter and make changes on your computer. If they can trick you into giving them this permission (by clicking a link or visiting a fake website) you’ll be in some trouble. Now you know more about the Equifax data breach and ways to keep yourself secure in an increasingly online world. If you have any questions or comments send us a message. If you want to read more about data and security take a look at our related articles.   Kender Ostlund

Posted in: Protection, Security, News


Cal. Civ. Code § 1798.102 - Do Not Sell My Personal Information