Equifax Security Breach Affects Nearly Half of U.S. Consumers
Equifax — one of the three largest providers of consumer credit scores — recently announced a security breach that may have exposed the personal data of as many as 143 million U.S. consumers. With the U.S. population at around 323 million, according to the U.S. Census, this breach affects nearly half of the country.
According to the company statement, Equifax said cybercriminals exploited a U.S. website application vulnerability to gain access to names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers. Moreover, the attackers accessed credit card numbers for approximately 209,000 U.S. consumers and certain documents containing personal identifying information for roughly 182,000 U.S. consumers.
The company discovered the unauthorized access on July 29 of this year and consulted a leading independent cybersecurity firm to handle forensic review and incident response. The investigation showed that the unauthorized access took place from mid-May to July 2017.
Equifax Security Breach Ramifications
The Equifax security breach puts a substantial segment of the U.S. at risk for identity theft and highlights the issue of accountability.
“There is no doubt that the information obtained by cybercriminals will be used in one way or another. With access to data of millions of users used for credit reporting, credit scores and more, Equifax should have taken steps to assure information was secure regardless of where it is stored or if it leaves the network or not,” Seclore CEO Vishal Gupta told HelpNet Security. “Until organizations responsible for safeguarding large amounts of user information shift to a data-centric security model, they remain highly valuable targets for [cybercriminals], who will continue to come up with inventive ways to infiltrate systems.”
According to Eduard Goodman, global privacy officer for CyberScout, the incident underlies one of the key issues with the U.S. consumer credit system. Furthermore, he feels that the effects from the security breach may last long into the future.
“We have become overly reliant on the three credit bureaus who act as the sole data ‘brokers’ and repositories of data for creditworthiness, making an exposure like this a very dangerous event,” Goodman told HelpNet Security. “With loss of not just SSNs but other secondary pieces of data like previous addresses, mother’s maiden name or the banking institutions with which consumers hold loans, to some degree we have exposed an entire consumer facing security ecosystem to failure since everyone from credit loan verification to online account sign-ups depend on this information to help verify us all. The impact of this breach, depending upon who actually has obtained the information and how it is misused could last for a decade.”
Equifax’s Risk Mitigation
Equifax established a dedicated website to help consumers determine if their information has been compromised due to the security breach, along with further steps that they can take to protect their personal privacy. The system allows for consumers to sign up for identify theft protection and credit file monitoring with TrustedID Premier, a credit monitoring service operated by Equifax. TrustedID Premier is complimentary to U.S. consumers for one year and includes three-bureau credit monitoring, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and internet scanning for SSNs, according to the company statement. Equifax advises consumers with further questions to contact their dedicated call center.