Friday, April 26, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld Independent 

3 important things to know about the Equifax data breach

admin ,

Credit to Author: John Brandon| Date: Fri, 08 Sep 2017 11:14:00 -0700

When Gartner ranks a data breach as a 10 on a scale of 1-10, you know there is cause for alarm. A recent compromise at Equifax, a consumer credit reporting agency, resulted in 143 million records being stolen. Of those, at least 209,000 involved stealing a credit card number and over 182,000 records had to do with credit card disputes.

For anyone who follows all of these data breaches, here are three important things to know about how this one is different, what it means for your business, and why there is so much risk involved when it comes to warding off hackers.

One of the main reasons this story is in the spotlight: It is all about the personal information of users. Thieves stole information like “names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers” as stated in the press release. (The irony here is that Equifax itself offers identity protection tools.) Other breaches, including those at Yahoo and AdultFriendFinder, involved more account breaches, but the Equifax data includes more information like full names and birth date. Hackers who collect this data often sell it on the Dark Web because it can be used to break into additional secure sites.

As Equifax explained, the attack involved a compromise on a website, which means it was likely a coding vulnerability that allowed hackers to penetrate a database of user accounts. The attacks occurred this past summer, and the company first found out about it on July 29. As is often the case, the company has a certain period of time to analyze the risks but then must announce the data breach. Some have argued that is was much longer than usual.

The fact that Equifax is partly an identity protection company is one thing. For consumers who might be impacted by the breach, you can go to a website to find out if your data is safe. However, to do that, you have to enter your full name and the last six digits of your social security number. After that, you also have to agree not to sue the company. And, you might have to wait to get any results about your records.

http://www.computerworld.com/category/security/index.rss