Saturday, May 4, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security TrendMicro 

The Equifax Data Breach: What Do I Do Next?

admin , ,

Credit to Author: Rik Ferguson (VP, Security Research)| Date: Thu, 21 Sep 2017 13:00:38 +0000

Email may not be as secure as many people might think.

On 8 September, credit reporting agency Equifax confessed to a major data breach. It affects 143 million Americans – nearly half of the US population – and 100,000 Canadian consumers. Unfortunately, this means that the hackers may have access to highly sensitive personal and financial information, allowing them to carry out follow-on attacks and identity fraud attempts.

Here’s what you need to know.

 

 

What happened?

Equifax is one of the big three credit bureaus in the United States: organizations that collect data on consumers so that lenders can determine how much they should give out in loans. The Atlanta-based firm has a huge trove of personally identifying information (PII) including names, birth dates, addresses, Social Security numbers and driver’s license numbers.

Judging by the latest information from the firm, an unpatched web server vulnerability allowed attackers to infiltrate its systems and access all of that customer data, related to 143m Americans, 400,000 in the U.K.; and 100,000 Canadians. In addition, 209,000 credit card numbers were stolen, as were 182,000 documents used in disputes, which also featured PII.

It’s about as bad as it gets. Gartner fraud analyst, Avivah Litan, described it thus: “On a scale of 1 to 10 in terms of risk to consumers, this is a 10.”

How will it affect me?

With the stolen data, scammers can impersonate affected consumers in interactions with banks, creditors and a wide variety of service providers. It clears the way for identity fraud on a massive scale, potentially allowing them to apply for loans and credit cards in your name, drain funds from your bank account and make card purchases in your name.

Tax scams are particularly concerning. With the stolen Social Security numbers, fraudsters could file fake returns early in your name to bag a refund from the IRS.

Another tactic to be wary of is follow-on phishing attempts. Fraudsters may send you legitimate looking but fake emails designed to trick you into disclosing yet further sensitive personal and financial information. These emails might look like they came from your bank, credit card company or even Equifax itself.

Fraudsters might also pick up the phone in so-called “vishing” attempts. The aim here is the same: they will pretend to be calling from a legitimate organization in order to elicit more information from you which can then be used to commit identity fraud. The scammers may well quote back to you some of the stolen info to make these requests sound more legitimate.

What do I do now?

Unfortunately, unlike account passwords and credit card details, much of the information that has been stolen from Equifax – names, addresses, Social Security numbers etc – is very hard if not impossible to replace. This means you will have to keep a close eye on your accounts to see if anyone is trying to use your name and details fraudulently.

Here are a few things to do straightaway:

  • Find out if you are affected. Check with Equifax here. Unfortunately, that will require you to provide the firm with a few more details (surname and last six Social Security number digits).
  • Enrol in free TrustedID Premier credit monitoring from Equifax. Previous reports that this process forfeited your right to sue are no longer accurate after Equifax updated its terms.
  • Set up fraud alerts with the three major credit reporting agencies: Equifax, Experian and TransUnion. These will alert you if someone tries to apply for credit in your name.
  • Set up fraud alerts for all your credit and debit cards. This will require you to contact each lender individually.
  • Consider setting up a credit/security freeze. This will lock down any credit information so fraudsters can’t open any new accounts in your name.
  • Regularly check your bank accounts/credit card statements for suspicious transactions.
  • Beware of vishing scams. Do not trust unsolicited calls and never hand out personal information over the phone. If you are concerned, ring back the company which the original caller said they worked for to double check.
  • Stay alert to phishing scams. Never open attachments or click on links in unsolicited emails, even if they appear to come from a reputable source. Again, contact the company they purport to have been sent from to double check. Grammatical errors in the email and unusual “from” addresses may indicate a scam.
  • File your taxes early for the 2018 financial year to beat any fraudsters looking to file in your name for an early rebate.

http://feeds.trendmicro.com/TrendMicroSimplySecurity