The Equifax Data Breach

What Can You Do to Protect Yourself?

man wearing mask in a hoodie on laptop

In October 2017, we learned of a data breach that occurred with Equifax, a consumer credit bureau, that impacted over 143 million consumers. According to the consumer information website hosted by the Federal Trade Commission, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.”

Equifax, along with TransUnion and Experian, make up the three major credit reporting agencies that store credit information, which includes your name, living addresses, and personal identifiable information (PII), such as your birthdate, driver’s license number, and social security number. As a consumer, we have no control as to which credit agency stores our information, nor can we validate the security of how that information is stored. When the Equifax data breach occurred between mid-May through July 2017, it was estimated that hackers had access to the consumer database that stored PII as well as credit card numbers for customers in the U.S., UK, and Canada.

It’s been widely published that hackers exploited an open-source software application that was used by Equifax for its consumer databases. According to a story on Wired.com, unfortunately, this database software had vulnerabilities, which Equifax didn’t take precautions to address, allowing hackers to compromise the system. According to the Privacy Rights Clearinghouse, which has been chronicling data breaches since 2005, there’s been about 8,000 data breaches that have been made public since 2005, impacting over 10 billion records.

The Equifax data breach impacted over 143 million consumers, a large number, but not as large as the Yahoo Inc. data breach that impacted over 1 billion consumers back in 2013—the largest published data breach in history.

What Can You Do to Protect Yourself?

Since it’s evident data was most likely compromised in the Equifax data breach, there are four actions that consumers can take to protect their information from data breaches. These actions are derived from advice provided by the Federal Trade Commission and other resources:

1. Request Your Credit Report

Whether you believe your data has been exposed in the Equifax data breach or not, you should request a copy of your credit report from each credit bureau. As a consumer, you are granted one free credit report annually from each credit bureau; visit annualcreditreport.com from a secured computer and network (not a public computer or public wireless network). You will want to check for any inaccuracies and pay attention to all accounts and activity to make sure you have not been a victim of identity theft.  It you find evidence of identity theft, you should visit IdentityTheft.gov to find out what to do.

2.Consider a Credit Freeze

If possible, put a credit freeze on your files through the credit bureau; you will have to contact each of the three major credit bureaus to do this. A credit freeze would not prevent hackers from gaining access to your current information; however, if  hackers try to open new accounts in your name (identify theft), having the credit freeze in place should prevent them from doing so.

3.Set Up Fraud Alerts

If you decide not to put a credit a freeze on your credit accounts, you can place a fraud alert on your files. A fraud alert warns creditors that you may have been a victim to identify theft; however, it does not prevent a hacker from stealing your account information.

4. Regularly Monitor Your Accounts

Monitor all your credit cards and back accounts. You should take advantage of your financial institution’s free monitoring capabilities, which may include putting alerts in place for activity that fits a certain threshold (e.g. any purchases over $100 would send an alert to your phone and/or email address). In addition, some banks now allow you to add two-factor authentication that requires you to enter a code sent to your mobile phone and/or email address, which you can then use to access your account. The constant monitoring may not prevent your data from being compromised, but along with other prevention capabilities discussed in this article, it will provide a layered defense in protecting your identity and stolen information from being exploited.

Amelia Estwick
About Amelia Estwick 1 Article
Dr. Amelia Estwick is the Program Manager at the National Cybersecurity Institute at Excelsior College (NCI) responsible for their cybersecurity research, training, and academic initiatives. Prior to her service at NCI, she worked in the Department of Defense (DoD) as a Technical Director for their Threat Operations Center, which is responsible for monitoring and securing DoD networks against cyberattacks. She has over 20 years of government IT experience (both civilian and military) working in the areas of cybersecurity, information assurance, and computer network operations and has held multiple positions to include: Senior Cybersecurity Analyst, Computer Science Researcher, and Software/Systems Engineer. Over the past four (4) years, Dr. Estwick has been an Adjunct Professor for three universities and has taught various undergraduate and graduate cybersecurity courses to include: Risk Management and Analysis, Cybersecurity Ethics, Information Assurance, Advanced Cybercrime Analysis, Intrusion Detection/Incident Response, and Computer/Digital Forensics. She is a National Physical Sciences Consortium (NPSC) Fellow, a Certified Ethical Hacker (C|EH), and a member of several computing and cybersecurity organizations.