It seems like every other day we read about a major hack or security breach that exposes our personal and financial information. But news about the Equifax data breach, one of the three major credit reporting agencies, was different.
The amount of information stolen was extensive, leaving 145 million Americans vulnerable to identity theft. What makes this breach particularly concerning is the type of data stolen: names, social security numbers, birth dates, addresses and some driver's license numbers. Credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people were also stolen.
Anyone impacted by the breach is now at risk of identity theft and fraud. Your personal information can be used by, or sold to, criminals who can use it to open credit cards, take out loans, make purchases in your name — or even drain your bank accounts.
Even if you were lucky enough not to be one of the hundreds of millions of people affected by the breach, this event still puts you at risk. Scammers are already finding ways to take advantage of the hack and the publicity surrounding it. All consumers, even those who have put an immediate fraud alert or credit freeze on their credit files, must be doubly vigilant.
Keep an eye out for the following:
How did this happen?
In a nutshell, the breach came down to a flaw in a piece of web software, Apache Struts. The tool is used by many large businesses and government organizations — Equifax used it to support their online dispute portal where customers go to log issues with their credit reports. The most frustrating part about this breach is that a patch became available months prior, so this whole thing could have been completely avoided.
Patching software at big corporations with many machines does take time. They must first identify the vulnerability, then implement and test the patch to make sure it doesn't break anything before going with the update.
This event should raise some questions for business owners.
1. Do you know and trust your vendors? Do you trust your vendors’ vendors?
2. Who is responsible for patching your critical business applications and your network?
3. Do you know the protocol your vendors take they follow to prevent this from happening to your business?
At IT Solutions, we take a proactive approach to safeguard our clients’ network and applications. ITSecure is our managed security offering that comes with all of our SharedVision plans. To learn about our multi-tiered approach to security, download our factsheet: 10 Ways ITSecure Protects Your Data.