By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
By John DeMarzo, Risk Advisory Services Associate
On Sept. 8, 2017, Equifax, one of the three major credit reporting agencies in the United States, announced that it had been the victim of a data breach. According to the company, the breach lasted from mid-May through July, and the hackers were able to access people’s names, Social Security numbers, birthdays, addresses, and driver’s license numbers. The hackers were also able to steal credit card numbers for about 209,000 people.
How were the hackers able to breach the network? By exploiting a vulnerability on the network. The attackers were able to access the network two months before the hack actually occurred.
According to USA Today, “The Equifax data compromise was due to [the company’s] failure to install the security updates provided in a timely manner,” the Apache Foundation, which oversees the widely-used open source software, said in a statement on Sept. 14, 2017.
If you are worried that your personal information was compromised, do not be alarmed: there are steps that you can take to find out if you were affected by the breach, and if so, how you can protect yourself. The first thing you should do is find out if your information was stolen. This can be accomplished by accessing www.equifaxsecurity2017.com, clicking on the “Potential Impact” tab, and entering both your last name and the last six digits of your Social Security number.
It should be noted that embedded in Equifax’s terms of service is a statement that any consumer who enrolled in credit monitoring protection with the company is unable to participate in any class-action lawsuits against Equifax. However, in the immediate aftermath of the cybersecurity incident, the company clarified that those terms of service do not apply to those consumers who sign up for credit monitoring as a result of the incident. That is to say, if you enroll in credit monitoring with Equifax, that will not prevent you from participating in future class-action lawsuits. The deadline to sign up for one free year of Equifax credit monitoring is November 21, 2017.
If your information was compromised, the Federal Trade Commission (FTC) provided some additional steps you can take to protect yourself:
- Check your credit reports. This can be accomplished for free by visiting www.annualcreditreport.com. If you spot any accounts or activity that appears suspicious, you can visit IdentityTheft.gov, which assists consumers that have been victims of identity theft.
- Consider placing a credit freeze on your accounts. This will make it difficult for an identity thief to open a new account in your new name. However, this will not prevent an identity thief from making changes to existing accounts. Here is an FAQ about credit freezes.
- Monitor your credit card and bank accounts on a regular basis. This will enable consumers to spot any suspicious activity in a timely fashion.
- Consider placing a fraud alert on your files. This signals to creditors that you may be a victim of identity theft and that they should verify that anybody seeking credit in your name is truly you.
- File your taxes early. The earlier you file your taxes, the less likely it is that a fraudster will. Tax identity theft happens when a fraudster uses your Social Security number to get a tax refund or a job.
Here at Keiter, we can help clients protect themselves against data breaches or other cyberattacks that would be extremely detrimental to its operations, as well as provide critical insight into an organization’s cybersecurity footprint. Good cybersecurity starts with strong corporate governance and ends with properly trained staff and security systems. Our cybersecurity services include cybersecurity governance, security-specific IT controls, vulnerability scanning, penetration testing, social engineering, and security awareness training.
About the Author
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.