If you are a regular consumer, you probably haven't thought too much about cyber attacks or data breaches. Most of us just accept passwords as a partly annoying but necessary factor of modern-day life. In some instances, we opt to get rid of them – making it easier for anyone to access our phone or laptop, and in fact, much of what we hold near. Think of how much information any of your devices holds nowadays? You likely have a banking app, your cards scanned, or shopping apps with your credit card details saved. Just a small data breach can expose your sensitive information. The last thing you need is your bank details in the wrong hands.
Although the technology is constantly improving to thwart off cyber attacks, the amount of them is still cause for alarm.
What is a Data Breach?
You may not even be sure as to what a data breach actually is. It is a confirmed incident where confidential or sensitive data has been hacked or accessed by a third party who should not have access to that information. When you see a data breach announced, it is a serious concern for the organization that it happened to, and the people whose information has been disclosed. This may be your name, address, your account details, your health files, or information that is sensitive to your business.
What was the Equifax Data Breach?
Between May and July 2017, hackers gained access to the data stored within Equifax servers, one of the country's three largest credit bureaus. This meant that millions, 147 million in fact, of people had their data stolen, or at least exposed in a security breach. This was one of the largest breaches seen to date globally, and its ramifications are still being felt, particularly in Equifax.
How Did The Data Breach Occur?
According to Equifax staff, it was the result of a flaw in a web-building application. In fact, the company was aware of the issue at least two months in advance of the data breach, however, they hadn't acted upon it. One of the main reasons for this is that no one had tried, in that time, to access the data. Then some wily hackers chanced upon the flaw, and within two to three months, they succeeded.
The tool that allowed the breach is called Apache Struts, and it transpires that the flaw in this software was identified in March. Many large companies across the U.S use Apache Struts and Equifax as a support for their online dispute portal. US-CERT, a cyber-security arm of the U.S. Department of Homeland Security, discovered the flaw and disclosed it to a number of companies. Steps should have been taken to prevent any customer information from getting out.
Although some efforts were made to try and repair or patch up the problem, it obviously wasn't dealt with correctly. Large organizations can take time to address issues such as these, due to their day-to-day activities and the amount of protocol to go through. However, there's no doubt that they left themselves exposed far too long, and by July 29th, when "suspicious activity" was noticed, it was far too late.
Was Anyone Held Accountable for the Data Breach?
Well, in effect, yes. It would seem that two people left pretty quickly after the news broke of the data breach. Susan Mauldin, the chief security officer and Dave Webb, the chief information officer, both "retired" from Equifax in September 2017.
The FBI and Federal Trade Commission both conducted investigations of Equifax in relation to the data breach. At the beginning of August 2019, it was announced that Equifax will have to pay up to $700 million to settle this with the Federal Trade Commission and other bodies, including the general public.
A pool of $380.5 million is available to compensate customers who were affected by the breach.
What You Should Do?
Well, first thing's first, if you don't know by now whether you were affected, then it's best to discover that first. Do that by visiting this site now.
Then you should follow these steps:
1. Pull up your credit report. See if there is anything unusual on it, paying close attention to the period of May – September 2017. Has anyone attempted to get a card using your details and Social Security number?
2. Submit a claim with Equifax for free credit monitoring. You can get this for up to ten years on your account. If you were under 18 at the time of the breach, you will be eligible for up to 18 years of free credit monitoring. Previously there was a cash settlement offered if you had credit monitoring in place, however, since many people applied for this option, the fund has receded.
3. If there has been unusual activity on your credit report, then you should file a claim immediately. Claims can only be filed until January 22nd, 2020.
You can file claims for:
a) Time you spent dealing with the breach. This is capped at 20 hours.
b) Any losses from unauthorized charges to any of your accounts, or accounts set up in your name.
c) Any fees for freezing or unfreezing your credit report in relation to this breach.
d) The cost of any professionals you hired in relation to this, such as attorneys or accountants.
e) Any additional charges related to the above such as travel, notary fees, postage, document shipping, etc.
Note that cash payments are capped at $20,000 per person.
To Protect Yourself In Future
Although it can be difficult to protect your information when it is in the hands of big companies, you can be careful who you are giving it to.
You can take steps to protect yourself against identity theft, and discover what you should do if you have been a victim of this crime.
Always ensure you keep your information private, even when you are just filling it in on a form at the local post office or bank. If you are online, ensure that you are not on a public network where the simplest of hacks could pick up on your information. If you are trusting a company with your private information, then ask them how they are going to protect it. Let's hope big organizations have learned a lesson from the Equifax data breach.