The Equifax Breach
As you have likely heard, last week a serious breach of the Equifax credit reporting agency was made public, that exposed names, social security numbers, birthdates, debt, court judgments, etc… of over 140 million Americans. This leak is much more serious than most other publicly known breaches because of the nature of the data, and has made it easier for online thieves to perform identity theft. Please click the link below for details about the breach and its aftermath…
It is critical to take action at this time.
What should I do?
- Subscribe to an Identity Protection service. These services monitor activity on your banking and credit cards, and alert you to suspicious activity. Equifax is offering a free Identity Protection service to all Americans, regardless of if your data was included in the breach. Equifax initially included a disclaimer for those that sign up for the free service, that requires arbitration if there are any class action lawsuits, but has since excluded that language from this specific breach. Still, read the small print, and/or subscribe to another service.
- Consider placing a “Credit Freeze” on your files with the major credit bureaus. The article above discusses this in a little more detail.
- Check your credit report every 4 months and look for any unauthorized, newly opened accounts. Go to http://www.annualcreditreport.com.
- Enable Two-Factor Authentication on ALL online accounts – especially your business and personal email accounts. 2FA is “something you have and something you know”, and typically requires the user’s cell phone to gain access. This will make it much more difficult for a hacker to gain access to one of your online accounts, even if you accidentally provide your password to the scammer. Make sure to enable 2FA for online banking, Facebook, health care sites – basically everything! And why is protecting your mailbox so important? Your mailbox is a treasure trove of confidential information, and if someone obtained access to it they would then have the ability to send password reset requests to your online sites, including Cloud Apps, Online Banking, Facebook, etc…, and they could also use what they learn to attack people in your email circle.
Please pass this information on to your staff and loved ones.
Stay safe out there!
Peter Durand, Imagine IT, Inc.
Chief Technology Officer &
Certified HIPAA Security Professional