Dealing with the Equifax Data Breach
Another day—another data breach.
Back in September, the Equifax data breach was briefly the top news story. It affected roughly one half of the taxpaying adults in the United States—around 145 million by recent estimates—providing cybercriminals with sensitive financial data. Couple that with the fact that “Ars Technica recently reported ”
that ads on the Equifax website linked to malware, and this cybercrime incident is a news story that won’t fade into the background.
So what happened?
In many ways, the Equifax breach echoes attacks that occurred earlier in the year.
In May and June, ransomware attacks were perpetrated using a security flaw in the Windows operating system. Now, Microsoft had already issued a patch fixing the issue, but cybercriminals know that most people procrastinate, sometimes taking months or years to download and install critical patch data.
So these criminals simply send phishing emails containing links to ransomware and wait. Once one person on the network clicks the link, all connected computers are infected. Such events are terrible for families with home networks, but become catastrophic when involving businesses storing loads of sensitive client data.
While Equifax was not a victim of ransomware, it did fall prey to an unpatched security vulnerability. All other recent issues surrounding the company’s handling of the breach aside, this is a pattern that can be stopped if everyone—from individuals to corporations—would make sure all computer programs have the most recent patch installed and stop clicking suspicious email links.
What should you do?
The consensus among experts seems to be that victims should freeze their credit report with all three credit reporting agencies: Experian, Equifax, and TransUnion.
A credit freeze will keep ne’er-do-wells from using stolen financial information to apply for new credit cards or loans, but it also means that consumers now have to inform these agencies every time they need the freeze lifted. Unfortunately, that service often costs money.
If you want more information on how to handle an identity theft incident, the FTC has a “a pretty good checklist”
You know what’s scary?
According to “NPR’s Marketplace Weekend”
, 71 million Americans don’t even know that the Equifax data breach occurred, and young adults are even less likely to know about it. That means it’s pretty likely that you have clients who could have been affected and have no idea that their data has been compromised.
While you’re making sure that employees commit “don’t click on suspicious email links” to memory this tax season, it may also be a good idea to discuss how to prevent and respond to data security issues with your clients.