Equifax, the “information solutions company that analyzes data on more than 820 million consumers and more than 91 million businesses worldwide… with data contributed from more than 7,100 employers” suffered from one of the largest data breaches in cyber security history. To put it into numerical terms, around 143 customers have reportedly been affected. Worst of all, Equifax workers studying the hack had prior knowledge of the back door in their system.
Hackers gained access into the information of millions of clients through a hole in a program that was structured to form web applications. Those who were able to reach this back door now have information regarding names, numbers, birthdates, addresses, driver’s license numbers, and even as far as Social Security numbers of individuals.
Apache Struts is the name of the program that Equifax was using for its clients. The programming was the backing behind Equifax’s web portal that took clients to the page that would allow them to report any problems they had with their credit reports, and this is where hackers were able to gain access. However, this dent in the system was brought to the attention of Equifax executives prior to the breach back in March of this year. Though efforts were taken to patch any possibility of a breach, Equifax waited slightly too long to react as compromises took place from May 13th to July 30th. What makes the breach even more challenging to track is that customers of Equifax may not even know that they are customers as the company gets their information form credit card companies and other lenders and banks.
So what now? For one, Equifax published a link to a site on their own web page that would allow clients to see if their information had been compromised. To be specific,
immediately when signing on to their website, a disclaimer address flags users saying “to learn more about the cybersecurity incident, including whether your personal information was potentially impacted, or to sign up for complimentary identity theft protection and credit file monitoring…” and the link follows. The company has also used their Twitter platform to publish links to fake phishing websites to teach users a lesson about cyber security. Yet the company is being scrutinized for this marketing move as the irony lies in that these clients are trying to find out if they’ve been breached when using these Twitter links. Equifax has also come out with statements that they are going to mail the clients whose information has been hacked.
Now CEO Richard Smith is being scrutinized for his possible prior knowledge of the hack. The Federal Bureau of Investigation is even involved and Smith is set to testify in front of Congress in October. The Equifax stock has also lost about $5.5 billion.
It’s important to find out if your information has been breached, so in order to do so, there are some steps you can take. First, going to EquifaxSecurity2017.com to see if you have even been breached. If so, CNN Money recommends the following steps: “(1) Go to IdentityThefy.gov to file an identity theft report (2) Put a freeze or fraud alert on your credit reports (3) Request, in writing, to close fraudulent accounts (4) Dispute any fraudulent information on your credit report, and (5) Prevent future fraud by remaining vigilant”.