What to do in Response to the Equifax Data Breach

As you probably know by now, on September 7th, 2017, credit reporting bureau, Equifax, acknowledged they were the source of one of the worst data breaches in US history. The names, Social Security numbers, birth dates, addresses, and other information of roughly 143 million individuals are now in the hands of unknown criminals. That’s over half the adult population of the United States, and likely includes you or a close relative.

The information obtained in the breach can be used to open fraudulent financial accounts and to access existing accounts (among other actions), and will likely be sold on the black market. The “shelf life” of this data is long, meaning this breach could affect you tomorrow or several years from now.

All the facts of this breach are not yet known, but there are now enough to form an intelligent response:

What should you do about this breach?

Whether you were affected or not, one response is to freeze your credit reports at all three credit reporting bureaus. Freezing your credit reports means that they cannot be requested for the purposes of opening new accounts, applying for loans, or job applications (which is sometimes required nowadays). There is an excellent guide to this process at the following link: https://bit.ly/freezecredit.

In addition to yourself, you can freeze credit reports for your family, including minor children who have Social Security numbers and elderly parents or other relatives.

Also, you can share this post with your friends to help them understand their options.

Freezing your credit reports helps prevent criminals from opening fraudulent accounts in your name, but it doesn’t prevent other ways your information can be used against you. You should pay close attention to your existing financial accounts for signs of fraud. As stated above, this is a long-term problem, so you’ll need to make this enhanced diligence part of your regular routine of financial review from now on.

Please note, the above is not meant to be financial or legal advice. If you have concerns about what freezing your credit reports might mean, contact a competent legal or financial professional.

What can Clocktower Do to Help?

I wish I could say we had some way to keep our clients from feeling the effects of this breach. We don’t. What we can do is help prevent our clients from falling victim to further exploitation of this situation and similar attacks on their own networks:

If you’ve been paying attention to the news, you’ve likely heard warnings about scams related to disaster relief for the recent hurricanes. There will, undoubtedly be scams related to the Equifax breach as well. These will mostly come in the forms of phone calls and email messages. Our email security scanner will help filter out the scam emails. As for the phone calls, just know that (as stated in this FTC article) “Equifax will not call you out of the blue.”

There were two major factors that allowed this data breach to occur: The people supporting Equifax’s networks failed to apply a critical security patch, and they stored very sensitive data in an unencrypted (or easily decrypted) format.

Every single piece of equipment connected to your network and every single piece of software at your business is a potential security risk. If they’re out of date and unpatched, they are easy targets for criminal hackers. Clocktower monitors our clients’ systems and manages the software and devices to ensure they are patched and up to date. We also consult with our clients who store sensitive data to ensure they are practicing proper security protocols.

IT security is an ever-changing arms race, and no one can guarantee complete security, but I am proud to say that our managed services have never suffered a data breach, and it has been over two and a half years since any computer we manage has been infected with malware. That is something not many of our peers can say, it is a testament to how seriously we take security.

If you’re interested in how Clocktower can help keep your business protected from technology disruption and loss, please call us at 508-541-6413.