• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Consumer   »   The Equifax Data Breach: What Do I Do Next?

The Equifax Data Breach: What Do I Do Next?

  • Posted on:September 21, 2017
  • Posted in:Consumer, Current News, Security
  • Posted by:Rik Ferguson (VP, Security Research)
0
Email may not be as secure as many people might think.

On 8 September, credit reporting agency Equifax confessed to a major data breach. It affects 143 million Americans – nearly half of the US population – and 100,000 Canadian consumers. Unfortunately, this means that the hackers may have access to highly sensitive personal and financial information, allowing them to carry out follow-on attacks and identity fraud attempts.

Here’s what you need to know.

 

 

What happened?

Equifax is one of the big three credit bureaus in the United States: organizations that collect data on consumers so that lenders can determine how much they should give out in loans. The Atlanta-based firm has a huge trove of personally identifying information (PII) including names, birth dates, addresses, Social Security numbers and driver’s license numbers.

Judging by the latest information from the firm, an unpatched web server vulnerability allowed attackers to infiltrate its systems and access all of that customer data, related to 143m Americans, 400,000 in the U.K.; and 100,000 Canadians. In addition, 209,000 credit card numbers were stolen, as were 182,000 documents used in disputes, which also featured PII.

It’s about as bad as it gets. Gartner fraud analyst, Avivah Litan, described it thus: “On a scale of 1 to 10 in terms of risk to consumers, this is a 10.”

How will it affect me?

With the stolen data, scammers can impersonate affected consumers in interactions with banks, creditors and a wide variety of service providers. It clears the way for identity fraud on a massive scale, potentially allowing them to apply for loans and credit cards in your name, drain funds from your bank account and make card purchases in your name.

Tax scams are particularly concerning. With the stolen Social Security numbers, fraudsters could file fake returns early in your name to bag a refund from the IRS.

Another tactic to be wary of is follow-on phishing attempts. Fraudsters may send you legitimate looking but fake emails designed to trick you into disclosing yet further sensitive personal and financial information. These emails might look like they came from your bank, credit card company or even Equifax itself.

Fraudsters might also pick up the phone in so-called “vishing” attempts. The aim here is the same: they will pretend to be calling from a legitimate organization in order to elicit more information from you which can then be used to commit identity fraud. The scammers may well quote back to you some of the stolen info to make these requests sound more legitimate.

What do I do now?

Unfortunately, unlike account passwords and credit card details, much of the information that has been stolen from Equifax – names, addresses, Social Security numbers etc – is very hard if not impossible to replace. This means you will have to keep a close eye on your accounts to see if anyone is trying to use your name and details fraudulently.

Here are a few things to do straightaway:

  • Find out if you are affected. Check with Equifax here. Unfortunately, that will require you to provide the firm with a few more details (surname and last six Social Security number digits).
  • Enrol in free TrustedID Premier credit monitoring from Equifax. Previous reports that this process forfeited your right to sue are no longer accurate after Equifax updated its terms.
  • Set up fraud alerts with the three major credit reporting agencies: Equifax, Experian and TransUnion. These will alert you if someone tries to apply for credit in your name.
  • Set up fraud alerts for all your credit and debit cards. This will require you to contact each lender individually.
  • Consider setting up a credit/security freeze. This will lock down any credit information so fraudsters can’t open any new accounts in your name.
  • Regularly check your bank accounts/credit card statements for suspicious transactions.
  • Beware of vishing scams. Do not trust unsolicited calls and never hand out personal information over the phone. If you are concerned, ring back the company which the original caller said they worked for to double check.
  • Stay alert to phishing scams. Never open attachments or click on links in unsolicited emails, even if they appear to come from a reputable source. Again, contact the company they purport to have been sent from to double check. Grammatical errors in the email and unusual “from” addresses may indicate a scam.
  • File your taxes early for the 2018 financial year to beat any fraudsters looking to file in your name for an early rebate.

Related posts:

  1. Bank of America loses $10 million in data breach
  2. Equifax Breach – an Example of Good Communications
  3. Sound, Fury, And Nothing One Year After Equifax
  4. Trend Micro’s Data Breach Report: “Follow the Data: Dissecting Data Breaches and Debunking Myths”

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.