Last update: 05/02/2018

Equifax cyber-attack: The biggest personal data breach ever

The U.S. Consumer Protection Financial Bureau (CFPB) has pulled back from a full-scale investigation of how Equifax failed to protect the personal data of millions of consumers, following the cyber-attack suffered by the credit reporting firm back in September 2017. In this incident, an organized group of hackers managed to steal the personal information of more than 140 million of U.S. consumers, making this one of the biggest security breaches in history and probably the most important one involving theft of personal data.

Following the attack, Richard Cordray, then the CFPB director, authorized an investigation into the practices used by Equifax to protect the personal information of users.

However, the news that current head of the CFPB, Mick Mulvaney, who replaced Cordray last November, has put the brakes on the investigation has been met with heavy criticism in social media circles, raising questions about how President Trump’s former budget chief will be able to protect the rights of American consumers.

One of the biggest data breaches in history

On September 7, 2017, Equifax, one of the three major credit bureaus in the US, announced that cyber security incident involving consumer information of nearly half of the population in the US had been spotted on July 29th, 2017. In the press release, they stated that based on their internal investigation the data breach began taking place in mid-May, 2017 until it was intercepted on July 29th, 2017. They confirmed the personal information of more than 142 million people had been compromised. The stolen information includes personal information of Equifax consumers such as; full names, SSN, DOB, address, credit card numbers and driver’s license details. The breach includes sensitive personal data of UK and Canadian residents too.

The provider of consumer credit scores confirmed that even though the interference has been terminated, there is still an ongoing investigation about the damages as well as the reason for the data breach. It is not a secret that apart from being a credit bureau Equifax has also been marketing themselves as a “leading provider of data breach services, serving more than 500 organizations with security breach events every day.”

“This is a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said in an official statement Chairman and Chief Executive Officer, Richard F. Smith.

The Atlanta-based credit bureau created an emergency website that is supposed to be able to provide users with information if their details have been amongst the exposed ones. According to Equifax, all you have to do is fill in your last name as well as the last six digits of your SSN. Sadly, the website does not provide any information if your details have been compromised. Understandingly, the site sparked a wave of negative public reactions because the created website does not provide you with information if you’ve been amongst the victims, but simply adds you to a queue for a free identity theft service subscription that you may be able to get in about 7-10 days.

Things do not look well for Equifax senior team as Bloomberg reported three Equifax execs had sold nearly $2 million in shares in the Atlanta-based credit bureau few days after the breach was discovered. Did they know about the breach when they sold the shares? It is unclear, so we will leave this to the U.S. Securities and Exchange Commission for civil cases and the U.S. Department of Justice for criminal cases to decide.

The percentage of having your details exposed in this data breach is high, so there are a few things you should do immediately;

Monitor your bank statements. Check your credit card bank statements at least once a week for fraudulent transactions. It only takes a minute to have a quick look.

Avoid spoofing websites Multiple sites are conveniently offering to check if your details have been part of the breach. Do not use them, only go through sites that are approved by Equifax, i.e., https://www.equifaxsecurity2017.com/

Install antivirus software Having antivirus software installed on all your devices will add another layer of security to your personal information. Not having antivirus software in such times is utterly irresponsible.

Change passwords Changing your password needs to happen at least once every three months. The information from this breach combined with the information from other breaches might be exactly what hackers needed to strike.

Check your credit reports Be vigilant and install an application such as Credit Karma on your phone. Make a habit of checking your credit reports at least once a week and be sure to report fraudulent accounts immediately.

As you can see, no one is fully protected against cyber theft. Experian was a victim back in 2015, Yahoo, LinkedIn, and eBay has had data breaches too. We advise you to be vigilant and to monitor your banking and credit accounts. Never be afraid to report fraudulent account activity!