| Individuals October 16, 2017
October 16, 2017
By now you've likely heard about the historic Equifax cybersecurity breach that took place from May through July 2017. What you may not have heard is that Equifax was aware of the security vulnerability in their company's IT infrastructure before the data was compromised-highlighting the fact that many of today's leading organizations, even those that handle the most sensitive data, are playing an ongoing game of catch-up on the global cybersecurity front. Obviously, when your personal information is at risk, this isn't a game anyone is excited to play.
On September 7, Equifax announced that personal information from nearly half of all U.S. consumers (143 million individuals) - including credit card information, social security numbers, dates of birth, addresses, and more - was hacked by an unknown party. In real-world terms, this means that more than four out of every 10 people had their private information exposed.
Equifax revealed that hackers were able to access the data via a vulnerability in Apache Struts (CVE-2017-5638), the underlying application framework used on Equifax's online dispute website. In early March 2017, the U.S. Computer Emergency Readiness Team (U.S. CERT) "identified and disclosed" information regarding the vulnerability. Equifax admits its security organization was already aware of this vulnerability and had attempted to patch any affected systems within its IT infrastructure.
This breach of one of the three largest credit reporting agencies in the U.S., the Instagram data breach in which attackers reportedly compromised six million accounts, and ongoing attacks on patient records at healthcare organizations throughout the U.S. (including institutions in Arkansas, Delaware, and North Carolina) highlights how vigorous and widespread criminal hacking remains.
So what happens to all that data and what can you do if you suspect your information has been hacked as a part of the Equifax breach? When data is compromised on such a large scale, the long-term impacts can be wide ranging - everything from spam (resulting from stolen email addresses) to credit card and identity theft.
Identity theft can damage your credit rating, hurt job prospects, cause insurance rates to rise, and even leave you with a criminal record if an arrested individual uses your personal information, spammers can use email phishing scams to gain access to your computer, network, passwords, and additional private information.
The Anti-Phishing Working Group (APWG) recently reported that phishing scams in 2016 increased by 65% over the preceding year. More than 1.2 million different phishing attacks were recorded and the sophistication of these attacks continues to intensify.
If you believe you were affected by the Equifax breach, you can access the Equifax support site at http://www.equifaxsecurity2017.com/. Click on the "Potential Impact" tab and follow the onscreen instructions.
With such a large number of individuals at potential risk, now is the time to actively monitor and secure your personal information, including staying on top of all the organizations with whom you have shared your information — such as financial institutions, healthcare organizations, and social media sites. Lookout Premium Plus offers 24/7 U.S.-based phone support as well as Breach Report, keeping you up to date on the latest breaches impacting your data.
Upgrade to Premium Plus to keep one step ahead of the latest security incidents that can leave you vulnerable.