Late Thursday, news broke of a huge data breach which impacted Equifax, a credit-monitoring agency. Credit-monitoring agencies have loads of sensitive data about millions of people.
The vast majority of adults have some sort of credit score - whether it's good, bad, or neutral. Lots of people from a variety of socioeconomic groups, at least at some point in their lives, acquire mortgages and car loans. Those who don't will usually have at least one credit card in their lifetimes.
Agencies like Equifax use all of the data they gather on millions of people to help banks, credit card companies, telecommunications companies (think cellphone plans), and other types of lenders make decisions about whether or not an individual or organization is worth a certain credit risk.
The data breached in the cyberattack on Equifax includes social security numbers, people's names, birthdates, driver's license numbers, home addresses, and some credit card numbers. If you're American, there's a very good chance that you are affected. Equifax says that about 143 million Americans had their data breached. According to a 2016 US Census estimate, the American population is about 323 million.
If you're not American, you may still be a victim of Equifax's data breach. Equifax says that some Canadians and Britons also had their personal information exposed, but the agency won't disclose numbers at this time.
With regards to the affected Canadian and UK citizens, Equifax said:
"Equifax will work with UK and Canadian regulators to determine appropriate next steps. (We've) found no evidence that personal information of consumers in any other country has been impacted."
Equifax discovered the breach on July 29, even though the news wasn’t made public till September 8. Upon discovery, Equifax hired a cybersecurity firm to conduct a forensic review to determine the scope of the breach. Equifax said the cyberattack occurred between mid-May and July 2017.
Gartner security analyst Avivah Litan said:
"On a scale of one to 10, this is a 10 in terms of potential identity theft. Credit bureaus keep so much data about us that affects almost everything we do."
Associate professor of the accounting and information systems division of the UBC Sauder School of Business in Vancouver Hasan Cavusoglu said:
“Every company will have some exposure to risk depending on the kinds of information they keep about their customers. The more information you keep, the more likely it is that adversaries will target your organization. If we create these 'superentities' – like super data collection companies – we are collecting much larger data sets and they will be more likely to be targeted.”
To find out if you're a victim of the breach, Equifax has setup a website for you to check: https://www.equifaxsecurity2017.com. You can also phone 1-866-447-7559.
Cylance’s Director of Product Management & Marketing, Hiep Dang, offers a few further suggestions for those concerned about the Equifax breach:
A few things everyone should do immediately in light of the Equifax breach: