Back To Top

Equifax | When the bad guys have everything, what do we do next?

We have all become accustomed to hearing about Cybersecurity Breaches but this one may be the Mother of all Breaches.  The latest estimate, released October 2, is that 145.5Million people were impacted by the breach.  So almost half of America has had their Social Security Number compromised.

When a credit bureau is breached to this extent, questions start to come up.  Should we abandon Social Security Numbers?  If we replace them with another identifier, we only create the next target.  We will need another system for identification and credit reporting?  To some extent, you have to question whether we need to continue to protect data that has already been compromised and is likely on sale on the dark web already.

No matter what ends up happening, more than likely, your SSN has been compromised.  So since you have to assume that your information has been compromised, all you can do is to try and limit what people can do with that information.  After Equifax, I had a number of discussions with people about the fallout of the breach and a number of recurring things came up.

One thing that several people shared with me was that they had been monitoring their credit but not their spouse.  Like me, most of them had always done things jointly and never thought about the fact that their spouses’ SSN was still vulnerable.  It also brought up the issue that their children’s SSN was not being monitored.  Everyone with a SSN should monitor it.  The monitoring services will notify you if your credit is checked, if a loan is taken out, or other activity occurs at the credit bureaus.  They generally cost about $20 a month so it is not prohibitively expensive but it adds up.  With children, it could be $100 a month just for basic monitoring.

One thing that most experts were talking about was locking your credit.  You can go to the credit bureau and pay $10 to lock your information.  This will prevent random companies from checking your credit or someone trying to open an account with your information.  But there are 3 credit bureaus so again, this adds up and if you want to apply for a loan, you have to pay again to have it unlocked and then again to relock it…  Some monitoring services include this as part of the fee for one or more bureaus.   The comfort is that your account cannot be accessed.

So locking your credit and monitoring it should provide a good deal of protection from the risk of someone using the information stolen from Equifax.

While not related to the Equifax breach, I would also like to once again remind you to protect your passwords.  You probably already have plenty of accounts online that are protected only by a password.  Be sure to protect this information as well.  If you credit card or bank offers a multifactor authentication, use it.  While it adds a little more work to log in, it is well worth it.  What this means is that in addition to your password, you will get some other piece of information, generally sent to your phone, to enter into the site to get access.  It is not failsafe but as we have discussed before, security is about layers.  The more layers you can add the safer you are.

Also, do not use the same password for all your sites.  While it is inconvenient to use different passwords for each site, it is a very good idea.  That way if someone does get your password, they can’t use it to get into other sites.  Use a password vault to keep your passwords.  There are a number of apps for iPhone and Android that will allow you to encrypt all your passwords in one place and by having just a single STRONG password to open the vault all your passwords are available but protected.

Don’t forget all those security questions.  One recommendation I have heard several times is to create a fake self.  Make up a new maiden’s name for your mother, change your high school mascot, or the address you first lived at.  If the bad guys have all your real information, then you need new information.  Only problem is you will need to remember your new information!

So the good news is, you do not have to worry any more about your financial information being compromised… It already has.  Now just focus on protecting what can be done with that information.

LEARN MORE ABOUT OUR RISK ADVISORY SERVICES

curtis-thompsonThroughout his time at YHB Curtis has provided IT audit and consulting to clients, even while holding the position of the firm’s IT director for several years. Now, as head of the YHB Risk Advisory Services Team, Curtis focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services. Also, he frequently speaks and gives presentations on SOX compliance, internal controls, and data security.

Click to Learn More About Curtis