IT Security Alert - Equifax Data Breach

09/11/17

Contributed by Karen Compton

As you may have seen in the news, the consumer credit reporting agency, Equifax, has reported a major information security breach. Personal data, including Social Security numbers, dates of birth, and driver license numbers, of 143 million Americans may have been exposed to attackers who compromised Equifax’ systems between mid-May and July of this year.

In addition to information useful for identity theft, various personal information compromised in this breach could be used in future attacks. The data may include past addresses and other information that are often answers to “security questions” used to verify our identities for “forgot my password” features, or when calling customer service at banks or other companies. The personal data may also be used to improve the effectiveness of future phishing attacks by personalizing them to each target victim.

Equifax is offering a service to check if you are a victim of this breach, but some have warned about fine print in the agreement that may limit your rights to sue for damages caused by the breach. One of the many articles about this breach is available here: https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html

Recommendations:

  1. Periodically check your credit reports to ensure that no unauthorized credit accounts have been opened in your name. Each of the three major credit reporting agencies is required to provide us with one free report each year, so by rotating through them, we can each run three free reports each year. The free reports are available at Annual Credit Report.com. Please be aware that other similar-sounding websites purport to be free, but may not be, or may only provide reports when bundled with other pay services.
  2. Be selective when choosing “security questions” and answers. Many questions that are commonly used to reset forgotten passwords have answers that can be gleaned from public sources, social media, or data that may have been compromised in the Equifax breach or other breaches. These “forgot my password” features are back doors into your accounts, and should be treated as such. Choose questions with answers that are the most likely to only be known by you.
  3. Be suspicious of unexpected email messages that ask you to click links, open attachments, or reply with information. Even if a message comes from someone you know, their account may have been compromised and used to attack others. If a message seems phishy, call the sender on the phone to verify it was really them who sent the message. Data exposed in various breaches has been used to personalize subsequent phishing campaigns, and the Equifax data may be used this way in the future.

Information Security Office
Information Technology
infosec@ithaca.edu

0 Comments


https://www.ithaca.edu/intercom/article.php/20170911125807599