Several students and faculty at RIT may be among the over 143 million American consumers affected by the massive Equifax cyber breach that came to light last month. Millions of transactions were stalled as consumers had to prove their identities even while buying groceries at the supermarket.
The breach entailed credit card numbers, social security numbers and other personal information that can easily be used for malicious purposes. It is still unknown how this data will be utilized, but precautions must be taken to be certain that peoples' information does not get abused.
- Mid-May–July 2017: The timeframe Equifax claimed hackers gained unauthorized access..
- Thursday, July 29: Equifax discovered the hack and immediately stopped the intrusion.
- Tuesday, Aug. 1 and Wednesday, Aug. 2: According to NPR,
three top executives from Equifax sold nearly $2 million worth of company stock. - Thursday, Sept. 7: Equifax officially alerted the public about the security breach and provided a dedicated website for consumers to check if they were affected. Later on that night, the company also issued a statement saying the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”
- Friday, Sept. 8: Shares of Equifax shed more than 13 percent of their value in trading. Sen. Elizabeth Warren (D-Mass.) tore into the company on Twitter for trying to push customers to give up their right to sue (customers were offered post-breach services by Equifax in exchange for their right to sue the company for mishandling the information).
“You are not Equifax’s customer, you are their product,” said Bill Stackpole, a full-time professor in RIT's Computing Security department. “The people exposed aren’t customers and so have no coverage.”
The breach was caused by a vulnerability present in a web application used by Equifax called “Apache Strut.” Interestingly, a fix for the issue was available on March 6, at least two months before the breach. Equifax neglected to update their software, which led to the loss of immense amounts of data.
“Credit bureaus like Equifax are the heart of the financial system," she explained. Wolff noted that the general public's only choice would be to opt out of the bank loan/credit card economy and survive on a cash-only existence.
Post-Breach Remediation
There are two steps that can be taken to better
- Setting up a Fraud Alert: The simplest thing that can be done is setting up a fraud alert. This would add a certain amount of security at a mild inconvenience. A large transaction would require a call be made to the credit monitoring company (Equifax) where the user has to verify their identity through a driver’s license number or other form of identification. These usually last for 30 or 90 days and need to be renewed every so often.
- Credit Freeze: A more permanent and effective solution. They usually cost money, but are currently offered for free by Equifax due to the breach. Freezes require providing more information in exchange for increased security. Enabling one stops all credit reports from being released to anyone requesting it. Credit reports are subsequently only released if a consumer can verify his identity prior to a credit report request.
“I had my bank set [a Credit Freeze] up as soon as I heard about the Equifax breach. It is a method to have security in exchange of additional forms and information being sent out.” Stackpole mentioned. “No one will keep your information safer than you.”
For more information one could go to the Federal Trade Commission's (FTC) site. The agency is in charge of protecting U.S. consumers and are the most accurate source of finding information on credit monitoring solutions.
Prevention
“Paying attention is key: learning to say no to agents requesting information that does not seem required and monitoring how much information you give out is key in reducing the chance of your information being compromised,” Stackpole stated. In his mind, people need to start believing that everyone (including themselves) could be targeted and have their information exploited.
All credit bureaus offer free credit reports for the year and it is worthwhile to check them to make sure things are in order. Should one's information gets compromised, implementing fraud alerts or credit freezes can be just as valuable.