Equifax, one the Nation’s largest credit reporting agencies, was breached and over 143 million Americans personal information were exposed to criminals intent on stealing identities.
The best advice that can be given is, take precautions:
For Companies with hosted web services, the breach was achieved through a vulnerability in Apache Struts, a commonly deployed web service. Many believe this could have been avoided by simply keeping up with the latest patches. However, another view points the finger at the lack of systems testing. Many corporations get lulled into “system patch and go” routines where the updates are sent immediately back into production. Many times, even with a quick check, the systems engineers are trying to get their systems back online rapidly, and take shortcuts. We recommend a third party evaluation (from within the company) with a thorough security check prior to redeployment.
For All Consumers that want to maintain good credit standing and safeguard your own money:
First, become aware of the latest exploits being reported on the news. Using information gained from the Equifax breach bad actors will use this information to conduct phone scams, email phishing attempts, and other tactics. Read blogs reporting on Cyber News. The money you save could be your own…
Second, assume anyone who calls on the phone and asks you for sensitive personal information, even to validate your account information, are trying to extract information from you over the phone in order to exploit that information for their gain. They have all the required details about your credit accounts and Personal Identifiable Information. They may only need a small piece of information to complete their profile of you that will allow them access to your financial accounts. Politely tell them you will call the organization back using a preprinted number on the back of your credit or membership card. Explain to the customer service representative that you received a call and you are calling back over a known phone number to be safe. They will understand and appreciate your effort, and will go out of their way to help you.
Third, Do not click on links embedded in emails. Period. Unless you are an advanced internet user who knows what URLs look like and understand the Domain naming conventions, don’t use the link embedded in messages to go to vendor or charity websites. Instead, type in the web address to that organization from your browser. There is no need to type out the lengthy string that you see in the email or text, usually. Just go to the Home page, then navigate to the area that you wish to visit for offering a donating or other form of support.
Fourth, assume your information is compromised and act now to purchase Identity Theft Protection from one of the known offerors. They work! Just search for “Identity Theft Protection” on the internet and select a known company. Be sure the address in your browser address bar clearly is the company that you were trying to reach before you start to fill out any forms with sensitive personal information.
Fifth, start to review your bank statements regularly. Any unclear transactions should be addressed immediately!