The recent Equifax exposure of highly sensitive personal data is already one of the worst data breaches in history, and there is still worse to come as that data is exploited by malicious actors.
The advice I have for those affected by this is to monitor their accounts closely to try and prevent any further losses. In particular, know that criminals will use the highly sensitive data like Social Security numbers to go after bank accounts and investment accounts. Withdraw money to prevent it from being stolen as necessary, and also enable two-factor authentication using an authentication method (such as a phone) that hasn’t been compromised by this breach of data. Email accounts often hold a lot of key info on other accounts as well, and therefore those affected should also consider new email accounts or passwords too. And if someone would like any more advice about strengthening their digital security, I’ll freely give them what advice I’m able to.
It’s a sad reality in 2017 that a data breach affecting 143 million people is dwarfed by other recent hacks—for instance, the ones hitting Yahoo in 2013 and 2014, which exposed personal details for 1 billion and 500 million users respectively; another that revealed account details for 412 million accounts on sex and swinger community site AdultFriendFinder last year; and an eBay hack in 2014 that spilled sensitive data for 145 million users.
The breach Equifax reported Thursday, however, very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely.
Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number.
What’s more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come. Besides being used to take out loans in other people’s names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired.
Also horrible is that if consumers try to check Equifax’s site to see if their data was stolen, they quite possibly will waive their rights to join a class action lawsuit and sue Equifax.
Notably, Public Citizen is now getting involved in this struggle to protect consumers.
The data checker by Equifax is apparently not worth much either.
The checker, hosted by TrustedID (a subsidiary of Equifax) that millions of users are checking to see if their private information has been stolen doesn’t appear to be properly validating entries.
In other words: it is giving out incorrect answers.
Those affected by this should move quickly and should be careful about revealing their sensitive data in the future. There will be more terribly damaging data breaches to come, unfortunately.