Breached security
Earlier this month, international credit reporting agency Equifax announced a massive cybersecurity break

Equifax headquarters photo

Breached security

Story By: RICK CHALIFOUX
9/28/2017


ISLIP TOWN—Earlier this month, international credit reporting agency Equifax announced a massive cybersecurity break that led to the unmasking of the personal information of approximately 143 million United States consumers – roughly 44 percent of the nation’s population.

The information obtained by hackers largely includes names, Social Security numbers, birth dates, addresses and driver’s license numbers. In addition, credit card numbers for about 209,000 U.S. consumers, along with “certain dispute documents with personal identifying information” for approximately 182,000 U.S. consumers, were also accessed. Meanwhile, the company stated that it has found no evidence that personal information of consumers in any other country has been affected. According to a company statement, an internal investigation of the incident is “still ongoing and the company continues to work closely with the FBI in its investigation.”

Equifax (EFX) is one three major companies that track the credit histories of almost all Americans and sell that sensitive information to banks, credit card companies and other clients. The organization handles the data of over 820 million people and more than 91 million businesses across the world. On its website, Equifax identifies itself as a “global information solutions company that uses trusted unique data, innovative analytics, technology, and industry expertise to power organizations and businesses around the world by transforming knowledge into insights that help make more informed business decisions.”

In the weeks since the hacking announcement on Sept. 7, the Atlanta-based company has let go of a number of high-ranking officials, including its chief information officer, chief security officer, and most recently its chairman of the board and chief executive officer, Richard Smith, on Tuesday Sept. 26.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Smith during the initial announcement of the breach on September 7. “I apologize to consumers and our business customers for the concern and frustration this causes. 

“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations,” added Smith. “We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

While Equifax first learned about the hack back on July 29, it did not make the information public until earlier this month. 

“Equifax discovered that criminals exploited a U.S. website application vulnerability to gain access to certain files,” read a statement on the company website. “Upon discovery, we acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm [that] has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.”

In the meantime, consumers have been advised to be on the lookout for signs of fraud and identity theft by keeping a close eye on both account statements and credit reports. Equifax has also developed a website, www.equifaxsecurity2017.com, to help members of the public determine if their information may have been infiltrated and to sign up for credit file monitoring and identity theft protection. Named TrustedID Premier, the system (free of charge to U.S. consumers for one year) includes three-bureau credit monitoring of Equifax, Experian and TransUnion credit reports, copies of Equifax credit reports, the option to both lock and unlock Equifax credit reports, identity theft insurance, and internet scanning for Social Security numbers. In addition, the website provides further details on measures consumers can take to protect their personal information. 

“I’ve told our entire team that our goal can’t be simply to fix the problem and move on,” said Smith. “Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”

In addition to the website, Equifax stated that it would send direct mail notices to those whose credit card numbers or dispute documents with personal identifying information were impacted. Anyone with further questions can also contact a call center at 866-447-7559. It is open seven days a week from 7 a.m. – 1 a.m. Eastern time.

“The board remains deeply concerned about and totally focused on the cybersecurity incident,” said the company board’s new chairman, Mark Feidler. “We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again. Speaking for everyone on the board, I sincerely apologize. We have formed a Special Committee of the board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”

Meanwhile, Suffolk County Legis. Tom Cilmi said that while he has not received any calls from constituents about the issue, he offered advice on how those susceptible to fraud could monitor the situation.

“The best advice that we can give to folks is to keep a close eye on their credit cards and bank accounts,” said Cilmi. “Make sure to report any suspicious activity immediately to those institutions. Certainly, there are a variety of products and services out there that people can utilize to alert when someone has tried to open a new account.”

“As a certified financial planner and an enrolled agent with the IRS, I have already received calls from a few elderly clients who are concerned about the safety of their identity,” said Frances Raiti, CFP, E.A., local financial planning expert with the Better Economic Solutions Team (The B.E.S.T. Company) in Brightwaters. “I can understand their concern. I have seen taxpayers’ identities compromised with the IRS and now you have a large credit reporting agency, Equifax, being hacked. My clients wonder who can you trust these days. 

“My advice is the same,” continued Raiti. “Protect yourself and your identity with companies like Life Lock. I don’t see these concerns going away any time soon, so constant vigilance is your best defense. You need to continue monitoring your credit report at least annually. You can bet the crooks are looking for easy targets every day.”

To see if you have been impacted by the Equifax cybersecurity incident, visit https://www.equifaxsecurity2017.com/am-i-impacted