Hackers successfully acquired access to 143 million individuals’ Social Security number, driver’s license numbers, and credit card numbers. Equifax’s breach affects nearly half of the US population.
The details of the breach will take months to unfold. However, there is a high likelihood that the breach was the result of negligence of a third party service provider and/or employee.
Hackers are increasingly targeting service providers of large companies at an alarming rate. It only takes one click to bring the services of a company and its strategic partners to a halt. During a breach, their efforts will immediately shift from growing their company to saving it.
Most believe that having the best firewalls in place will mitigate this risk, but in reality their most vulnerable firewall is the human firewall. Security training and awareness must be continuous to keep up with ever-evolving threats. Especially since hackers are always one day ahead of the firewalls that protect you.
WHAT INDIVIDUALS CAN DO:
1. See if you’ve been affected: Equifax created a website consumers can check to see if their data was breached, click here. You can read through the updates but at the bottom of the page is a link titled “Potential Impact” which will help you determine if your data was affected. The company said it would offer a free year of service from its subsidiary, TrustedID, which monitors credit reports from Equifax as well as Experian and TransUnion, along with offering identity theft insurance and internet scanning for social security numbers. Equifax will also send direct mail notices to consumers whose credit card numbers or personal information were impacted.
2. Freeze your accounts: Freeze your credit report accounts at all three credit bureaus. This restricts access to your credit report, which helps prevent other credit card companies accessing it to open up new accounts. You can read more about “freezing your credit report” on the Federal Trade Commission website, here:
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
Instructions are provided, including contact phone numbers an information that you should have handy.
3. Protect your bank accounts with two-factor authentication: Alert your bank and companies overseeing any other financial accounts that your personal information has been compromised, and strengthen passwords with two-factor authentication (password and confirmation via phone number).
4. Review your homeowner/renter insurance with us better understand insurance coverages available to you in the event that this breach at Equifax results in other losses related to your personal finances. One type of coverage you should consider is Identity Theft & Recovery.
Data breaches may also lead to phishing scams: Companies should never ask for a full social security number or driver’s license; they should instead confirm your card number, zip code and one or two security questions.
WHAT COMPANIES CAN DO:
1. Improve your human firewall: Security training and awareness programs should be continuously updated to include ever-evolving phishing threats. Users with access to critical data and systems should know to exercise caution when opening email and clicking on links, even if they appear to come from legitimate sources.
2. Keep your systems secure: Systems should be patched with the latest security updates. Once the technical details of the breach emerge, find out if your systems can be exploited with the same methods and harden them.
3. Review your business insurance with us to determine what types of insurance coverages could apply in the event that this breach at Equifax results in other risks to your business.
Examples of coverages that you may want to ask about include:
- Loss of Digital Assets
- Data Compromise Response Expenses
- Identity Recovery
- Non-physical Business Interruption and Extra Expense
- Cyber Extortion Threat
- Security Event Costs
- Network Security and Privacy Liability Coverage
- Employee Privacy Liability Coverage
- Electronic Media Liability Coverage
- Cyber Terrorism
4. Consult with a security professional: If your business has not conducted security training and awareness exercises or is unable to verify the patch level of your systems, please contact an IT security professional to assist. This summary was provided by the professional accounting services firm of UHY Advisers who also have expertise that may be of value.
Thanks to UHY of Farmington Hills, MI for providing much of this nice summary.
Robert H. Bourdeau
Latest posts by Robert H. Bourdeau (see all)
- Meet Lisa Stevenson : Team Leader for Personal Insurance Services - January 30, 2024
- Michigan Auto Insurance Reform: Frequently Asked Questions - July 2, 2020
- COVID -19 Financial Relief - April 13, 2020