Equifax security breach worse than expected


By Ayden Bolin

On July 29, 2017, one of the largest mass Consumer Credit Reporting Agencies, Equifax, experienced a major data breach wherein sensitive personal information regarding millions of American citizens was released.

Approximately 209,000 credit card numbers for individual consumers, as well as personal identifying information for 182,000 of those individuals were also affected. This information was kept by the agency until Sept. 7, when it was officially announced via equifaxsecurity2017.com.

According to the Federal Trade Commission (FTC), the breach could affect anyone with a credit report. This rounds out to roughly 146 million Americans. The FTC also reports that the breach includes some citizens of the UK and Canada.

This announcement affects the University of Puget Sound community directly. In a mass email sent to the community on Sept. 8, Jeremy Cucco, the Associate Vice President for Technology Services and Chief Information Officer, warned of the data breach leaking personal information regarding “social security numbers, driver’s license numbers, and other sensitive information.” However, he added “that as of yet it has found no evidence that the leaked information has been used in an unauthorized manner.”

On Oct. 3, the New York Times reported that Equifax’s former chief executive, Richard F. Smith, who stepped down last week, revealed to members of Congress that the breach was the result of a single employee’s mistake.

“Why people should be concerned is because the impact of this is almost universal to the country,” Cucco said. “Chances are, the vast majority if not the entire population of this school was impacted by this hack.”

“There’s nothing that any one person here could say, ‘Oh, well I’ve done this, therefore I’m secure because this hack didn’t impact me.’ Well, no, most people didn’t realize they had an individual relationship with Equifax where their personal information was being stored and shared,” said Cucco.

Equifax is one of three major Consumer Reporting Agencies (CRAs) in the United States next to TransUnion and Experian. A CRA collects a history of an individual’s credit activity. This information is reported to the CRA via lenders and creditors with whom people carry accounts. Also collected are bankruptcies, civil judgements, and other public financial records, states the Equifax website.

A main takeaway to those who are worried is not to use the same passwords for social media as you would for more sensitive information, such as healthcare, banking or insurance.

“Let’s face it, we all use the same password in many applications, which is a terrible practice, but we do it; everybody does it,” Cucco said when asked about preventative measures. “Don’t use mom and dad’s names, don’t use the dog’s name, or things like that.”

Also according to Cucco, an important step for protecting yourself against this breach is to obtain a credit report. According to the FTC, every citizen is entitled to one free credit report every 12 months from each of the three Credit Reporting Agencies. The only authorized website to obtain this is www.annualcreditreport.com. Name, address, social security number and date of birth are all required to view this credit report.

“Look for anything suspicious. You can also put information on your credit report that says ‘do not open a card in this person’s name without contacting that person first,’” Cucco said. “We see unofficial websites where it says ‘click this and you can go to this unofficial website,’ and then you go and put your information in, and guess what happens? You’re hacked in a different way.”

It is best to keep a level head and take vigilant steps. Change passwords and work with your credit report to gage the level of impact that this breach may have on you.

Leave a Reply

Please leave these two fields as-is: