TROY Community:

For security purposes, a copy of this message is posted on the Troy IT site at http://it.troy.edu/services-support/security/emails/equifax-20170913.html

On 7 September 2017, Equifax announced that its digital services had been hacked sometime between mid-May and July 2017.  The successful breach is one of the largest electronic data thefts to date.

Equifax, one of the three U.S. credit reporting agencies, revealed that personal data on approximately 143 million Americans had been compromised.  Reportedly, among the data are social security numbers, credit card numbers, and a wealth of other personal information.

Despite the efforts that we all take to protect ourselves online, we cannot control all aspects of our digital lives.  In a perfect world, this would not have happened, or, the issues could be remedied easily.  However, as our lives have become increasingly digitized, security breaches will occur.  The downsides can be very stressful when things don’t work properly, when data theft occurs, as an example.

The only things we can do, as consumers of technology, is to be aware of the risks and respond appropriately.

Below, I offer some suggestions for protecting your data online, and, in particular, working through the Equifax breach.

Determine if your data has been compromised.

Equifax has established a website.  Visit  http://www.equifaxsecurity2017.com and click on the “Potential Impact” tab.  The site will ask you for last name and last six digits of your social security number.  The requested pieces of information are sensitive.  Therefore, be confident that you are on a trusted computing device and a trusted network.  Do not use public WiFi or public-use computers to exchange these types of information, ever.

After entering the requested information at the Equifax site, your will receive an immediate response about your status.

Be confident that you review the terms and conditions of the website before agreeing to any services or engaging in any product from Equifax or other companies.  The terms and conditions are important and should not be agreed to unless you understand them completely.

Check your financial statements carefully.

Inspect all personal financial statements immediately.  Banking accounts, retirement accounts, credit card accounts, pay statements, insurance statements and other important personal accounts should be reviewed.  If the statements contain erroneous data, don’t arrive as expected, or, unrecognized charges appear, contact the service provider immediately.

Consider placing a credit freeze or fraud alert on your personal credit files.

Setting up a fraud alert is simple.  Call one of the credit agencies, Equifax, TransUnion and Experian, and request the fraud alert.  Typically, you will have to make copies of and mail in many important documents to put the alerts in place. 

A credit freeze makes it difficult for someone, including you, to open new accounts under your name.  A credit freeze does nothing for existing accounts – it only prevents new accounts from being opened.  Existing financial accounts can be breached with a credit freeze in place.

In order to freeze your credit, you must contact customer services at all three credit bureaus — Equifax, TransUnion and Experian — and keep track of a unique pin number that you will need every time you want to open a new account or do anything that requires a review of your credit history. Make sure you fully understand how it works when speaking with the three credit bureaus.

Monitor your credit and financials regularly.

Some studies reveal that consumers pay more attention to social media than their personal finances.  In fact, despite all of the wonderful tools available in our modern, highly-connected world, consumers rarely check financial statements thoroughly and do not inspect their credit reports.

Monitor your financial accounts regularly.  Use your technology to keep tabs on financial activity: enable accounts alerts via text or email, receive activity notices from your providers in the same fashion that you interact with social media.  Be aware of your finances.

You can monitor your credit for free using a number of services.  Offerings are available from a number of firms, including  free annual credit report.

Protect your online accounts, financial and all others.

All security experts will tell you that you should have complex, unique passwords or passphrases for each site.

As a battered security practitioner, I will tell you that users despise hearing this request.  The complaints are always the same, and, unfortunately, so is the downside.  If you recycle or use the same passwords/passphrases at multiple sites, you invite harm into your digital landscape.  A single breach could expose all of your usernames and passwords/passphrases.

Don’t use simple passwords/passphrases.  Use different passwords for every site.  Don’t share passwords/passphrases.

How do you manage those passwords/passphrases?  Easily, use a password manager.  Visit the application store for your mobile device and locate a password manager that works best for you, and, use it!

For more information, please visit the Federal Trade Commission’s website at https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.

 

Thanks.

 

-Greg

 

W. Greg Price, Sr., PhD

CTO/CSO

Troy University

wgprice@troy.edu