Hackers hit Equifax, stealing critically sensitive and personal information, in what is now considered to be the largest data breach of the year. The breach is estimated to have affected over 140 million Americans, nearly half of the US population. Equifax has confirmed the breach, adding that some Canadian and UK residents were also affected by the attack.
The hackers managed to gain access to personal information, including names, Social Security numbers, birth dates, addresses as well as driver's licence numbers. This kind of data is known to be highly valuable to hackers as it provides them with a way to make a quick buck by selling it on the dark web. The stolen data could also potentially be used by criminals to perpetuate various kinds of crimes, including identity theft.
Alarmingly, hackers also got their hands on financial data. Equifax said that the hackers exploited a bug in the company's website and managed to access credit card numbers of around 209,000 customers. Personally identifiable data of some 182,000 customers were also stolen by the hackers.
"It's hard to overstate the seriousness of this breach. With sensitive personal information stolen from nearly half the U.S. population, widespread breaches like this will have serious and long-lasting implications, the most immediate of which will likely mean the attackers capitalizing on the stolen data through targeted spear-phishing campaigns," iboss CEO Paul Martini told IBTimes UK.
How to find out if you're affected by the breach and keep your data safe?
The breach affects a massive chunk of the US population and also affects some people living in Canada and the UK. Equifax also said that it will directly notify customers whose credit card numbers and personal information were hit by the breach.
However, if you don't handle suspense well, there is a quicker way to check if you've been affected. Equifax has set up a website (www.equifaxsecurity2017.com) "to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection".
Although the website at present doesn't seem to provide a definitive answer about whether your data was affected, it does appear to confirm if your data was not affected. Equifax is also offering customers a year's worth of free identity theft insurance and credit monitoring, which you can apply for by signing up on their website.
"Consumers should remain calm and be cognizant of their personal credit report and activity," Mark Testoni, the president of SAP National Security Services told Wired. "Check for notifications to see if new credit applications have been filed on your behalf, and monitor your accounts for adverse action. If your details are circulated on the black market, the big risks are fraudulent credit applications on your behalf and bad actors trying to find ways to take advantage of your personal [data]."
The identity of the hackers behind the attack still remains a mystery. It is also unclear as to when the attack occurred and how exactly the hackers managed to get their hands on such a massive trove of data. Meanwhile, Equifax said that its working with law enforcement to investigate the incident. The company also said that it has hired a "leading" independent cybersecurity firm to assess the scope of the damages and "provide recommendations" on how the firm can "prevent this type of incident from happening again".
"I've told our entire team that our goal can't be simply to fix the problem and move on," Equifax chairman and CEO Richard F Smith said in a statement. "Confronting cybersecurity risks is a daily fight. While we've made significant investments in data security, we recognize we must do more. And we will."