Boise State Cybersecurity Department
Check out latest updates to Equifax Breach: https://oit.boisestate.edu/cybersecurity/2017/09/11/updates-information-equifax-breach-2017/.
Key Points to Keep in Mind:
- This is Not the Victim’s Fault.
- Stick to the Known Facts. There will be a growing number of guesses, finger pointing and opinions in the coming days. Keep in mind information will be evolving as we learn more.
Warning about Social Engineering Attacks: In the coming days/weeks, cyber attackers will most likely take advantage of this incident and launch millions of phishing emails, phone calls or text messages trying to fool people. Stay vigilant and do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information.
Equifax Announces Cybersecurity Incident Involving Consumer Information
September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Things to note:
- No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases
- Company to Offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers
- Do an initial check here: https://www.equifaxsecurity2017.com/
Consumer Information Links from Equifax:
6 Tips for Potential Equifax Data Breach Victims:
- Request A Free Copy Of Your Annual Credit Report: Take great care to review your credit reports. If you find inaccurate information, contact the companies listed on the credit report(s) directly. You can also contact the Identity Theft Resource Center, a non-profit, at (888) 400-5530 to assist you, and/or subscribe to an identity and credit monitoring service to alert you when your personal information is used.
- If You Confirm That You’re A Victim Of Identity Theft, Create An Identity Theft Report With The Federal Trade Commission (FTC): Expect law enforcement to request a copy of this report when you contact them.
- Consider Placing An Extended Fraud Alert Or Security Freeze On Your Credit: Creditors will still have access to your credit file, even though you’ve placed a 7-year extended fraud alert, but must first contact you to verify your identity before extending credit. A credit freeze generally prevents creditors from accessing your credit file. To request one, you must call each credit bureau directly. Laws vary by state.
- File Your Tax Returns As Soon As You Can: Filing an early tax return protects you from identity thieves who could file and collect your tax refund before you do. You can also request a Personal Identification Number (PIN) in order to submit a your tax return. In the case with the Equifax data breach, it especially pertinent to stay on top of this to allow time to remediate any issues.
- Contact The Social Security Administration: Request a copy of your wage earning report to verify that your social security number is not being used fraudulently, which could result in your owing taxes for wages earned by someone who’s stolen your information.
- Contact Your Health Insurance Carrier: Request a copy of your health insurance statement in order to identify any fraudulent medical claims.
Protect Yourself with these General Safety Tips:
- Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
- Own your online presence: When applicable, set the privacy and security settings on websites to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
- Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Post only about others as you have them post about you. The Golden Rule applies online as well.
Information provided via Educause and Stop.Think.Connect.