The data breach at Equifax compromised more than 143 million US customers, and in a statement released this past Tuesday, the company confirmed that there were also approximately 100,000 Canadians affected by this hack.
This sort of hack is something that Hollywood is known for: a lone hacker sneaks in through some security hole and manages to escape with massive amounts of compromising information. Until recently this sort of massive attack was a thing of fiction. There were no major hackers sneaking around the Internet, stealing huge amounts of data from the major firms of the world. Corporations treated this concept as a work of fiction and acted accordingly. Data was not as well protected as it should have been, and there were far fewer governmental safeguards than should have been in place, making a hack of this scale a major possibility.
CGM reached out to Brian Pearce, an eight-year veteran in the field of security currently working as COO and CMO at Beyond Security, to answer the big question on everyone’s mind: what does a breach like Equifax means for people affected?
“This particular breach contains a unique combination of data about each of the consumers that provides the basis of what a hacker would need to create new credit accounts for the person,” Pearce said in an interview with CGM.
“With Equifax, the data lost is that unique combination of things including birth date and address and other information that is a recipe for creating a credit account for somebody without them necessarily knowing about it. So that’s the real reason why individuals need to pay really close attention to this particular data breach and take action.”
Hacks and data breaches sound scary, but are usually a “problem for someone else”. With this breach, however, things are different. If action is not taken, you could find yourself with maxed out, outstanding credit cards you never knew you had. It is a scary concept to have your credit rating destroyed by someone you never met and under no fault of your own. But there are actions you can take as a consumer to counter this.
“The best action at this point is to contact the three agencies and freeze your credit record. What that does is that it establishes with each agency—which they’re required to do upon request by law—to not allow any data to be sent out to anyone other than the companies with whom you already have a credit relationship with. And that means that [when] your data that is used by somebody to try and create a new credit card account or go get a mortgage or refinance or whatever, when their request for a credit rating comes into Experian or one of the others, it will be declined. Thus it makes the information about you effectively worthless,” Pearce explained.
This level of hack is a wakeup call. A cyber-attack this size is not something specific to Equifax, this is something that can happen to any major corporation or even country or as Pearce puts it, ” an issue of insufficient funding of computer security”. There needs to be a push on the governmental level to improve cybersecurity, to move beyond thinking it is a work of fiction and secure peoples’ data. But why—when Hollywood has been telling stories about this level of cyber-attack since the early 80s—are people only now taking it seriously?
“People looked at it [the Equifax hack] and said, ‘no that’s as likely to happen as an asteroid about to hit the planet and Charles Bronson or Eastwood goes flying off in a spaceship and saves the day at the last minute you know’.”
“Nobody took it seriously until it was Target and they got notified and now people are receiving a notification or two a year that they have replaced credit cards. This is getting real now but it’s only been in the last four or five years that the concepts and terms used in cyber security are making the front pages of the newspapers and were being discussed on the news channels and that you could you could walk up to somebody in the street, a stranger and say, ‘are you concerned about the security of your data?’ and they’re going say ‘Hell yes’. This was not true five years ago.”
Equifax may be one of the worst hacks we have seen up to this point, but it clearly won’t be the last. The days of viewing hacking as fiction are long over, and we are waking up to a reality where it is a material threat and one that if proper action is not taken can, and will, cause personal and financial issues. At very least things are being done to counter this level of attack, and with more pressure, more can and should be done. Data security is a real challenge, but one that with diligence can be solved. Pearce concluded by outlining that, “we have to learn a lot about what’s going and what it’s going to take to cure this ill. The more people who raise their hand now to the companies they do business with and to their government representatives and say, ‘yeah I’m concerned about this’, the faster we’re going to get it sorted out.”