Most of us already know that Equifax reported a data breach that affects more than 143 million US customers, about 44% of the population. It’s an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver’s license numbers — exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Identity Theft Post Equifax
1. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
The Equifax Breach
The Jason Clause Show | S2_E002
2. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
The Jason Clause Show is a podcast dedicated to
collecting good ideas for a growing community of busy
managers.
Jason Clause
3. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Computer Support from Endsight
The Jason Clause show is brought to you by Endsight Computer problems are
expensive and frustrating, they’re also almost always avoidable. You deserve
a better computer experience, trust Endsight to deliver it. Click here to learn
how
4. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
What is Equifax anyway?
Personal Use
• Credit monitoring
• Identity protection
• Credit score reporting
Business Use
• Equifax lists 57 different
offerings for businesses,
starting with the letter A and
ending with the letter V.
Everything from Auto Insights
for Car Dealers, to
Visualization tools is in there.
5. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
• Equifax collects information about you. Even if you aren’t in the
population of breached users, they know you. You don’t know what they
know about you, and you have no way to find out in normal
circumstances.
• Equifax is a large-scale data aggregator, data broker, and
analytics firm. They collect, analyze, and derive insights from data –
its own data, and data it collects and purchases from other data
aggregators.
6. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Were you one of the people breached?
• Equifax has a website: https://www.equifaxsecurity2017.com/
7. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
What happened?
• Much is still unknown. But it came down to a flaw in a tool designed to
build web applications
• This flaw was identified in March
• Equifax has said it discovered the data breach on July 29.
• Equifax determine a series of breaches had occurred from May 13
through July 30, the company said.
• Equifax waited more than a month to alert its customers and
shareholders about the hack.
8. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
What was included in the breach
• Names
• Social Security numbers
• Birth dates
• Addresses
• Driver's license numbers
9. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
The implications
• Unfortunately, the personal trivia and history used for credit checks is
now in the open for ~143 million US citizens:
– your mother's maiden name,
– your address from 1996,
– the amount of your first car loan, etc etc.
• The validity of this information will never expire, and there won't be a
point where it stops being a concern.
• Until we know more, we have to think that it’s going to be remarkably
easy to impersonate . . . well, anyone.
• Identity theft is just the easiest application
– CEO fraud
– Voter fraud
10. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
What to should you do?
11. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
To protect yourself:
• Assume you are compromised.
• Use credit monitoring – but not what Equifax
offered.
• Think about establishing a credit freeze.
– If you’re married, both you and your spouse should freeze your files, since the
companies maintain separate files for every adult that they track.
• If your passwords or security questions use ANY
personal information (addresses, schools, old car
makes and models, etc.) change them right away.
• We need to demand control over our information.
12. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
To protect your business:
• Lock down your financial transfer processes.
• Remain vigilant against phishing emails.
• Deploy managed detection and response services.
• Invest in security analytics.
• Make web application security cool again.
• Review your incident response plan, including your
public notification plan.
14. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Thanks for listening!
The Jason Clause Show is a podcast dedicated to
collecting good ideas for a growing community of busy
managers.
Jason Clause
15. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Acknowledgements
• I didn't come up with any of this on my own. I've learned from others. Click here
to meet my teachers.
Notas del editor
Assume you are compromised. The breadth and depth of this breach, along with all the other breaches that have occurred, makes it safe to assume that your personal information is in the hands of people who will use it for nefarious purposes. Act accordingly.
Use credit monitoring – but not what Equifax offered. Go to a competitor of theirs, sign up through your employer if it’s open enrollment for benefits, through your credit card company, or even an alumni offering.
Think about establishing a credit freeze. But make sure to do it through all three credit bureaus, and remember that freezing might have costs depending on your state.
If your passwords or security questions use ANY personal information (addresses, schools, old car makes and models, etc.) change them right away. It’s possible someone that wants to pretend to be you to steal things and knows quite a lot about you now.
We need to demand control over our information. The 21st century needs a data bill of rights. GDPR is a decent start, but it doesn’t go far enough. Individuals need transparency about data collection and use. More importantly, we need the right to say no to companies that want to collect our data if we don’t like the extent of the collection or how it might be used. We should also have the right to say that certain companies can never have our data again, there should be repercussions for violating our trust, and it’s their responsibility to protect our information.
Assume you are compromised. The breadth and depth of this breach, along with all the other breaches that have occurred, makes it safe to assume that your personal information is in the hands of people who will use it for nefarious purposes. Act accordingly.
Use credit monitoring – but not what Equifax offered. Go to a competitor of theirs, sign up through your employer if it’s open enrollment for benefits, through your credit card company, or even an alumni offering.
Think about establishing a credit freeze. But make sure to do it through all three credit bureaus, and remember that freezing might have costs depending on your state.
If your passwords or security questions use ANY personal information (addresses, schools, old car makes and models, etc.) change them right away. It’s possible someone that wants to pretend to be you to steal things and knows quite a lot about you now.
We need to demand control over our information. The 21st century needs a data bill of rights. GDPR is a decent start, but it doesn’t go far enough. Individuals need transparency about data collection and use. More importantly, we need the right to say no to companies that want to collect our data if we don’t like the extent of the collection or how it might be used. We should also have the right to say that certain companies can never have our data again, there should be repercussions for violating our trust, and it’s their responsibility to protect our information.