The Truly Unprecedented Equifax Data Breach
The word “unprecedented” is often used to describe a variety of events that are, on the whole, ordinary happenings. But, when the Crown Jewels of personally identifiable information –the names, dates of birth, and Social Security Numbers of up to 128 million individuals – are compromised by persons unknown, that is a truly unprecedented incident.
Last week, the New York Times reported that Equifax, a major consumer credit reporting agency that obtains and synthesizes consumer credit information on over 800 million consumers and 88 million businesses worldwide, suffered a data breach. The breach reportedly occurred between May and July of 2017.
The kind of breach Experian suffered has been long-feared among cybersecurity and identity theft professionals. Many wondered aloud what could happen if cybercriminals undertook a concerted attack against an aggregator of personally identifiable information. After all, when the goal of initiating a cyberattack against a business is to surface valuable data, that task becomes much more profitable when the target’s entire business purpose is to store that sensitive information.
Fashioning the steps an impacted individual might take to respond to this data breach is a bit like listing the ways a local bank might protect itself following the (hypothetical) robbery of a quarter of the Federal Reserve Bank’s cash stores: it’s hard to know where to start.
At a minimum, consider the following steps:
- Visit https://www.equifaxsecurity2017.com to determine if you may be a member of the unlucky 128 million victims.
- Take advantage of the free credit monitoring Experian is providing to everyone nationwide. (Experian is also providing the monitoring to persons who have not been affected.)
- Get your credit reports. Stolen records usually take a bit of time to be exploited by the criminal perpetrators. But, in the next few weeks, you should also consider obtaining your free annual credit reports from each of the three major credit reporting bureaus – TransUnion, Experian, (and yes, Equifax). Obtain your free credit reports from https://www.AnnualCreditReport.com, which is authorized by Federal law to provide consumers with their free credit reports once per year pursuant to the Fair Credit Reporting Act.
- File fraud alerts. If you have a significant concern about identity theft, consider placing an initial fraud alert on your credit via the three credit reporting bureaus. Usually, placing an alert with one agency will be shared with the other two agencies, but to be safe, you can place an alert with all three. If you have already been a victim of identity theft, consider obtaining a credit freeze, which will lock down your credit.
- As always, thoroughly review your existing credit, debit, and banking statements for signs of suspicious activity.
While the long-term fall out from this data breach may not be known yet, the short-term cybersecurity implications are clear – no business is truly immune from cyberattacks. With this reality in mind, businesses should take every effort possible to make it more difficult for attackers to compromise their customers’ data. One way is by adopting industry-driven cybersecurity best practices, such as the 2014 NIST Cybersecurity Framework.
At Vernon Litigation Group, we help businesses who have suffered cyberattacks and data breaches by providing a proactive and aggressive response, which includes complying with state notification requirements, identifying potential wrongdoers in anticipation of litigation, coordinating with law enforcement and insurers, and assisting businesses with conducting forensic investigations to lessen their future risks of cyberattacks. For more information, visit our website at https://www.vernonlitigation.com/ or contact Vernon Litigation Group by phone at 1-877-649-5394, or by email at email@example.com.
Mr. Haut focuses on litigation relating to commercial litigation, cybersecurity, and privacy law matters. In his final year of law school, Mr. Haut served on the Sherman Minton Moot Court Executive Board, where he helped draft the Moot Court competition problem — exploring issues relating to government searches of electronic devices, cybercrime, and sentencing reform.