Equifax Breach of Data on 143 Million People – Growing Need for Cyber Security Protection

The consumer credit reporting giant Equifax is in hot water following one of the largest data breaches in U.S. history. Equifax reported that hackers gained access to the personal information of more than 143 million people (slightly less than half of the entire U.S. population.) The compromised data includes social security numbers, addresses, birth dates and drivers’ license information.

In a video statement, Equifax CEO Rick Smith apologized, saying the company had “made significant investments in cyber security” but that “there is still more to do and we will.”

But the controversy continues beyond the breach itself. It took six weeks for Equifax to publicly disclose the hack and, during that time, before the attack was announced, three company executives sold $1.8 million in the company’s shares. Equifax claims the executives were unaware the intrusion had occurred. Additionally, there was a massive sale in stock options for Equifax, making it appear that buyers were tipped off about the breach. The U.S. Attorney General has opened an investigation into the Equifax breach.

 

The Equifax data breach is one of the largest and most significant cyber attacks in history. And this is the third breach for Equifax, demonstrating they were aware of the risk yet failed to take adequate precautions to protect their data holdings. The company reported that the breach began in May but wasn’t discovered until late July. Their website states that the reason for the delay was that they hired a cyber security firm to investigate and the sheer magnitude of their consumer base (820 million global consumers, data on 91 million businesses in nine countries) caused the delay.

Equifax is one of the most powerful gatekeepers of the most sensitive personal and financial data about individuals and businesses, making this breach especially horrific. They are one of the three largest credit rating agencies that collect and judge the credit worthiness of consumers, which can affect their ability to purchase a home, secure a loan, rent, lease property, purchase a vehicle or be hired for a job.

Equifax has a number of other business lines besides their credit rating and reporting service. One of the other services they offer is a recovery service that will help you regain access to your information should you lose access to your information. Equifax collects far more detailed information from the consumers of this service. It appears that these data banks may have been the particular entry point for this breach.

Equifax is offering a free identity theft protection and credit file monitoring service, called TrustedID Premier, to all U.S. consumers for one year. Following that year, subscribers will be automatically enrolled and charged for the service. In order to find out if their personal information was affected they must enroll in Trusted ID Premier. In order to enroll, Equifax is asking for even more information than is normally requested for credit verification. Anyone signing up for this service should be aware that they may be waving their right to sue the company or be involved in a class action suit related to the breach if they sign up for the identity theft program and credit file monitoring service.

A cyber security hack of this magnitude will have a massive effect on virtually the entire population. Almost every family is likely to be impacted. There are several things consumers can do to try to mitigate the damage.

  • Equifax is offering a website where you can check to see if your information was stolen. Be sure to read the agreement for any additional protection services they are offering to make sure you understand the terms.
  • You can set up security freezes and fraud alerts at each of the three major credit reporting firms (Equifax, Transunion and Experian.)
  • It’s always a good idea to change your passwords regularly. There are password managers such as 1Password, LastPass or Dashlane.
  • The best protection is to monitor your financial accounts and immediately report any suspicious activity to the financial institution and credit reporting agencies.

With all of the recent and substantial cyber hacks, it’s not surprising that cyber security insurance is the fastest type of business insurance sold today. The market for cyber liability insurance is expected to continue to grow over time as businesses become aware of the heightened need to protect their networks and assets.

As evidenced by this latest major security breach, the risk of cyber attacks has become increasingly significant as critical consumer financial and health data is stored electronically. We have become reliant on electronic communication; businesses collect ever more granular pieces of information from their customers, giving cyber hackers the opportunity to expose and steal vital information.

Marsh & McLennan Agency (MMA) offers the resources necessary to help businesses properly protect themselves against cyber threats as well as other traditional and emerging risks. Contact Marsh & McLennan Agency today to learn more about our innovative risk management services.