Some 143 million people in the U.S. might have had their personal info exposed due to a major cybersecurity breach at one of the three top credit-reporting companies, Equifax.
The breach took place sometime between May and July, but it was only announced last week. Thought not much detail is known about the breach, it will likely have longstanding repercussions, according to professor Henry Carter, a cybersecurity expert at Villanova University.
“This is, unfortunately, an unsurprising event with very severe ramifications,” said Carter. “As the internal IT infrastructure for large companies continues to expand, managing the security of the system becomes a more complex task. To exacerbate matters, IT departments sometimes take shortcuts to make access and maintenance easier, which comes at the cost of leaving the entire system more exposed to attackers.”
Depending on the vastness of the information that was actually stolen, identity thefts from the breach could be seen for a long time to come, Carter warns.
There is hope, however. A series of steps can be taken to shield your personal info from falling in the wrong hands. Carter explains:
- Monitor credit cards, bank accounts and other online services for unauthorized activity: If an attacker decides to use someone’s private information maliciously, it will likely be in a way they can make money quickly. For other online services like email accounts or social networking accounts that could be used by attackers to steal more private information, ensure that passwords are strong and up to date, and activate two-factor authentication if it is available.
- Consider a credit monitoring service: Major credit reporting companies typically offer services that will notify you of suspicious activity related to your credit (based on the fact that Equifax was the target of the breach, Carter suggests using Experian or TransUnion).
- Be alert for scam emails, telephone calls, and text messages: While people typically think of scams coming by email, the amount of private information leaked in this case will allow attackers to mount scam attacks from any number of sources using many different channels of communication. They may be seeking additional information about the victim to then use in impersonating them to financial or government institutions. If someone is asking for sensitive information of any kind, verify their identity by calling the agency they are claiming to be from.