November 2, 2017

The Equifax Data Breach

The Equifax Data Breach 

Last month, Equifax announced that 145 million Americans, and possibly a smaller number of residents in Canada and the UK, had fallen victim to a massive security breach, exposing their names, social security numbers, credit card numbers and driver’s license numbers.

Equifax apparently discovered the breach this past July; however, they only announced it to the public on September 7th.

This unauthorized access of this Equifax data leaves roughly 58 percent of the US population extremely vulnerable to the damaging effects of identity theft.

All of this information, now in the hands of hackers, can be used to take over existing accounts or open new ones, rent and buy properties, file fake tax returns and more.

What happened during the Equifax breach?

So, amidst the shock and outrage, the question everyone is asking is, “WHAT HAPPENED?!?”

While this massive hack is still being investigated in detail, according to Equifax, a flaw in a tool designed to build web applications is the culprit.

"We know that criminals exploited a US website application vulnerability," Equifax said. "The vulnerability was Apache Struts CVE-2017-5638."

Large businesses, as well as government organizations, use Apache Struts in various ways. In Equifax’s case, it powered their customers online dispute portal.

Customers use this portal to report issues related to their credit reports. 

The hackers were actually able to take advantage of a flaw in this application to take control of this portion of the Equifax website, seizing a plethora of personal information from millions of people. 

Unfortunately, Equifax said they knew about this flaw in security a few months before the actual cyberattack happened and thought they had patched the hole, but they actually failed to install a security fix.

They clearly didn’t do enough.

According to the Apache Software Foundation, "The Equifax data compromise was due to their failure to install the security updates provided in a timely manner.”

And millions of Americans may pay the price, as a result.

Now for the cherry on top of the sundae: the Department of Justice (DOJ) has launched a criminal investigation, looking at three top Equifax executives. It’s reported they may have dumped shares in the company close to $2 million – mere days after the breach was uncovered.

Coincidence? That remains to be seen.

What is the potential damage?

Unfortunately, the damage that could result from this massive hack is potentially astronomical.

When hackers get access to the “crown jewels” of personal information – names, addresses, social security numbers and driver’s license numbers – they essentially hold the keys to stealing someone’s identity and exploiting it for their benefit.

Personal information like names, social security numbers and driver’s licenses don’t change, leaving people with an inability to merely cancel a credit card and call it a day. 

Contrary to what some may think, this is not actually the largest data breach to date. Yahoo allowed 3 billion accounts to be hacked; however, the importance of the information that was compromised in this breach makes it that much worse.

Hackers can exploit this stolen data for years to come.

According to Thomas Hinton, CEO of the American Consumer Council, “The Equifax data breach poses serious problems for consumers of all socio-economic levels, but in particular, those consumers who are less educated on the repercussions associated with data theft and identity theft.”

  •  Based on a US Department of Justice survey, dealing with identity theft isn’t cheap. 

  • It can cost the average victim $1,343 in stolen assets and legal fees.

  • 60 percent of these same survey respondents said after the identity theft, they were forced to borrow money to stay afloat. 

And here’s one more potential consequence of this breach: if the US government detects activity related to a social security number that’s potentially fraudulent, social security and welfare payments can be discontinued. This could greatly impact the livelihood of low income and elderly people.

What can be done to protect our identities?

So, what can we do moving forward?

"Check for notifications to see if new credit applications have been filed on your behalf, and monitor your accounts for adverse action, “ says Mark Testoni, the president of SAP National Security Services.

“If your details are circulated on the black market, the big risks are fraudulent credit applications on your behalf and bad actors trying to find ways to take advantage of your personal data.”

You can also make use of CyberShield Global’s ID services, provided by our partner  CyberScout.

If you’re a premium or plus CyberShield Global member, this protection is included with your membership. You can protect up to 100 employees from falling victim to identity fraud through LifeStages Identity Management Services.

Benefits include:

  • Identity theft protection

  • Proactive education 

  • Risk-reduction strategies

  • Privacy management 

  • Unlimited 24/7 resolution support specialist 

The best thing you can do to protect yourself from hackers is to be proactive!

Visit for more info.



Categories: Small Business, Cyber Security, Cyber Attack