By Brenda Bouw | The Globe and Mail
The credit-monitoring company’s recent cyberattack is a reminder to consumers that personal data is always at risk.
In addition, consumers are being urged to monitor their online personal data and be more vigilant about what information they give out after the security breach at Equifax, the latest in a growing list of high-profile cyberattacks.
Experts say the breach, which the company says affected 143 million Americans and an unknown number of Canadians, is a reminder to consumers that their personal data is always at risk. Many companies are relying on the latest technology to boost their online security, but continue to struggle to stay ahead of cyber attackers.
“Our personal data is shared and circulated among many different organizations,” says Robert Masse, partner, Cyber Risk Services at Deloitte Canada. “Unfortunately, the reality is that organizations are having difficulty dealing with the majority of threats out there – you have to assume that your data has already been compromised.”
The Equifax security breach is significant for its size and because the company is in the business of collecting and monitoring consumer data. The Atlanta-based company, one of the Big Three credit bureaus in the United States, said criminals exploited a U.S. website application to access files between mid-May and July.
The company said the information accessed primarily includes names, social security numbers, birth dates, addresses and some driver’s license numbers.
“Criminals also accessed credit card numbers for approximately 209,000 U.S. consumers and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers,” the company stated.
Equifax also said there was “no evidence of unauthorized activity” on its consumer or commercial credit reporting databases and that the “issue has been contained.”
An Equifax Canada spokesperson declined to comment on Friday, saying in an e-mail that the company has “no further information to contribute at this point.” The company is directing consumers to its website (equifaxsecurity2017.com), where they can check if they’ve been affected by filling out a form using their last name and last six digits of their social security number or social insurance number for Canadians.
That process itself has raised eyebrows since the information required includes pieces of the same data Equifax is offering to protect. Until Nov. 21, Equifax is also offering consumers the option to enroll in its TrustedID Premier monitoring service free for one year.
Andrew Latham, digital content editor at SuperMoney, which offers online personal-finance tools, says he was affected by the Equifax breach and was planning to put a security freeze on his credit report, which prevents others from accessing his data to apply for credit cards or other credit accounts.
For consumers who don’t want to put a credit freeze on their report, for instance, if they plan to apply for credit in the near future, Mr. Latham recommends setting up identity fraud alerts on their credit report. “This makes it so the credit bureaus have to check you are who you claim to be when you ask to see your credit reports,” he says. “That’s another level of security worth doing.”
Mr. Latham also recommends consumers regularly monitor their bank and credit card statements for unauthorized transactions.
“The truth is, breaches like this happen all of the time,” Mr. Latham says. “We need to be taking steps to protect our identity.”
He also recommends consumers check services such as haveibeenpwned.com, which shows consumers if their e-mail or username has been affected by a breach in the past.
“If your e-mail has been affected, definitely change your password,” Mr. Latham says.
Mr. Masse of Deloitte says consumers should also be more careful about what information they give out online, especially when signing up for products or services where you don’t pay anything.
“When you sign up for [some of] these websites … you’re not a customer, you’re a product,” Mr. Masse says. “What you’re trading as a product is your personal information … you have to think of the trade off.”
In some cases, consumers have no choice but to provide personal data needed to set up accounts for essential services such as a phone, utilities and even paying taxes.
“It’s not feasible to say, ‘just don’t give out your data,’ ” Mr. Masse says.”Once you give your information to organizations, you’re at the mercy of their cybersecurity budget, their security posture and how they manage the data.”
