Equifax Breach Details

,

Equifax Website: Equifax has created a website where you can learn more about the incident. One of the options they offer is you can check to see if your data is believed to be compromised. While this is a nice feature, operate under the assumption that your data has been hacked as Equifax could be wrong and/or is still trying to figure out what happened.

Credit Monitoring: You can sign up for free for Equifax's TrustedID credit monitoring service. If you sign-up for the free service you may limit certain legal recourse you might have otherwise had.). Credit monitoring does NOT protect you from credit card fraud. However, it does notify you when someone is attempting to commit Identity Fraud in your name, such as registering for a new credit card or bank loan. Some services also help you recover from Identity Theft. Here is an excellent write-up by Brian Krebs on the limitations of Credit Monitoring

Security Freeze: This is the action that does the most to protect you. Unfortunately, few people know about it. What a security freeze does is lock your credit scores so no one can access them. This means that while your credit score is frozen no bank or financial organization (such as a credit card company) can check what your credit score is, which means no one will give you (or a criminal pretending to be you) a loan or credit card. The challenge is you have to manually setup a security freeze with each of the four credit bureaus. In addition, if you want to get a new loan or credit card, you then have to manually unlock your credit service. Then again, how often do you apply for a new loan or credit card? Brian Krebs has an outstanding writeup of what a Security Freeze is and how to get one.

Monitor Financial Accounts: Watch your bank and credit card accounts carefully. Many of them have a service where they notify you (via text or email) if a bank withdraw or credit card charge is over a certain limit, or can send you daily reports of your activity. We highly recommend you enable at least one of these.

Social Engineering Attacks: Be warned, in the coming days/weeks, cyber attackers will take advantage of this incident and launch millions of phishing emails, phone calls or text messages trying to fool people. This is why we have an active security awareness program, to help you understand and defend against attacks like these.

 

Head with data and lock floating in it.

This content is provided by SANS Security Awareness.

Click to go back to Effective Practices.