What happens when those charged with protecting our identities and finances are themselves compromised by a cyberattack? And how should you react to these breaches?
In September 2017, consumer credit agency Equifax admitted its third cyber attack in two years as hackers exploited a website vulnerability.
Key facts about the Equifax cyberbreach
- Around 143 million US customers were made potentially vulnerable, having had their personal data compromised (with 400,000 in the UK)
- Sensitive information (including social security numbers, driver license numbers, birth dates, medical history and bank account information) had been compromised, leaving customers vulnerable to identity theft
- Equifax was criticised for being ill-equipped to manage the breach. It took five weeks to make the breach public, it set up an information website and hotline - where customers criticised the lack of information and lengthy delays
- In a remarkable faux-pas, customers were also directed to a fake website in company tweets
- Offers of a year's free credit monitoring and identity theft service were condemned as inadequate
- A law suit was been filed accusing Equifax of negligence with customer data, with potential cost implications of $68.6bn; and
- Three of its executives sold shares valued at $1.8 m days after the breach but the firm denied they had knowledge of this. Its stock dropped 14% since publicising the breach and was investigated for any securities law violations
Steps to protect yourself from fraud in a data breach:
- ACT FAST - it's vital to act quickly to protect yourself. Don't shrug it off or ignore it.
- Contact your card issuer or bank - to notify them that your information has been compromised.
- Change your passwords - CyberAware, the government's cyber security campaign, encourages us to use three random words #thinkrandom.
- Monitor your accounts for suspicious activity - if you notice irregular payments, inform your bank and law enforcement immediately.
- Look out for suspicious calls, texts, tweets and emails - from people claiming to represent your bank or card company, the police, your broadband provider, etc. Note: your bank and the police will never ask you to transfer money to a 'safe account' or to ask you to confirm your PIN or password.
- Take out Protective Registration (PR) - this is an additional protection offered by CIFAS to prevent fraud. A warning flag is placed against your name, telling companies that use CIFAS to be extra vigilant when your details are used and to carry out extra checks. Find out more at: www.cifas.org.uk/pr.
Want to know more about Fraud Prevention?
As well as 50+ free compliance training aids, we regularly publish informative Fraud blogs. And, if you're looking for a Fraud Prevention training solution, why not visit our Compliance Essentials course library.
If you've any further questions or concerns about Fraud Prevention, just leave us a comment below this blog. We are happy to help!