What happens when those charged with protecting our identities and finances are themselves compromised by a cyberattack? And how should you react to these breaches?
In September 2017, consumer credit agency Equifax admitted its third cyber attack in two years as hackers exploited a website vulnerability.
Key facts about the Equifax cyberbreach
- Around 143 million US customers were made potentially vulnerable, having had their personal data compromised (with 400,000 in the UK)
- Sensitive information (including social security numbers, driver license numbers, birth dates, medical history and bank account information) had been compromised, leaving customers vulnerable to identity theft
- Equifax was criticised for being ill-equipped to manage the breach. It took five weeks to make the breach public, it set up an information website and hotline - where customers criticised the lack of information and lengthy delays
- In a remarkable faux-pas, customers were also directed to a fake website in company tweets
- Offers of a year's free credit monitoring and identity theft service were condemned as inadequate
- A law suit was been filed accusing Equifax of negligence with customer data, with potential cost implications of $68.6bn; and
- Three of its executives sold shares valued at $1.8 m days after the breach but the firm denied they had knowledge of this. Its stock dropped 14% since publicising the breach and was investigated for any securities law violations
Steps to protect yourself from fraud in a data breach:
- ACT FAST - it's vital to act quickly to protect yourself. Don't shrug it off or ignore it.
- Contact your card issuer or bank - to notify them that your information has been compromised.
- Change your passwords - CyberAware, the government's cyber security campaign, encourages us to use three random words #thinkrandom.
- Monitor your accounts for suspicious activity - if you notice irregular payments, inform your bank and law enforcement immediately.
- Look out for suspicious calls, texts, tweets and emails - from people claiming to represent your bank or card company, the police, your broadband provider, etc. Note: your bank and the police will never ask you to transfer money to a 'safe account' or to ask you to confirm your PIN or password.
- Take out Protective Registration (PR) - this is an additional protection offered by CIFAS to prevent fraud. A warning flag is placed against your name, telling companies that use CIFAS to be extra vigilant when your details are used and to carry out extra checks. Find out more at: www.cifas.org.uk/pr.
Want to learn more about fraud & compliance?
If you'd like to stay up to date with fraud best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!