What happens when those charged with protecting our identities and finances are themselves compromised by a cyberattack?
Back in September, consumer credit agency Equifax admitted its third cyberbreach in two years after hackers exploited a website vulnerability.
- Around 143 million US customers were made potentially vulnerable, having had their personal data compromised (with 400,000 in the UK)
- Sensitive information (including social security numbers, driver license numbers, birth dates, medical history and bank account information) had been compromised, leaving customers vulnerable to identity theft
- Equifax was criticised for being ill-equipped to manage the breach. It took five weeks to make the breach public, it set up an information website and hotline - where customers criticised the lack of information and lengthy delays
- In a remarkable faux-pas, customers were also directed to a fake website in company tweets
- Offers of a year's free credit monitoring and identity theft service were condemned as inadequate
- A law suit was been filed accusing Equifax of negligence with customer data, with potential cost implications of $68.6bn; and
- Three of its executives sold shares valued at $1.8mn days after the breach but the firm denied they had knowledge of this. Its stock dropped 14% since publicising the breach and was investigated for any securities law violations
Follow these steps to protect yourself from fraud in a data breach:
- ACT FAST - it's vital to act to protect yourself and act quickly. Don't shrug it off or ignore it.
- Contact your card issuer or bank - to notify them that your information has been compromised.
- Change your passwords - CyberAware, the government's cyber security campaign, encourages us to use three random words #thinkrandom.
- Monitor your accounts for suspicious activity - if you notice irregular payments, inform your bank and law enforcement immediately.
- Look out for suspicious calls, texts, tweets and emails - from people claiming to represent your bank or card company, the police, your broadband provider, etc. Note: your bank and the police will never ask you to transfer money to a 'safe account' or to ask you to confirm your PIN or password.
- Take out Protective Registration (PR) - this is an additional protection offered by CIFAS to prevent fraud. A warning flag is placed against your name, telling companies that use CIFAS to be extra vigilant when your details are used and to carry out extra checks. Find out more at: www.cifas.org.uk/pr.