September

What you should know about the Equifax data breach

Concerned about your personal information? Here some facts and what you can do.

September 19, 2017

The recent data breach at Equifax has resulted in a number of questions from concerned people around the country, including the MSU Denver community. To help clarify the scope and importance of this data breach, the ITS Information Security team has prepared the following quick reference:

• Who was affected by this breach? One hundred forty-three million Americans.
• What was exposed? One hundred forty-three million Social Security numbers. Hundreds of thousands of credit-card numbers were exposed, along with other information.
• Where did this breach occur? Equifax, one of the three primary credit-reporting agencies in the United States, was targeted by hackers. Preliminary investigations indicate that the attackers exploited vulnerabilities in the Equifax website to gain access to the data.
• When did this occur? The breach was discovered July 29 and announced to the public Sept. 7. Unauthorized access to consumer data likely occurred between May and July.
• Why is this such a big story? The type of data that was exposed is sensitive and likely to be used for fraudulent activities. Unfortunately, prevailing opinions that Equifax’s response has been slow, unprofessional and incomplete are compounding concern rather than mitigating it.

While there have been numerous breaches in which millions of email addresses and passwords were exposed, passwords can be changed with little effort. Driver’s licenses and credit cards can be reissued, but at no small effort or cost. Social Security numbers are rarely changed, and with a great deal of effort. Other sensitive information that was exposed cannot be changed.

Many people are asking what they should do in response to this incident. The IDTheftCenter.org website has good recommendations at idtheftcenter.org/equifaxdatabreach.

More details about this event are available online, including the following:

• arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/
• arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/
• nytimes.com/2017/09/07/business/equifax-cyberattack.html