By now just about everyone who reads the news knows of the massive Equifax data breach involving a staggering 143 million customer records, including those of companies, individuals and government. Equifax is a credit reporting agency that stores information such as social security/social insurance numbers, full names, addresses, birth dates and sometimes drivers’ licenses and credit card numbers.
These records will be sold to cyber criminals, who will use this information for crimes such as identity theft and spear phishing attacks. Spear phishing attacks are emails appearing to come from a known or trusted sender, targeting a specific organization or individual. Their aim can be to obtain confidential information, or to trick the target into clicking on a malicious link or email attachment. This can result in the cyber criminal gaining access to your computer or network for the purpose of stealing credit card or other confidential information and/or to launch a ransomware attack to extort money.
Equifax was apparently breached in mid-May, 2017, discovered the breach in July and announced it to the world in early September, 2017. The cause of this data breach was a web application vulnerability which was made publicly known and should have been patched back in March 2017. In other words, it was entirely avoidable.
The vast majority of customers affected are in the U.S., however, a limited number of Canadians may have been affected, according to an announcement on the Equifax Canada web site. They are still working on finding out how many. According to CBC news, 10,000 Canadian Automobile Association (CAA) subscribers in Canada have been notified that their information was included in the Equifax data breach.
As for what to do, Equifax states on their web site:
“We recommend that you remain vigilant of incidents of fraud and identity theft by reviewing account statements and monitoring your credit reports. If you believe you are the victim of identity theft, you should contact the proper law enforcement authorities, including local law enforcement.”
Our recommendation is not only to repeat this Equifax warning to your staff (as well as family and friends), but also to ensure that your organization is educated on how to identify malicious emails. Cyber criminals have many, very clever methods to make their emails seem legitimate and to entice employees to click where they shouldn’t.
BSC Solutions Group offers a service that will test how vulnerable your organization is to attacks such as ransomware, followed up by on-demand, on-line training videos to keep your staff on their toes. It’s an affordable service that could save your organization many hours of downtime, lost data, legal liability and more. Call us today for more information.