Alert! Whether you realize it or not, your personal identification has probably been compromised in the Equifax breach. Millions of people’s identifying factors, like social security number, were stolen during this unprecedented security hack of 2017. Although the attackers’ motive was hypothesized to have been financially driven, your Identity will be at risk both now and In the future, as it Is easy and profitable to sell stolen identities.
The massive Equifax breach may have been the most significant compromise in online security, but it was only the latest in a long line of such breaches. If you have not yet taken steps to protect yourself and your data, now is the perfect time to do it. No matter where you live or who you are, chances are the Equifax breach involved you, and that should serve as wake-up call for everyone. Here are some timely tips to help you keep your data, and your identity, safe from the bad guys.
Choose a credit card with robust fraud protection.
Your credit card issuer should be the first line of defense against security breaches and identity theft, so choose your provider carefully. Ask about fraud protection, and make sure you are protected.
Review your credit card statements carefully.
Fraud protection starts with the credit card issuer, but it ends with you. Always review your entire statement carefully, analyzing each entry and making sure it matches your real purchase history. If you have any doubts, contact the merchant right away and follow up with the credit card issuer. Check your credit reports at least once a year. At a minimum, you should be reviewing your credit reports on an annual basis, but checking your reports and scores more frequently is even better.
The Why? Importance of Patching Security Holes Quickly
In the wake of what is called the worst data breach in history, Equifax has investigated the cause and found that their IT department had not patched a known vulnerability on the web server. The data breach stems from a three-month-old security flaw in the Apache Struts system that had a bug fix released long before EquiFax was hacked. The delayed response by Equifax’s IT team is the reason for the breach, and it shows the Importance of patching your servers quickly after a security alert and patch is released, especially if the system Is openly available on the Internet.
What is the Apache Struts Exploit?
Apache Starts is used to host Java applications. The exploit gave attackers complete control of the web server, including the ability to upload any malware or software. After the exploit, Cisco made a statement that a high number of events across the Internet were hackers running bots to check the stability of servers with Struts installed.
The exploit stemmed from a bug In one Struts file named Jakarta, which is a file upload multipart parser. The patch was released but many servers were unpatched even weeks after its release. The main issue was that the Struts patch required the installation and then a recompile and reboot. This probably delayed many IT server administrators, because the patch essentially interrupted business if there was no backup procedure.
When the patch was released, there was an increase in activity over the Internet to find servers that were vulnerable to the exploit. The Struts system is an older system, so researchers think that there were thousands of unpatched servers due to developers abandoning projects and forgetting that they even had a Struts server in the wild. Hackers picked tip on this Issue and performed a mass attack on open Apache servers.
Ignoring Patches Can Cost Your Business Millions
After the news hit that Equifax lost 143 million records — which included social security numbers, birth dates, full names, addresses and drivers license numbers- people scrambled to find out what they could do. The quickest way to stop Identity theft and fraud was for consumers to freeze their credit scores This stops anyone from taking out new credit on their account, but it also means that the consumer can’t take out any credit either. They also must freeze their credit scores on the other two big credit bureaus, which include TransUnion and Experion.
Consumers are now forced to buy into alerts for their credit score. Some bureaus such as TransUnion offer it for free, but others don’t. It’s an added expense to the consumer that wouldn’t need to be there If it wasn’t for Equifax’s negligence. The data hasn’t shown up yet on the black market, but it’s possible that attackers are waiting for things to settle down before they start selling data. Attackers can get anywhere from $5 to $30 for each record, so the data breach Is a gold mine for the perpetrators. The results of the attack are expected to last for years, and It’s on the consumer to make sure their credit reports are safe.
It’s too early to identify any monetary damages for Equifax. Target wound up paying millions in legal fees and settlements after they lost a billion credit card numbers to attackers It’s likely since Equifax was responsible for the data leak for simply not patching their system for weeks that they could have serious legal repercussions coning in the next couple of years.
For any IT department, as soon as you know there is a serious security bug in any application, you must patch it immediately. Don’t wait, because attackers scan the Internet for people who haven’t patched their systems yet.
If you stagger your requests, you can get a copy of your credit report every four months so that you can keep tabs on your credit. Knowing your credit score is key to protecting your identity, so check your score often. So, how do you know if your Identity has been stolen? And, what should you do if it has? Here are the answers to get you started.
How do you know whether your identity was compromised during the EquiFax breach (or at any other time)? Unfortunately, you should assume your information has been compromised. Regardless of whether you have confirmation right now, your identification factors may have been stolen but not yet used. Therefore, everyone should operate under the assumption that their identity has, in fact, been stolen.
Proof of stolen Identity can come In the form of a credit card check. Is an excellent site that offers free credit scores, so you can determine whether someone has falsely used your identity and committed fraud. It is also important to keep a dose eye on your credit card purchases. A predominant number of fraud thieves test your credit card by charging small amounts, like $1, first. These small purchases are red flags that typically occur Just before the thief starts charging many and large purchases to your name. The first step in keeping your identity safe Is being aware — check your credit and your credit cards frequently.
Requesting a credit freeze Is an Intelligent choice during these uncertain times after the Equifax breach of Information. You can freeze your credit so that no one can take out any new lines of credit In your name. While frozen, running a credit check would result in a blank page. Of course, if you wanted to buy a new car, home, or take out any line of credit, you could temporarily unfreeze your credit in order to do so.
Freezing your credit may seem like an inconvenience, but how often do you take out lines of credit versus how frequently could you be a victim of identity theft? The small annoyance of freezing and unfreezing is worth the slight hassle, given that it can save you from serious fraud headaches and claims.
Credit Freeze — The Superhero in Identity Protection
Credit freeze — it sounds like a superhero out of a comic, and rightly so. It could Indeed be ranked among the superheroes as it wields its power to battle the evil forces of identity theft and stolen credit. A credit freeze (or security freeze) Is a simple tool In the defense against criminals seeking to make you another of the countless victims of identity theft.
What is a credit freeze?
According to Experian, “A security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.” in other words, neither you nor anyone else can access your credit report or get credit in your name until you “thaw” or “unlock” your account. Nobody can *even *view your credit report.
Not even Spiderman’s arch nemesis, the Green Goblin, can finance a new weapon using your credit because the seller can’t access your reports to approve the Goblin’s loan In your name. He also can’t get a credit card or any other form of credit In your name, even if he has your private information, like your Social Security number. The credit freeze Is like a Spidey-strong web of protection around your credit. A freeze is more than a credit alert that informs you when the bad guys have attacked. It stops the bad guys in their tracks. Sounds great, doesn’t It?
How do you freeze your account?
If you are ready to be part of the small percentage of Americans who take advantage of credit freezing, you have a smooth road ahead of you. Contact each of the three credit reporting agencies: Experian, Trans Union, and Equifax. They each function differently and separately, so you will need to follow their explicit Instructions. You can set up your freeze by phone, by mail, or by filling out a web form. You will need to provide proof of identity. To know what each agency specifically requires, visit their websites or call a representative.
Is there a downside?
Here’s where you ask, "But what if I want to buy a car or refinance my house or get a new credit card?" Excellent question. Admittedly, having to thaw your credit before you can make a major purchase does slow your roll. According to Experian, a credit or security freeze may “delay or interfere with or prohibit the timely approval of any subsequent requests or application you make regarding new credit, loans or services”.
In some states and situation a credit freeze can be lifted in a matter of minutes if you make the request over the phone. Other states, however, require more time for the thaw. According to Equifax “Depending on the law of your state, It may take up to three business days to process your request to temporarily lift the security freeze.” While that sounds like a bad thing, the wait does force you to avoid impulse purchases, like another car. A short delay while your credit is thawing Is a mere hiccup, well worth the benefit of the added security.
How to Freeze Your Credit Report
When reviewing your creditworthiness, creditors will review your credit report, among other factors, to determine if they should extend credit to you. However, thieves may use the details In your credit report when attempting to commit financial or identity fraud. If you suspect you might be a victim of such a scam, freezing your credit report will help prevent your inaccurate credit information from being reported to lenders, creditors, and other businesses who want to review your credit details.
Once you have frozen your credit report, anyone who is trying to steal your identity and take out a loan In your name will have problems doing so. However, keep in mind that you could face issues too if you are applying for a mortgage or car loan because potential lenders will not be able to access your credit score and report. Your credit data remains frozen until you permit the data to be released. There is only one person who can request a credit freeze — You! Likewise, you are the only person who can remove that freeze or ask that the freeze be lifted temporarily for a certain time. It can take several days for a lift to be processed.
To freeze your credit report completely, you need to contact each of the three main credit reporting agencies individually because it is not possible to freeze your report at all three agencies at once. You must make your request in writing and indude the following information:
Date of birth
Social security number
Copy of valid identification
Proof of address, such as a copy of a utility bill
You will also be required to pay a fee both to block and unblock your credit report, and this amount can vary from state to state. If you have been a victim of identity theft, you may not have to pay the fee.
After a credit bureau has received your request to freeze your report, it will provide a confirmation as well as a password that you can use when you want to remove the freeze temporarily or permanently. Contact each credit bureau for additional details and payment Information.
Another scam for which to be aware during this time post-Equifax breach Is phishing. Let’s say you were one of the few who did not have their information compromised but recently received an email relating to the breach that claimed to died; your status with a simple verification of your personal identification. You may not realize that by clicking a link or entering your information, you have lust had your identity stolen. This, and many more, attempts at phishing are at a high threat level, playing off the heightened fear and uncertainty due to the breach. To keep yourself (and your identity) safe from phishing, never click links in emails unless you are certain it is aide.