Thinking Through the Equifax Security Breach

[Free Vulcan]

If you’re one of the 143 million Americans who just got screwed by the massive security breach at Equifax, you may be wondering what you can do to protect yourself going forward. I’ve compiled some ideas and hope readers will include additional suggestions in the comments section.

To recap for those who’ve been living under a rock, the personal data that was stolen included names, addresses, social security numbers, and birthdates. In addition, 209,000 had their credit card numbers stolen, 182,000 had dispute documents with personal data stolen, and an undetermined number of people had their driver’s license numbers stolen.

Of course, if you’ve been living under a rock you probably need not worry about any of this. For everyone else, if you had your identity stolen (and the chances are greater than 50% that it was), the actions you take to protect yourself will need to be implemented for the rest of your life since the information has long since been disseminated over the dark web. It’s out there. Forever.

Welcome to our brave new world. It’s hard not to be cynical, skeptical, or downright fuming over the fact that so many organizations collect data on us, even if we didn’t ask them to. And then they get hacked and our information is stolen. But I don’t want to go off on a tangent of commentary on this hideous debacle. I just want to offer some possible solutions. 

Read more at: http://www.americanthinker.com/articles/2017/09/thinking_through_the_equifax_security_breach_.html

[Restored]

I was not affected by the breach but I did sign up for the free Equifax credit monitoring...because it is free.
Equifax got hacked because they didn't patch an Apache server. I figure that won't happen again.
I do a lot of work with Equifax but not on the credit card side of the house.

[Silver Pines]

I was not affected by the breach but I did sign up for the free Equifax credit monitoring...because it is free.
Equifax got hacked because they didn't patch an Apache server. I figure that won't happen again.
I do a lot of work with Equifax but not on the credit card side of the house.

@Restored

My husband was affected; I wasn't.  He heard Clark Howard talking about it.  The credit monitoring services can only notify you after something has possibly happened.  You have to freeze your credit if you want to be sure they won't be opening mortgages, etc. in your name.

Apparently so many people are calling the credit bureaus to freeze that it's hard to get through right now.

http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/

[Silver Pines]

@Restored,  never mind---I missed that you said you weren't affected.

[Restored]

Freezing is out of the question until I get a new car, which should be soon hopefully.

[driftdiver]

I was not affected by the breach but I did sign up for the free Equifax credit monitoring...because it is free.
Equifax got hacked because they didn't patch an Apache server. I figure that won't happen again.
I do a lot of work with Equifax but not on the credit card side of the house.

@Restored
I run a security company and have done security assessments on many hundreds of organizations including big and small banks.   In adequately patched servers and PCs is very very common.   They can patch it today and in 6 months its 5 1/2 months behind.   Patching computers is boring & time consuming and IT people hate it.  Additionally the business people never want to allow system downtime required to patch the servers.

It will happen again and again.   Despite missing patches being a significant factor in about 70% of all data breaches.

[Restored]

Our problem is that we have so many systems set up by student interns. They have lax security and operate without supervision because the intern has graduated. You'd be surprised how many times someone asks for help for their XP system running in a lab somewhere. We finally cut any Windows 2003 servers off the network, which caused people to freak because they had no idea what was running on the server.
They create these systems and then complain they have to maintain them or complain because they get pwn3d. If we try to push group polices, they complain their Eastern European users can't access the system. They resisted requiring users to use VPN to access the campus network because "It costs them  too much money". What?

[driftdiver]

Our problem is that we have so many systems set up by student interns. They have lax security and operate without supervision because the intern has graduated. You'd be surprised how many times someone asks for help for their XP system running in a lab somewhere. We finally cut any Windows 2003 servers off the network, which caused people to freak because they had no idea what was running on the server.
They create these systems and then complain they have to maintain them or complain because they get pwn3d. If we try to push group polices, they complain their Eastern European users can't access the system. They resisted requiring users to use VPN to access the campus network because "It costs them  too much money". What?

Yeah we see it every single day.    Some parts of IT security can be expensive.  The most basic parts are not and simply require a change in human behavior.   In the end the executives do not care about customer data.   They are more than willing to gamble that a breach won't happen on their watch rather then spend money now and hurt their bonus.

[Restored]

Yeah we see it every single day.    Some parts of IT security can be expensive.  The most basic parts are not and simply require a change in human behavior.   In the end the executives do not care about customer data.   They are more than willing to gamble that a breach won't happen on their watch rather then spend money now and hurt their bonus.

Sheeeee-yut Not since Equifax when those coiffed executives heads rolled down the hallway. Suddenly, they have some skin in the game.
I'm in the crowd saying "If you don't want to live under our security rules, get that box outside of our wire". Setup your own SMTP server so we don't get blacklisted. Walk over to Rackspace and talk to them.

[IsailedawayfromFR]

@Restored
Despite missing patches being a significant factor in about 70% of all data breaches.

Seems you are bringing up a common sense suggestion for all of us users when it comes to updating of software on our PCs.

[driftdiver]

Seems you are bringing up a common sense suggestion for all of us users when it comes to updating of software on our PCs.

@IsailedawayfromFR

Yes the windows update that is a pain.  Do it.  Also do software like adobe.

Mac users aren't exempt.