Effects of the Equifax Data Breach, Part 5: The top takeaways
As with any data breach, we learn more details over time. It's been two months since Equifax disclosed its massive data leak. Here are some of the top takeaways we know so far.
1. Number affected: This is one of the biggest breaches of personal information ever. First reports estimated 143 million accounts were affected. However, that number has grown another 2.5 million to over 145 million American accounts affected. Only time will tell if more personal accounts were exposed as a result of this massive data leak.
2. What caused the leak: It has been reported that a security vulnerability allowing anyone to access personal information such as Social Security numbers, dates of birth and driver’s license was detected as far back as December 2016. The fact that Equifax was notified about the flaw — yet still waited until June of this year to patch it — left millions of Americans’ critical information exposed to hackers for several months.
3. The impact to consumers: Security experts are saying that consumers whose personal information was exploited could have to monitor credit activity for the rest of their lives. Since these types of personal details never change, identity thieves who have gained access to them through the Equifax hack or the underground economy can use the information to apply for new lines of credit at any time.
4. The impact to the credit reporting agency: Equifax’s CEO and several other executives are gone, but the financial impact of the security breach may still be yet to come. The one thing we do know is the damage the breach has had on Equifax’s brand reputation. It may be something the company may never fully recover from.
5. Recommended security steps: To help those affected protect themselves from identity fraud in the future, Equifax and other security experts recommend consumers freeze their credit reports, change their account passwords, sign up for fraud alerts and become aware of phishing scams.
While these security measures can help individuals protect themselves, it is only half the equation. The financial services industry must also step it up. This means ensuring they have effective authentication processes in place that don’t rely on unchanging personal information like Social Security numbers and dates of birth.
Unlike knowledge-based authentication (KBA) solutions that depend on what the customer knows, identification tools like the TRUSTID® Physical Caller Authentication don’t use personal information to verify customers over the telephone channel. Instead, TRUSTID uses advanced telephone network forensics to identify the physical location of the calling device while the phone is still ringing. Accessing this information in real-time allows banks to make instant security decisions on known spoofed calls, as well as suspicious calls coming from high-risk regions and countries.
Moving forward, banks and businesses need to implement authentication tools that identify customers without relying on sensitive customers data. Doing so will remove one of today’s biggest weapons for identity fraud — stolen personal information.