With over 143 million people exposed in the Equifax data hack of July 2017, there’s a good chance you’re affected if you have a credit rating. There’s perhaps little comfort in the dozens of class action suits stemming from the breach when you know that your personal information including social security number and credit cards may be floating around in cyberspace. Though it’s still early in the game and not a lot is certain, let’s take a look at where things are generally thought to stand.
Unfortunately, no one seems sure. It looks like it was the first attack using this vulnerability, thought to be from Apache Struts. This is an open-source software for creating Java applications. No one is sure which vulnerability was used, and no fix is yet available. Called a “zero-day” hack, the programming may fetch a good price for the coder on the hacker’s black market.
What could happen — to me?
There are two types of fraud that the Equifax breach may lead to: account takeover and identity takeover.
Account takeover aims at your credit cards and extracting value from these in the form of purchases and cash advances. As well as straight theft, fraudsters can pose as bank officials and try to have you reveal PIN codes and passwords. If they convince you, you’re even more vulnerable to loss.
Identity takeover creates even more trouble. With your social security number and other data, someone can file a tax return and direct refunds to shadow accounts. I predict that the 2017 tax season will set records for both early filing and tax fraud. The right data is out there.
What should I do?
You can freeze your credit, get new cards, or watch your account via Equifax’s free offer of one year of credit monitoring. Since social security numbers don’t expire, your identity could be stolen this year, next year, or 10 years from now. That’s probably the biggest potential issue. Social security’s role as an identifier is weakened, and it leaves you vulnerable until another solution arises.