By Richard Swaisgood Server Engineer, Systems Integration
Unfortunately Equifax has been extremely tight lipped about any technical information. We know that the personal information of at least 143 million Americans was stolen by an unknown group and that they are offering credit protection services for about 1 year to users affected.
The current rumors are that they were using an older API (struts) to serialize and deserialize requests from user facing java applications to their core database, allowing the hackers to inject code into the java user side app to get access to the core database and get the sensitive info. This is of course all a rumor at this point, once more data gets release we’ll have a better understanding.
There are two things people can do right now to protect themselves, sign up for credit monitoring services (preferably not with Equifax) and, if you do not plan on opening any new credit accounts, freeze your credit. Keeping a close eye on the who’s been requesting your credit reports and what accounts have been opened can save you a lot of time as you can issue a credit freeze or dispute any new accounts from being opened relatively quickly. Preemptively freezing your credit will be the best thing to protect you but can cause issues if you are in the process of buying a home, a car or applying for any kind of credit. Unfortunately, with the kind of information leaked you will need to do this for a very long time, as hackers can just wait until the free 1 year of credit monitoring services expire and with the frequency of these attacks it might be better to have the credit monitoring services going indefinitely.
As for Equifax themselves, it’s hard for me to see a way they are able to survive this breach, the effects will be long lasting to nearly half of all Americans and there is already one class action lawsuit filed against them for $70 billion dollars with much more coming their way as people start being directly affected by this breach. Hopefully this breach helps companies understand how just one breach can completely change their business or even end it outright if enough information is lost and the importance of securing your data in today’s world of constant data breaches.