How to Respond to the Equifax Hack


Yesterday, Equifax announced that they were the victim of a computer hack that exposed the names, addresses and address histories, telephone numbers, driver's licenses, and Social Security Numbers of over 143 million Americans.

Although that may sound pretty bad it's not all together unusual. Equifax, Experian, and TransUnion have all reported hacks since 2013. Your risk position may not have changed all that significantly.

Still, I've some ideas on how to respond to the latest hack.

1. Phishing Attacks Will Increase.

It's likely that your Personal Private Information (PPI) exposed in the hack will lead to targeted spear phishing. Look out for emails that call you out by name and attempt to compel you to do something, like, surrender more information, or, access a questionable website.

2. Password Reset Requests Will Increase.

Armed with a lot of PPI, hackers may attempt to access critical accounts using the information revealed by the hack. If you receive password reset notices, make sure that you take extra precautions - like enabling two-factor authentication and creating a strong password - on the  affected website. 

3. Mobile Phone Spoofing Will Increase.

In the tech world, there are ways to emulate a cell phone telephone number on another phone. I won't bother to explain the details, but, suffice to say that there are means of redirecting your phone number to another phone. This phone number is how credit agencies, banks, and other providers try to identify you, so, if someone spoofs your phone and can receive calls and texts that you'd normally receive, they can pretend to be you. Be on the lookout for suspicious carrier activity - like unusual requests from your cell phone carrier to switch services, plans, rotate or disable phone numbers, etc.

4. Spamming Will Increase.

Prepare for a deluge of targeted spam. Learn how to lean on your spam filters to help cut out the noise; have a meaningful conversation about mail filtering with your technology services provider.

5. Bogus Credit Applications Will Increase.

Our country has very relaxed laws about who can see your credit report and make changes to it, or, use it to obtain credit. It's pretty much up to you to monitor your credit against the three agencies and to follow-up with suspicious activity. If you're concerned, you may wish to instruct these agencies to "lock" your credit report which flags your report as requiring specific authorization to be used to validate credit. You'd then, at least, be notified of suspicious activity.

6. Telephony (Calls and Texts) and Physical Mail Spam Will Increase.

Prepare for more telephone-based telemarketing and junk mail. Look out for mail that attempts to confirm credit information, surrender more information, or, approve new accounts. 

7. Increased Debit/Credit Card Vulnerability.

Keep a watchful eye on your credit card and debit cards. Watch the transactions for suspicious activities. Contact your bank for help if you note anything suspicious so that you won't be liable for the charges. Do you need to ditch your cards and get new ones? Not really - not until suspicious activity has been found. You're just as vulnerable to these kinds of hacks as you were yesterday.

The Loss of Privacy and the Absence of Accountability

It's a personal violation when these kinds of things happen. You'd wish that companies could be held more to account than just saying "I'm sorry" and then offering you credit monitoring services to somehow makeup for the fact that it was due to their negligence that your PPI is in the open.

The real tragedy is that - even though we've had the problem of high-volume data breaches for well over the last decade - our lawmakers haven't introduced civil and criminal penalties that compel companies to operate better. They don't even have a national reporting standard to divulge these hacks to consumers which is why it took months for Equifax to reveal it.

And to add insult to injury, three Equifax execs sold stock positions after finding out about the breach but before announcing it to the public, so they could profit before the company's stock took a hit.

It's the problem of accountability that shifts risk from corporations who're supposed to be the custodians of our PPI, to you, me, the consumer, and we're stuck with the consequences. That's the real problem here. Encourage your government to develop cybersecurity standards and data breach notification laws to hold industry accountable for their mismanagement of your private data.