It’s often the companies we think highly of that become the subjects in stories revolving around security and data leaks. Equifax, one of the world’s biggest credit report companies, is the latest company to be hit by a data breach and consequently a storm of criticism. Their security was recently compromised by a group of hackers, potentially threatening the personal information of 143 million U.S. consumers. Unfortunately America isn’t the only country to be affected, as a severe password blunder was uncovered in Equifax’s Argentina division as well.
Sensitive Information Got Compromised
In September 2017 Equifax revealed that hackers “exploited U.S. website application vulnerability”, resulting in a massive security breach in the company’s databases holding vast amounts of data. The shadowy individuals got their hands on sensitive information like social security numbers, birth dates, and even driver’s license numbers of 182,000 U.S. residents. It’s bad enough in itself, but 209,000 people also got their credit card information accessed. But the list doesn’t stop here, as Equifax also stated that the privacy attack may have affected the data of customers based in Canada and United Kingdom. Interestingly, the company admitted that the breach happened between May and June 2017, but they waited with the official disclosure to accurately measure the damage.
User: Admin, Password: Admin
As privacy experts started to rock the boat, another equally concerning security flaw has surfaced. This time, however, the reason was reflectance instead of spite. The experts of the cyber investigation company Hold Security LLC examined the Argentinian operations of Equifax, called Veraz. As it turned out, their online tool to manage credit report disputes had a paper thin defense. The researchers managed to gain access to the portal by simply typing in the most obvious name/password combination: admin/admin. This opened up access for them to more than 14,000 records, which again included the social security numbers of several Argentinian citizens. Since this astonishing lack of care and precaution was brought to life by security experts, the gap was closed before others could take advantage of it.
A Lesson to Be Learned
In cases like this, high level of consumer diligence is recommended. To their credit, Equifax set up a website where customers can learn whether or not their account was compromised, coupled with one year of credit file monitoring and identity theft protection, free of charge. Still, we urge you take matters in your own hands. A VPN service is useful to protect your live data stream by adding an encryption layer to it that prevents information from being intercepted, preventing another form of data leaking. As for avoiding easy-to-crack passwords, opt for a password manager app that not only generates complex keys, but also stores them in a secure manner.
And if you really intend to counter an information breach, utilize an identity theft protection service. Take Lifelock, for example: using a small set of personal data (name, email address, social security number) they constantly scan the internet, looking for anomalies such as an increase in credit card activity, unauthorized address changes, online payday lending and related black market dealings.
Hopefully this cybercrime won’t impact the life of too many consumers. But yet again the importance of uncompromised security measures was proven, and it may have convinced people to take their personal information and privacy more seriously.