Was the Equifax breach avoidable?

Cybersecurity has been a hot issue in the banking industry for years, with regulators pushing bank leadership to mitigate risks by testing the security of platforms and online delivery channels to expose potential weaknesses. Equifax learned the hard way just how important this is.

Cybercriminals found and exploited a flaw in Equifax’s website in March 2017. Since Equifax failed to patch the hole, it was used again in May, June and July in a massive data breach. On October 2, Equifax announced that the cybersecurity firm Mandiant had completed the forensic portion of its investigation, and discovered that an updated total of 145.5 million Americans were potentially impacted. Stolen information included consumers’ names, Social Security numbers, birth dates, addresses, and in some cases, driver’s license numbers.

That’s not all. Equifax also revealed that credit card numbers for about 209,000 U.S. consumers were taken, in addition to some dispute documents containing personal information for about 182,000 people.

Rather than reveal the breach when it was discovered in late July and allow consumers to take immediate action to protect their personal information, Equifax waited until early September to warn consumers. Several Equifax executives, including the CEO, have resigned. The U.S. Justice Department has opened an investigation to determine if insider trading occurred after the breaches. Equifax also faces: lawsuits that have been filed by states and cities; class-action lawsuits; state and federal inquiries; congressional investigations; inquiries by the FTC and CFPB; and investigations by several state attorneys general.

Equifax is not alone. More than 825 million personal records were exposed in more than 6,400 data breaches in the 10-year period ending in 2016, according to the Identity Theft Resource Center. Last year alone, a record 15.4 million people in the U.S. were victims of identity theft resulting in $16 billion in losses, according to the 2017 Identity Fraud Study released by Javelin Strategy & Research.

There is a bit of good news. According to Business Insider, only 4 percent of identity-theft victims in 2014 had a new account opened in their name. While a freeze protects this from happening, it will not prevent the most common type of identity theft – misuse of current accounts. This occurs when an identity thief uses personal information to gain access to existing credit card accounts, for example, racking up fraudulent charges that can take consumers a significant amount of time to resolve.

This breach reminds us of the importance of having a strong patch management program and incident response plan. Contact your Rehmann advisor today to learn more.

Meet The Rehmann Team

Start typing a name ...
Searching for "{{nameQuery}}"...
Start typing an experience ...
Searching for "{{experienceQuery}}"...
Start typing a location ...
Searching for "{{locationQuery}}"...
Or view a list of team members

get rehmann expertise to drive your business in your inbox every week