Posted by: Heather Shy on February 15, 2019 at 8:00 am
CNBC dove into a mystery recently: Whatever happened to the Equifax data compromised in the 2017 breach?
At the time, and for months after, the breach was a huge news story. Analyses of what went wrong. Consumer news stories on how to lock your credit history. Federal laws even changed — credit reporting agencies can no longer charge fees to lock and unlock your credit history. We even wrote a blog post about the breach.
After all, highly-sensitive financial data was stolen from nearly half the population of the United States. It was kind of a big deal.
Those interested in cybersecurity realize that the information leaked in the breach would be extremely attractive to criminals that run common scams. Social Security numbers, driver’s license data, credit histories, lists of former addresses — all of these are highly valuable to hackers and data thieves.
Therefore, a reasonable person might expect that data to appear for sale on the dark web fairly quickly. However, security experts cannot find that data for sale.
The slightly-good news: Your credit information lost in the Equifax breach might not be for sale to the highest bidder.
The bad news: No one really knows what happened to it.
Two Theories About the Equifax Data
CNBC interviewed several cybersecurity experts, resulting in two general theories about what happened to the Equifax data:
- It was too “hot” to list for sale. After all, any movement of this highly-specific data on the dark web would surely attract the attention of information security experts. The thieves may be holding it to release much later. Over time, however, the accuracy of this kind of data degrades, making it less valuable.
- The theft was conducted by, or on behalf of, a foreign nation-state for spying purposes. In combination with other breached data (for example, the 2015 breach of the Office of Personnel Management, which processes security clearance for U.S. government officials), the Equifax data could be highly effective in identifying potential espionage agents.
That second one sounds a little far-fetched, right? But the potential for data combination is one reason network security is essential for any entity.
The search continues. CNBC quotes Jamil Farshchi, the chief information security officer of Equifax, saying, “We are all working to be able to consistently determine whether this data is out there and whether it has ever been out there.”
And most consumers would probably agree that laws making it free to lock and unlock your credit history are a good thing.
Still, it pays to be cautious. Regularly monitor your personal credit reports, especially if your personal credit history affects your business finances in anyway. Be aware of scams like the W-2 scam (rampant right now), gift card scams, and other simple-but-effective financial attacks.
And make sure your computer network has basic security protections: a firewall, anti-virus, security monitoring, and comprehensive backups. These precautions will help prevent your company from being the next Equifax — keeping your business finances and your clients’ data safe from predators.