Between May and July this year 694,000 customers had their personal details stolen when the credit reference agency Equifax was the victim of a cyber-attack.
Although Equifax initially played down the severity of the breach, they have since admitted that the stolen data included usernames, passwords, secret questions and answers, email addresses and even credit card numbers.
The companies we trust with our sensitive data usually do a good job of keeping it safe – but what happens when they don’t? How can you check whether you’ve been put at risk – and what can you do if so?
What was stolen?
While 694,000 customers are likely to be significantly impacted by the breach – there were actually 14 million UK customer’s records stolen, although most only contained names and dates of birth.
Fortunately, names and birth dates are worth very little to criminals without the addition of other, more difficult to obtain, pieces of personal information. With this in mind, the focus has been on the smaller number of people who have been left vulnerable after the attack.
Although Equifax provide services to some large UK corporate companies, the stolen records are believed to belong to direct Equifax customers – i.e. people who have used the service to access and monitor their credit score.
How did it happen?
Equifax say that hackers exploited a vulnerability in their website – allowing them to access and download customer information that was held in an otherwise internal database.
As website users we only see pages and elements that are useful to us. But, behind the scenes, all websites are accessed through a series of secure control panels. These control panels are used by technical teams to administer the website; from what’s on display to the programming intricacies that allow us to log-in and perform sometimes complicated tasks.
Programming experts agree that in the case of this hack, criminals have been able to access passwords and bypass the security for these controls – allowing access to the data that is held within.
What does it mean to you?
It’s not until you understand what can be done with your personal data that the impact of the Equifax hack can be put into context.
Criminals use stolen data in a variety of ways:
- Bank account fraud
With enough of your data you can be impersonated, either online or over the telephone – allowing fraudsters to access and control your accounts.
When in control they can do a number of things, including; spending your money, transferring it out of your account or accessing credit in your name. This kind of fraud is the most common in the UK, with around 2.5 million crimes reported during 2016 and 2017.
- Accessing other accounts
Websites and online services generally use similar security measures to protect your data – and as users, we tend to answer with similar, if not the same, questions and passwords.
When a criminal has access to a chunk of your information, they are far more likely to be able to go on and access other online accounts belonging to you. With this information more data can be stolen – making you easier to impersonate, or even leading to fraudsters contacting you directly – convincingly posing as a company you have an account with.
- Obtain documents
With enough personal information criminals can request copies of your official documents and ID.
With these documents they may be able to obtain services and products – even posing as you in person. The most popular kind of crime that the physical theft of documents leads to is the obtaining of goods in store – such as mobile phones, electrical goods and high-value household items.
- Hi-jacking email and social media
Social media and email accounts can be the gateway for criminals to access hundreds – if not thousands of other people.
If stolen details can be used so someone else can pose as you online – your friends and family are likely to trust information that’s sent to them – because it appears to be from you. This means, hackers can quickly start harvesting other people’s personal details, as well as your own.
What should you do?
Equifax have committed to contacting all customers affected by the hack by letter – and should have already done so by now. If you suspect that you have been affected and haven’t heard directly from Equifax, you can call them on 0800 587 1584 – a dedicated advice line for UK customers in relation to the breach.
While the implications of this data-loss are vast, the message from the police and companies such as VectorCloud who are a leading IT Support company in Glasgow is to try not to panic about security, instead, work toward being as safe as you possibly can.
Check your accounts
Awareness is vitally important when you’re keeping your details safe. Checking your bank account and credit card statements for transactions you don’t recognise is a good first step and can be an indication if someone has used your details recently.
Checking your credit report is helpful too – if you see accounts or entries that don’t relate to products or services you’re aware of, it’s possible that they’ve been opened fraudulently. Contacting the companies in question is a good first step, but should be followed by a call to the police if it turns out your suspicions are correct.
Rather than calling your local police force – Action Fraud is the national police reporting centre for fraud and cyber-crime. They can be contacted on 0300 123 2040 and have specially trained staff to handle your case.
Tighten up online
55% of us admit to using the same passwords across virtually all our favourite websites and services – meaning one stolen password unlocks the door to your electronic life.
The strongest passwords contain upper and lower case latters, numbers and symbols. Although they can be difficult to remember there are handy free apps and services that can help with this.
Before you consider inputting any personal details into a website – you should always check that the site displays secure credentials – usually signified with a green padlock next to the website’s address. This means your data is encrypted and will be safely handled.
The Equifax hack shows that no company is 100% safe from criminals – but as more high-profile cases occur, businesses and internet users will be increasingly driven to make sure their own online practices are as safe as can be.