September 12, 2017
With recent news that cyber criminals stole 143 million credit records in a hacking scandal at big-three credit bureau Equifax, highly targeted spear phishing attacks are expected. Stu Sjouwerman, Founder and CEO of KnowBe4, Inc., writes, “We have not seen actual Equifax phishing attacks at this point yet, but you can expect them in the coming days and weeks because the bad guys are going to take their most efficient way to leverage this data… email.”
According to reports, Equifax said the breach happened between mid-May and July. Equifax discovered the hack on July 29 and informed the public on September 7. The question has yet to be answered as to why Equifax waited six weeks before letting the public know about the massive security breach.
Nonetheless, a lot of personal and sometimes confidential information that is tracked by Equifax – such as social security numbers, full names, addresses, birth dates, and even driver’s license and credit card numbers – is now up for grabs. The still unknown hackers don’t care how good your credit score is, but only how well they’ll score by selling your information on the dark web to organized crime for premium prices.
It isn’t too late to make sure your employees are aware of the hack and remind them not to fall for these four things:
1) Phishing emails that claim to be from Equifax where you can check if your data was compromised
2) Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
3) Calls from scammers that claim they are from your bank or credit union
4) Fraudulent charges on any credit card because your identity was stolen
Furthermore, here are five things to recommend your employees do to prevent identity theft:
1) First, sign up for credit monitoring (there are many companies providing that service including Equifax, but Sjouwerman doesn’t recommend going that route).
2) Next, freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/.
3) Check your credit reports via the free annualcreditreport.com.
4) Check your bank and credit card statements for any unauthorized activity.
5) If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.
Finally, for your organization, security awareness training and phishing tests can go a long way in keeping protected health information (PHI) just that, protected. We can help. Contact the HIPAA experts at PrivaPlan today at firstname.lastname@example.org or call 877-218-7707.