The Equifax server breach, as finally acknowledged earlier this week by the company — a US Credit Bureau — could see half of the US at risk of fraud for an indefinite amount of time, according to Dan Goodin, security editor for Ars Technica.
While the sheer number of people affected by the breach are not as massive as several earlier hacks, the Equifax hack contains extremely sensitive personal data.
According to Goodin, while earlier wide-ranging attacks on Yahoo exposed login details for some 1 billion users, and an additional breach at AdultFriendFinder — a social network devoted to sexual liaisons — exposed data for some 412 million users, both have been seen as inconvenient but not dangerous as, in most cases, the risk could be eliminated by changing a password. In worst-case situations, users could contact their bank and receive a new credit card.
In the case of the Equifax data breach, however, important personal legal data has been leaked — the kind of data that cannot be changed easily.
That data includes full names, Social Security numbers, birth dates and driver license numbers, the kind of personal information that can easily be used to open accounts online that could leave persons with staggering financial responsibilities that they never agreed to, and, in many cases, did not learn about until the damage was done.
Criminals and fraudsters will surely find ways to illegally profit using this information, suggests Goodin, but hostile foreign governments could use this data to inflict harm on the United States as well.
Gooding points out that while 143 million people is a relatively small number, all of the compromised names are US citizens; a population known to be relatively wealthy, extremely vulnerable and now highly at risk.
“When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come,” Goodin stated.
According to Ars Technica, Equifax displayed sloppy and reckless security procedures on many occasions, starting with having portions of the admin login script embedded into the website’s code — maybe not enough to gain access to the website, but definitely making access way easier.
Following the breach, Equifax did not announce it for five weeks, while some of the company’s executives quickly sold as much of their stock as they could, without raising too many eyebrows on Wall Street.
While sloppy security is sadly, not big news, the fact that real-world credentials have been leaked en masse certainly is.
Watch your back, your bank, and your bottom line, folks, data hacking of sensitive personal information has made a quantum leap.