Why the Equifax Leak Should Scare the Hell Out of You

Sean Burch

September 11, 2017 at 7:40 PM

Why the Equifax Leak Should Scare the Hell Out of You

Even to grizzled cybersecurity experts, the scale of Equifax’s massive data leak is dumfounding.

With a treasure trove of information compromised — including social security numbers, addresses, birthdays and driver licenses — Equifax’s failure to secure data has put 143 million Americans at risk of fraud. The Equifax case is potentially far more devastating than recent high-profile hacks of Sony, Yahoo, and Netflix, experts say.

“We sometimes hear about Yahoo and these other guys getting hacked. What I then do is go and change my password, maybe I get a new credit card,” Aviram Jenik, CEO of cybersecurity firm Beyond Security, told TheWrap. “What should I do now, get a new social security number? I’m stuck. I’m sitting at home, and there’s a guy out there with all my information which I cannot change.”

Also Read: Watch Harrison Ford Direct Traffic During New York Tunnel Backup (Video)

It’s a sobering assessment, coming from someone who helps companies protect their data for a living. But this isn’t any ordinary data hack.

Equifax’s hack was the product of a “known vulnerability” that is “something pretty easily detected,” according to Jenik. Companies hire security firms to weed out the known vulnerabilities in their system. Once spotted, a “patch” can be applied. Think of the leak like robbers trying to crack a safe: Hackers will consistently pepper companies like Equifax, looking to find an opening, similar to how a thief would continue to tilt a safe until he’s able to hear the correct combo to unlock it.

Now that Equifax’s safe has been cracked, Christmas has come early for cybercriminals.

Also Read: Patty Jenkins Closes Deal to Direct 'Wonder Woman' Sequel

“[Hacking] is very much a business,” said Mark Nunnikhoven, vice president of Trend Micro, a global leader in cybersecurity, in an interview with TheWrap. “There are strata of criminals within this world, where to commit cybercrime you do not need a massive amount of technical knowledge. You just need the right contacts and a little bit of startup capital.”

That’s bad news for the millions of people hit by Equifax’s breach. Hackers sell stolen individual identities on the black market for $5 to $30, according to Nunnikhoven. The fresher and more complete a profile — with social security numbers being the prized possession — the better. Once an identity is sold, there’s little to stop crooks from exploiting it.

“These identity documents can be used in real-world identity theft,” said Nunnikhoven. “So if you print up a fake social security card and walk into a bank that the originator of that social security number has never done business with, you can easily open an account in their name and be them for all intents and purposes.”

Also Read: Angelina Jolie's Netflix Movie 'First They Killed My Father' to Get Theatrical Release

Compounding the issue is the evergreen nature of the threat. Criminals can use the information at any time, and it could take years for signs of fraud to surface. As Jenik put it, “from now until I die, my information is out there.” With 143 million accounts to choose from, hackers can afford to play the long game.

Perhaps the least inspiring aspect of Equifax’s leak is the lack of options to curb its damage. Both Jenik and Nunnikhoven said the remedies are few, but pointed to a credit freeze as one of the few must-do moves for consumers. A credit freeze involves calling the big four firms — Equifax, Experian, Orbitz, and TransUnion — and putting a security lock on your credit checking, which will prevent anyone from taking out more credit against your identity. (Of course, the downside to this is it hampers your ability to take out credit as well.)

Unsettlingly, the Equifax hack may be a harbinger of identity theft becoming increasingly commonplace.

Also Read: Why 'Fauda' Is the Best-Kept Secret on Netflix

“The reality of cybersecurity today is — no matter how well prepared you are, no matter how much technology, how well you’ve trained your teams — at some point, a hack is going to be successful,” said Nunnikhoven. “We see hundreds of thousands of attempts per day. One of them is going to get through at some point. The real question is how well can you detect it and recover from it.”

With its stock tanking and customers enraged by its struggling support team, Equifax’s recovery is about as secure as its data.

Related stories from TheWrap:

Craig Carton 'Is Gonna Get Whacked' Over Ticket Scheme, Radio Rival Don Imus Says (Video)

'Game of Thrones': How HBO Beat Its Hackers

Stephen Colbert Asks Ordinary Russians if They Hacked Our Election (Video)

BusinessYahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
SportsYahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
SportsYahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
SportsYahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
SportsYahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
U.S.Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
SportsYahoo Sports
Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns
Ball hasn't played since the 2021-22 season.
SportsYahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
SportsYahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
BusinessYahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Why the Equifax Leak Should Scare the Hell Out of You

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

NFL Draft grades for all 32 teams | Zero Blitz

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

CVS stock plunges after earnings numbers one analyst 'did not even believe'