17 Months Later, The Equifax Breach Still Baffles Security Experts

Laura BednarCybersecurityLeave a Comment


The Mystery of Equifax Data Breach Continues

The 2017 Equifax breach continues to stump security professionals. It’s been nearly two years since the consumer reporting credit agency company was breached, but the information from the breach has still not shown up anywhere. Unlike other data breaches, hackers will sell the databases of information on the dark web. This information is then purchased and bought by a variety of malicious third parties who use it to hack other accounts. However, the fact the information is not available anywhere online leads security officials to believe that the data collected in the breach might be used to spy on United States citizens.

Now, 17 months and a credit freezing bill later, nothing has happened. There have been no scams, there have been no leaks online, or fraud, or anything. The data simply disappeared into what seems to be a Bermuda Triangle of the internet.

What Information Was Collected in the Data Breach

In Jul. 2017, Equifax discovered their systems were breached between May and July of that same year. The information in the breach contained social security numbers, eleven million drivers license numbers, address, first and last names, email addresses, phone numbers and more.

Upon an investigation conducted by CNBC, the information from the Equifax breach is not anywhere. There are several possibilities that experts think happened. The first possibility is that criminals want to sell the information online. The second possibility is the information was sold to Russia or China. If it is a foreign group of people has information on United States citizens they could target appointed officials. Threatening any appointed official could be blackmailed into leaking information or more.

Data Breaches Continue To Wreak Havoc

In 2014, the first big data breaches began to make headlines. First, it was Yahoo, followed by Target. Since these two big ones, a series of data breaches continue to crop up and no one is safe. However, while data breaches and consumer data mismanagement continue to rise, little has been done in the United States. Brazil and the European Union are implementing strict consequences for data mismanagement.

GDPR is arguably the most strict. Enacted in May 2018, the General Data Protection Regulation can impose strict financial consequences on any company who fails to protect customer information and fails to report a breach within the allotted time.

The United States is moving along like a snail. Many bills have been introduced since 2013, but none have passed. The most recent is the Consumer Data Protection Act by Sen. Ron Wyden. This bill, if passed would put executives in jail for data mismanagement. After the Marriott Breach of nearly 500 million people, talks about data management legislation are emerging.

What To Do In Case of a Data Breach

Chances are if you have an online account, you’ve been impacted by a data breach. First, if you are notified about a breach, change the passwords to all of the accounts. Second, observe your bank account and credit card to ensure no fraudulent activity takes place. Third, use a password manager and two-factor authentication on your accounts. If possible, try to not store personal information on site. For example, since dating apps require a lot of personally identifiable information such as name, interests and more, try to filter out or be vague with your answers.

If you are a business and suffering a data breach. SecureData can help. Our data breach incident response team can deploy anywhere in the world within 24 hours to help stop a breach, identify who breached systems, and more. Call us for a free phone consultation today at 1-800-288-1407.