When credit reporting company Equifax’s data was compromised last month, the estimate of affected people was around 2.5 million. A month has gone by, and that number has now risen to 4.6 million people affected in all. The general threat of the data breach affects nearly 145 million Americans.
What Types of Data Were Compromised?
Names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers were accessed. These are called personally identifiable information, or PII. In its press release after the cyber security incident, Equifax outlined the details. A web application vulnerability in the United States was exploited by bad actors to gain access to the information. As of the press release, no unauthorized activity was detected in the credit reporting databases.
Meanwhile, rival credit reporting company TransUnion published answers to some frequently asked questions, or FAQs, including how to freeze a credit report and how to protect your identity. TransUnion yesterday revealed through a filing that it has hired several cyber security-focused lobbyists in Washington, D.C. In an email to Recode, a TransUnion spokesperson said that the company had “engaged additional lobbyists to help us monitor and respond to legislative and regulatory reaction to the Equifax breach announcement.”
Was TransUnion Affected During the Equifax Breach?
TransUnion doesn’t seem to have affected by the Equifax breach, and it is not known whether it experienced a breach of its own. Nevertheless, lawmakers and government agencies like the FTC and even the State of New York are up in arms against the entire credit reporting industry, within which the three major reporting bureaus are Equifax, TransUnion and Experian.
Consumers seem to be panicking as well. TransUnion last week acknowledged that its call center spending had increased as consumers call in for credit freezes or simply to have their concerns addressed.
Though both agencies use the same software, it appears that TransUnion’s version was kept up to date, per TransUnion’s CFO, Todd Cello. That clearly implies that Equifax’s version was not.
For now, watch out for new regulations being slapped on the credit reporting industry from lawmakers that are concerned for the nation’s – and their own – security online.
The incident underlines the need for greater awareness and proactive action within the cyber security industry. Clients not updating their software in a timely manner seem to be one of the biggest challenges facing software companies of late, and this year’s elevated levels of reported incidents of ransomware and other malware all point to the same conclusion.
No software is unhackable, but security updates and patches do help to a great extent. The problem is, IT departments across various industries are often resource-constrained in one way or another, and they end up not being able to do their jobs.
But rather than engage in a blame game, it is up to CEOs and management teams to recognize the very real threat of a cyber attack, and take appropriate measures to protect their companies. And our advice for individuals, take online security very seriously, keep your software and operating systems up to date at all times, and alert the appropriate authorities or companies involved when you notice something irregular.