Yesterday became a dark day in the history of cybersecurity at one particular company. Consumer credit reporting agency Equifax admitted to having been attacked earlier this year. The company confirms that 143 million US consumers have been affected. Data that has been stolen includes full names, social security numbers, dates of birth and in some cases ID numbers.
The hackers have also accessed data from Canadian and UK consumers. Crucially, the credit card numbers of close to 209,000 consumers have been hijacked. Shares of the company are about to tank 13 percent at market open, but we will focus on the ramifications for the industry.
Data That Hasn’t Been Shared Has Been Accessed
In all likelihood, if you are one of the affected users, you haven’t even shared your information with Equifax. The company is a credit assessment firm that collects information from people in over 80 countries.
— Non-Token Podcast (@NontokenBlckGuy) September 8, 2017
Equifax has set up a website where potentially affected users can check the risk of their personal data being stolen during the hack. However the security features of the newly established equifaxsecurity2017.com are prompting questions. As we can see from the screenshot below, some browsers consider the website to be phishing.
Equifax’s solution to the problem only raises more eyebrows as we find that is built on a stock installation of WordPress. The website requires visitors to enter their last name and all but three numbers of a social security number to check whether they have been affected by the data breach.
Equifax is being mocked and battered all over the place by unhappy consumers whose data might have been accessed without them even being required to provide any form of consent.
Don’t forget to change your name, date of birth, home address and social security number regularly.
— Sarah Jamie Lewis (@SarahJamieLewis) September 7, 2017
— Akinwumi j Oyebade (@oyebee) September 7, 2017
Brokers Wary of Cybersecurity Breaches
Brokers, especially in the US, should be weary of prospective online impersonation attempts. Data that has been stolen in the US could have been sold to third parties outside of the country to facilitate money laundering and other types of fraud. Vigilant monitoring of suspicious activity is required in order to prevent identity theft attempts.
A recent rise in DDOS attacks against brokers, together with ransom demands, has been reported to Finance Magnates by industry insiders. The biggest risk to companies come from yielding to such demands, as such actions inevitably encourage the perpetrators to continue.
Now is the time for companies that are aiming to design security-related blockchain solutions to think about their ICO, and get their white papers ready.