The credit monitoring company Equifax has revealed a breach exposed the personal details of up to 143 million Americans.
Equifax said in a statement that cyber criminals had accessed data such as Social Security numbers, birth dates, and addresses during the incident which is reported to have taken place between mid-May and the end of July.
Though technical details of the breach are unclear, Equifax said malicious hackers had won access to its systems by exploiting a website application vulnerability.
The news of this breach comes as another reminder about the dangers of poor security design and irregular testing. Too often companies focus on features and functions and layer security on as an afterthought, that must change. Hackers and cyber criminals can quickly exploit any flaw in a web application without too much trouble and from what I’ve seen this looks to be the case here.
Organizations must address these issues and re-focus on the security fundamentals. Basic security hygiene could have been enough to prevent a breach of this scale from happening. Security isn’t a one-time investment, it requires constant thought, attention, and action.
For those affected by this breach, it’s crucial that they stay vigilant. The details exposed in this incident are enough for a hacker to commit fraudulent acts and even steal personal identities.
Here’s a quick overview of what to watch out for:
- Emails purporting to be from a known organization asking to confirm personal details or requesting username and password information
- Ensure commonly used passwords are changed
- If you’re ever unsure about an email, letter or phone call it’s always recommended to contact a company directly, by phone, to check it’s an authentic communication.