The phrase data breach is terrifying, especially in this current day and age when we put our entire lives online. Our social lives, personal information, and sensitive identity documents are all stored on the cloud. If a data breach happens, a company is required to disclose that information to the public and rectify the situation as soon as they are aware.
The problem is that it can take a while before they are even aware that they have been hacked. You might have heard of some of the big data breaches, such as Target in 2013 and Home Depot in 2014.
In this article, we will discuss some of the more recent data breaches that involved the biggest credit monitoring companies in the world, Equifax and Experian.
What is a Data Breach?
A data breach is a security flaw that is exploited by an unauthorized user to access consumer information. The main goal of the cyberattack is to gain access to sensitive information such as credit card information, social security numbers, and other personal data.
Once a hacker has this information, they can use it to make purchases with consumer’s money or commit identity theft.
Why Do Data Breaches Occur, and Can They Be Prevented?
The truth is, technology is moving so quickly it can be difficult for companies to keep up with rapidly changing security protocols.
It is best to hire an expert in information security to handle these areas for you. Since technology moves so fast, cybercriminals can use this hyper-paced environment to exploit a once-foolproof security system.
A data breach can occur due to user errors, weak passwords, malware attacks, or the exploitation of system vulnerabilities. They can be prevented if a professional information security team locks down your system.
It is important to educate your employees on the basics of information security and safe web browsing.
It is critical to have a team that can continuously monitor your network for possible vulnerabilities.
Credit Monitoring Companies and the Need For Information Security
Both Experian and Equifax are two of the biggest credit monitoring companies in the United States.
These companies collect, monitor, and dispense credit information to lenders to judge an applicant’s worthiness for a loan. Both Experian and Equifax use and store the same personal information, such as social security numbers, driver’s license numbers, date of birth, name, address, employers, previous credit reports, and account summaries.
As you can see, credit bureaus collect and store the most sensitive personal data of their customers. If any company needs to have an iron vault for a network, then it is a credit monitoring company.
Information security should be the first priority for a credit bureau due to the massive amount of personal data that is stored on their servers.
As you will see, the Experian and Equifax data breach caused millions of consumers’ data to be compromised due to a lack of information security protocols.
2020 Experian Data Breach
How Did This Data Breach Happen?
One of the more recent data breaches involved Experian South Africa. The Experian data breach was discovered online when a large data file was discovered on the popular data transfer website WeSendIt.
But, who uploaded the file?
The Experian data had been handed over to a cybercriminal who was pretending to be representing one of Experian’s clients.
The leak appears to have been caused by a user error in the verification process for confirming a customer’s identity. Experian had been notified about the leak in the months before August and made attempts to plug the hole.
In August 2020, after investigating the fraudulent data inquiry, Experian claimed to have recovered all of the data and that none of their customer’s financial or credit-related information was compromised.
This was when, after further review, the data dump file showed up on WeSendIt.
Who Was Affected by the Experian Data Breach?
It is currently being estimated that nearly 24 million South Africans and 800,000 businesses have been exposed due to the latest Experian data breach. Since the investigation is still ongoing, there may not be a clear picture of what damage has been done.
What Type of Information Was Leaked?
Since the data file came directly from Experian themselves, it is estimated that banking details, phone numbers, places of employment, and places of residence may have been compromised.
Did Experian Do Enough?
Many times when a consumer’s personal information is compromised, it is sold many times on the dark web for money. While Experian attempted to investigate the situation, the file on WeSendIt may have already made it to millions of users on the internet.
While Experian may have requested the data file be removed from WeSendIt, the hacker had access to the files for nearly 3 months. In that short amount of time, the personal information of millions of people could have been exposed.
It is possible that hackers who have acquired the data can attempt to manipulate people into giving them access to additional data.
This can be done by phishing emails or malware attacks.
2017 Equifax Data Breach
How Did The Data Breach Happen?
Believe it or not, the Equifax data breach was even bigger than the Experian one. It occurred between May and July 2017, due to a security exploit on the Equifax servers.
In 2017, Equifax was using the open-source software Apache Struts to help employees and consumers manage credit disputes, which is a major key in their day-to-day business operations. Apache released a major update for the Struts program on March 7, 2017.
They urged IT managers to update immediately since the update patched a major security flaw within the Apache Struts framework.
After investigating the data breach, it was determined it started on May 12, 2017. Equifax had not deployed the latest Apache Struts update as of that date. The cybercriminals used the newfound security flaw to gain access to Equifax’s internal servers.
While security flaws may go unnoticed for some time, hackers monitor the release of important updates to software programs to determine what flaw has been patched and who has yet to update to the latest version.
The first type of information that the cyberattacks targeted were the login credentials of Equifax employees. This allowed them to search credit reports and other consumer data under the guise of employees and authorized users. The cybercriminals ran a search of more than 9000 consumer records and stored them in temporary files to extract them from the server.
The Equifax data breach went on until July 29, 2017, when the breach was discovered. The system of scanning consumer records and extracting them went on for 76 days. The very next day Equifax shut down the hackers and patched the exploit.
The result of the Equifax breach was mainly due to not maintaining and updating their systems and applications with the latest updates and security patches.
After further investigation, it was discovered that Equifax’s network contained improperly encrypted personally identifiable information and lack of breach detection protocols.
Who Was Affected By the Equifax Data Breach?
This Equifax data breach was one of the biggest in terms of how many people’s personal information was compromised. It is estimated that nearly 147 million American citizens, 15.2 million UK citizens, and 19,000 Canadian citizens were affected by the breach.
What Type of Information Was Compromised?
Most of the information compromised was first and last names, social security numbers, addresses, and driver’s license numbers. The exposure of all of this data could lead to identity theft, credit card fraud, and hundreds of losses for both consumers and Equifax.
How Did Equifax Rectify the Situation?
Equifax went public about the breach on September 7, 2017. Immediately following the announcement, their shares dropped by 13%. A data breach can be devastating to business operations and can result in financial ruin. On September 28, Equifax implemented new policies that would allow consumers to have complete control over their personal credit data.
After Equifax disclosed the breach, lawsuits were filed by numerous consumers and class-action lawsuit firms. On July 22, 2019, Equifax agreed to a settlement with the Federal Trade Commission (FTC) to provide funds to affected individuals and alleviate any future issues regarding information security and their network.
In the Equifax Data Breach settlement, consumers can file a claim to ensure they are compensated for their losses. Within the settlement agreement, Equifax offers all affected individuals a cash payment of $125 or free credit monitoring.
The credit monitoring is free for life. If you were monetarily affected or suffered greatly from the breach, then you can file a claim for up to $20,000. The settlement also requires Equifax to provide 6 free credit reports per year.
They have also included clauses to help with identity restoration and identity theft protection as well.
The deadline to file an initial claim passed on January 22, 2020. However, Equifax has since opened an extended claim filing process for consumers. The settlement administrator will accept claims until further notice.
How Can You Prevent Data Breaches Like These From Happening to Your Business?
As you can see, experiencing a data breach can cost businesses and consumers millions of dollars. It can ruin a brand’s reputation and result in the loss of customers. The best way to prevent a data breach is to hire a professional team to handle your information security to ensure nothing is overlooked.
Let’s start with the two basic information security tips that these credit monitoring companies overlooked.
The Experian data breach could have been prevented by training employees on the proper verification methods for accessing sensitive data. We recommend training employees on basic and advanced information security protocols at least every quarter.
You should explain web browsing safety, which includes how to spot phishing emails and drive-by malware downloads.
The Equifax data breach could have been prevented by properly updating and maintaining network applications, software, and hardware. A crucial part of preventing security exploitations is to constantly monitor, update, and test your network and every application that your company uses.
As we said, technology moves amazingly fast, and hackers move just as fast. As a company, your information security personnel should move even faster to ensure security flaws are dealt with in a timely manner.
Besides these two major information security protocols, it is important to maintain a well-rounded and secure network.
You should create unique IDs for every authorized user on the network and restrict all personal data on a business need to know basis.
You should encrypt all stored personal data, whether you are storing, transmitting, or remitting personal information.
Frequently Asked Questions
What organization protects consumer's rights during a data breach?
How can I make a complaint to the FTC about the 2017 Equifax data breach?
What should I do if I think my data has been compromised by Experian or Equifax?
Will freezing my credit affect my credit score?
How can I be more careful with my personal data?
The Bottom Line
In this article, we discussed two of the major data breaches from credit reporting agencies.
As you can see, the need for proper information security increases the more user data you collect, store, and transmit. Data breaches can be detrimental to a business, but they don’t have to happen to you.
We recommend getting a third-party expert’s opinion of how you can safeguard your business from a data breach. According to security experts, a data breach can cost anywhere between $1.25 million to over $8.19 million.
Hackers move and exploit security flaws quickly, but you can move quicker by contacting us for a free consultation and report.