In the wake of Equifax Inc.’s recent data breach announcement, inpiduals and corporations around the world are asking “What does this mean for me?” and, more importantly, “What should I do about it?”

What Happened

On Sept. 7, 2017, Equifax Inc. announced that between May and June of this year, unknown cyber attackers exploited a vulnerability in one of the company’s external web applications, and obtained unauthorized access to personal identifying information (PII) for approximately 143 million consumers across the US, UK, and Canada. The PII consisted of names, social security numbers, and birth dates, as well as 209,000 credit card numbers, among other data. The company also stated that there was no evidence of unauthorized access to core consumer and commercial credit reporting databases.

What it Means

In a trend that many in the cybersecurity industry have observed in recent years, including incidents Nardello & Co. has helped clients remediate, sophisticated cyber actors are focusing more on quality of data, rather than quantity. While the sheer volume of records exposed in this incident arguably places it among the top breaches of all time, the type of data exposed is particularly valuable to a cybercriminal as it can be used to perpetuate other types of crimes (e.g. identity theft, tax fraud, Medicare fraud, etc.). While the source of the attack is still unknown, it should not be assumed that it was a financially motivated attack. In recent years, nation-state actors have compromised multiple US government agencies and medical organizations in an effort to build a dossier of personal data on US citizens that could be used in future intelligence operations or cyber-attacks. In the hands of an adversarial nation, this volume of PII could potentially destabilize a nation’s economic infrastructure or the economic security of its citizens.

What You Should Do Personally

• Check if You Are Affected. Equifax has set up a website www.equifaxsecurity2017.com to help people check if they’ve been affected and sign up for credit monitoring. However, there have been reports of inconsistent information on this site, so the prudent approach is to assume your data was compromised and take additional steps to secure your data.
• Lock Your Credit. All three credit bureaus offer credit freeze services that prevents creditors from viewing your credit file. You will have to contact each credit bureau to enable the freeze and to unfreeze it when you apply for credit, but it adds an additional layer of security.
• Check Statements Regularly. Being a good steward of your own data is the best way to limit your personal impact from incidents such as this. Regularly monitor your credit reports and financial statements to identify anomalies and fraudulent charges.

What You Should Do Professionally

• Patch and Vulnerability Management. The external website vulnerability that was purportedly exploited in this attack arguably could have been addressed via a rigorous patch and vulnerability management program. Such programs will help reduce the likelihood of exploitation.
• Defense-in-Depth. This common approach to cybersecurity reduces the likelihood of a single point of failure in a cyber-attack. A comprehensive security model that relies on people, process, and technology is the best approach to reducing cyber-risk.
• Crisis & Incident Response Planning. In incidents like this, time is of the essence. A rapid, well-coordinated response to cyber-attacks greatly reduces the overall financial and brand impacts. Organizations should establish and regularly test formal incident response procedures to ensure roles and responsibilities are clearly established.

Our Digital Investigations & Cybersecurity Services

• Incident Response & Crisis Management. Our incident response services help clients respond tactically and strategically to unplanned cyber events by deploying a multidisciplinary team of digital investigators and breach responders that contain and eradicate the threat actor from a client’s environment. All while focusing on business continuity and minimizing financial impact.
• Computer Forensic Investigations. We can image, preserve and investigate all manners of digital data, including data on hard drives, publicly available websites, mobile devices, flash drives, network servers and the Cloud.
• Cyber Threat Assessments. Our cyber threat assessments provide clients with a customized, comprehensive analysis of the cyber threat landscape as it applies to their business, their industry, and their geographic footprint, enabling them to make informed risk-based decisions.
• Cyber Due Diligence. We provide our clients with the insight and intelligence they need to properly assess and evaluate the cyber-based risk associated with future business partners, M&A deals, or other third-party relationships
• Cybersecurity Consulting. Our cybersecurity consulting services are designed to help our clients proactively manage and mitigate cyber risk, improve their security posture, and prepare for future cyber incidents. Leveraging our legal-focused approach, we help clients translate cyber threats into business risk, allowing them to make informed, strategic, risk-based decisions.
• Social Media Analysis & Deep/Dark Web Research. We help our clients analyze and resolve social media-related challenges, including dealing with social media harassment or libel campaigns, analyzing social media relationships of third parties and capturing social media evidence.
• Compliance & Best Practices Guidance. We provide digital compliance counseling and best practices guidance, working closely with law firms to help our clients ensure their online practices mitigate against risk and remain cutting edge.