Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity NewsBanking/Finance/Insurance

Preventative, Corrective & Detective Ways to Protect Your Data After the Equifax Breach

By Derek Weakley
credit-cyber
October 5, 2017

U.S. credit reporting agency Equifax has confirmed that an Apache Struts vulnerability exploited in the wild since March was used to breach its systems and cause possibly one of the worst leaks of highly sensitive personal and financial information.

 

Equifax informed customers on September 7 that hackers had access to its systems between May and late July of this year. The breach affects roughly 143 million U.S. consumers: their names, Social Security numbers, birthdates and addresses and, in some cases, driver’s license numbers. What’s worse, recent reports note that Equifax waited more than two months to apply a known patch may have prevented the data breach.

 

The fallout from the breach continues: several Equifax C-suite executives have stepped down, and the Federal Trade Commission said it is investigating the data breach, and New York's Senator Chuck Schumer said the company's CEO and board should be held accountable.

 

Individuals in the U.K. and Canada are also affected, and a class action has already been initiated by Canadian consumers. All the while, identity protection providers stand to make record profits from the Equifax blunder. Some providers, such as LifeLock, actually use Equifax services as part of their core offering. This is an unfortunate relationship for those looking to avoid using Equifax or contributing to its bottom line.

 

The full impact of the breach may not be ever known, as many people will have their identities stolen or learn that credit cards were opened in their name without their knowledge. The stolen information will be used by attackers to initiate account resets via password reset/forgot password links, to “verify” identity for phone-based verifications, and overall, enable identity fraud and theft.

 

What should consumers and technology providers do to protect themselves?

 

Consumers:

There are numerous ways for consumers to minimize the impact and to protect themselves from identity theft and fraud:  

 

  • Set up two-factor authentication immediately where available, especially for email, payroll and banks, which offer two-factor authentication. It’s an extra layer of security that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately on hand. It makes it harder for potential intruders to gain access and steal that person's personal data or identity.
  • Actively monitor your credit reports (not just annually).
  • Actively and regularly monitor debit and credit accounts for unexpected transactions.
  • Consider implementing credit freezes. This is available for a small fee from each bureau. There are also fees to “thaw” frozen accounts after each occurrence, although most customers do not have a need to regularly thaw their credit report. Equifax is currently offering this service free of charge after public feedback.  Find out more (http:/clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/).
  • Set a free fraud alert at one of the following sites:
  •  
  •  
  •  
  • Notify family and friends that you may have been breached, and advise them to also take action to protect themselves.

NTT Security doesn’t recommend that you do not enter your information into any site to validate if you have been compromised, including the verification site managed by Equifax called TrustedID. The breach affects 143 million Americans, which is half of the U.S. population, so it’s safe to assume you are impacted by the breach. The TrustedID service, because it’s run by Equifax, which was breached, should be viewed with some caution at this time.

 

What Can Technology Providers or Implementers Do?

Information technology and security implementers aren’t safe from the breach either:  many of their identity verification factors are potentially compromised, as well. Technology providers and implementers should reset passwords, incorporating as many additional factors as feasible. These password reset factors should always meet or exceed the primary authentication method’s controls.

 

In addition, consider the following and additional security controls in your basic security practices:

 

Preventive

  • SMS verification (2FA).
  • Hardware/software token (2FA).
  • Email verification (2FA).
  • Automated voice verification systems (2FA).
  • Generic error messages. Do not confirm/deny an account’s existence in errors messages.
  • Time-delay between authentication attempts.
  • Adjust help desk reset procedures as necessary to incorporate new controls.
  • Inventory where and how personal information is used in your organization for identity verification.
  • Notify employees of this breach.
  • Consider disabling internet-based reset functions if not required.
  • Encrypt sensitive information at rest, including account reset questions.
  • Communicate to your clients/consumers what you are aware of the situation and monitoring things closely.
  • Plan ahead. Include a breach URL, DNS record or contact information as soon as possible. The archives of the internet will capture historical content which can help provide some assurance to site visitors in the event of a breach.

Detective

  • Consider technologies such as CAPTCHA to fend off attackers targeting large amounts of users.
  • Implement detective controls to alert on failed attempts, multiple successful resets from singular sources, and other irregular activities.

Corrective

  • Block IP addresses of suspected threat actors based upon detected activities.
  • Lock accounts suspected of unauthorized access.
  • Require administrative unlock.

 

Cybersecurity experts are calling the Equifax breach a 10 out of 10 on the catastrophe scale – with the negative consequences potentially lasting for decades, and the full impact never fully realized. This breach will impact millions of Americans and businesses for years to come. Consumers and vendors can be proactive with their personal data by implementing strong authentication methods, maximizing preventive controls and actively monitoring accounts and activity.

KEYWORDS: cyber risk mitigation data breach fraud prevention security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Derek Weakley, Manager, Information Security Architecture, NTT Security

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data-law-freepik1170x658.jpg

    Lessons learned in the five years since the Equifax data breach

    See More
  • SEC0820-Data-Feat-slide1_900px.jpg

    Lessons learned from the Equifax data breach

    See More
  • cloud-computing-freepik

    4 steps to protect your data against disaster in the cloud

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!