Data breaches are one of the worst disasters that can happen to a company. Not only is your reputation for security tarnished, but your customer’s information is now unleashed to the internet at large. This can lead to a number of worst-case scenarios, including fraud, identity theft and even stalking.
That’s why it’s so important for major organizations and corporations to keep track of customer data, and to put proper safeguards in place to ensure that users are really who they say they are when they attempt to log in. Without proper verification, anyone armed with enough information about their target could find their way into places they shouldn’t be able to access.
After the massive Equifax breach in 2017, over 145 million Americans’ data was leaked to every corner of the web — making it easy for hackers and cybercriminals to masquerade as their victims without them knowing it. In spite of this, not every platform seems to be aware of the dangers posed by the fallout from Equifax, and a number of government systems are still relying on outdated methods to verify user identity. Could this lead to even more widespread fraud?
Lessons (not) learned after massive Equifax breach
In a report released by government watchdogs at the U.S. Government Accountability Office, the group found that a number of government systems still used an outdated method of identity verification on their systems.
The method is referred to as “knowledge-based-verification,” which means that the website asks you personal questions such as your name, date of birth, Social Security number, and address to verify your identity.
Here’s the catch: Every single one of these pieces of information was leaked from consumer profiles during the Equifax data breach. As we mentioned, over 145 million profiles were accessed by the hackers — which is a little over half of the entire U.S. population!
Agencies still using the old verification systems include major names like the Department of Veterans Affairs, the US Postal Service, the Social Security Administration, and the Centers for Medicare and Medicated Services.
All of these groups rely on correct user data in order to grant login privileges, and if a cybercriminal were able to gain all the information they needed from the Equifax breach, there’d be nothing stopping them from stealing your identity.
As it stands, a number of government and non-government agencies, such as the National Institute of Standards and Technology, started advising the above organizations to stop using the outdated form of verification.
A number of senior lawmakers are already on the case as well, attempting to push for a change in digital culture for the country’s most vulnerable agencies. So far, they’ve yet to make progress on the issue.
What can be done to protect my data on these platforms?
Unfortunately, there isn’t much that can be done at this point other than close credit monitoring and caution when giving away information online. After the breach, members of Equifax suggested that those affected perform a temporary credit freeze in order to mitigate harm. However, since the breach passed in 2017, this isn’t entirely necessary anymore.
If you don’t know if you were affected in the first place, the best resource to check would be Equifax’s own unique webpage that covers the data incident and its after-effects. If you scroll down on the homepage, you’ll come across a red button that says “Am I impacted?” If you click on it, you’ll be taken to a screen where you can verify your identity with Equifax and see if you were among the consumers who were targeted during the breach.
If you did happen to be targeted, make sure to get a recent copy of your credit report. You can also potentially consider signing up for identity theft protection such as a credit monitoring service. With this, you’ll be alerted about changes to your credit report when they happen — meaning you can reverse any unauthorized transactions before they have time to stick around.
The worst thing about the Equifax breach is the fact that most people didn’t even ask to be stored in its system. As a credit reporting bureau, it had information on file for most of the country’s Social Security numbers — which made it a premium target for cybercriminals.
As for now, keep a close watch on your credit and be quick to report any changes to your account that you don’t personally recognize. You have a right to your privacy and identity, and no group of hackers (or incompetent government offices) can take that away from you.