I spent six months working with a team of producers at Spoke Media investigating the Equifax hack for our “Breach” podcast, and I learned a lot about the cascade of errors that led to what many call the most important hack in history.
Now I’m sharing my tips so you can survive it―and prepare for the next one.
When Equifax was hacked in 2017, a lot of people called it the Big One. It affected nearly 150 million people—that’s more than half the U.S. adult population. And criminals got the goods: Social Security numbers, driver's license numbers, addresses.
It's not an overstatement to say that the Equifax hack really has changed the public conversation around privacy and technology, but I think something even deeper has occurred. We’ve awoken to a scary new reality of how money is made in our time.
The popular saying holds true: "If you aren't paying for the product, you are the product." That lets you know why you should be wary of cute "free" flashlight apps for your phone or games your kids use. And understanding that your data is raw material for profits takes this notion one step further. Your data is a (nearly) free resource, ripe for abuse.
Plenty of conversation is afoot to change that. There's talk of a U.S. version of Europe's privacy law, GDPR, which would put firms that misuse information at risk of steep fines. Such rules will likely be slow in developing, however.
In the meantime, you can heed lessons from the Equifax story and take some steps to protect yourself now.
A credit freeze locks down your file, making it tougher for anyone—including you—to open new lines of credit in your name. (You can temporarily unlock your file when you do need to obtain new credit.)
Mandating that credit reporting companies implement such freezes for free is the one concrete step Congress has taken since the Equifax hack to empower consumers. Take advantage, and freeze your report at all three nationwide credit bureaus—those are Equifax, Experian, and TransUnion. Instructions can be found at the Federal Trade Commission’s website.
Obtain free copies of your credit reports each year at AnnualCreditReport.com—you’re entitled to one from each of the three major credit reporting companies. But that’s not the whole picture. You also have dozens, maybe even hundreds, of specialty credit reports. They track your insurance claims, or your check-writing habits, or even your criminal record.
Bob Sullivan with cohost Alia Tavakolian of Spoke Media, recording “Breach.” (Photo provided by Bob Sullivan.)
We chased after dozens of these for a willing podcast volunteer, and one such report indicated (incorrectly) a felony conviction for drug dealing. Here's a list of specialty reports from the Consumer Financial Protection Bureau.
The fact is, everybody says they use state-of-the-art security—and breaches still happen. So, operate under the assumption that your data might get hacked. Make a fuss when asked for your data (especially sensitive details like your Social Security number), and say “no” any time you can.
In hacker lingo, you want to limit your attack footprint as much as possible. The fewer companies that have your data, the lower your odds that you’ll be hacked.
More from Grow:
When a company announces a breach, look beyond the first headlines. Details of the hack often worsen as the investigation progresses. You might initially think you’re in the clear, only to find out later that you’re affected—or discover that more of your personal information was compromised.
One of the unnerving things about breaches is that victims don’t always feel the impact immediately. As CNBC recently reported, there is no evidence a flurry of ID theft occurred in the wake of the Equifax hack. That’s not good news.
Whoever stole the data is sitting on it for some larger purpose. Cybersecurity experts say a nation-state or large organization is likely hoarding it with plans to use it for intelligence purposes. Gartner analyst Avivah Litan says she believes the Equifax data is being matched with other large stolen data sets to create digital dossiers on American citizens to be used by our enemies.
It’s unlikely we’ve heard the last of the Equifax hack.