On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.
ASU Now spoke with Jamie Winterton, director of strategy in ASU’s Global Security Initiative, to learn more about why breaches are so common and what impacts consumers face as a result.
Question: Data breaches have become so common. Should consumers consider these instances to be a new normal?
Answer: I wish I could say no, but, unfortunately, data breaches are a fairly common event. And the numbers are staggering. The Equifax breach affected 134 million people — that’s almost half the population of the U.S.
Perhaps more concerning is that consumers aren’t always notified immediately when their data has been compromised. Equifax mentioned in the press release that the files were accessed sometime between mid-May and July, through an unspecified web-based vulnerability. So, several months passed where an affected individual’s data could’ve been used for identity theft.
Q: What kinds of challenges exist for cybersecurity professionals who are trying to stay a step ahead of hackers?
A: Hackers are incredibly creative — there’s a saying that “red team only has to be right once.” This means that, for all the security protections a company takes, a hacker just needs to find one vulnerability to exploit. Staying on top of all the potential methods of attack is one challenge.
Another challenge is that companies often don’t prioritize cybersecurity until it’s too late. We’re still too vulnerable to known methods of compromise. We don’t yet know the exact methods that the Equifax hackers used, but most often, hackers compromise a network by exploiting known security issues in the system. It’s very unusual that a hacker will have to use a brand-new method of breaking in (also known as a “zero day”). It can be difficult for information security professionals to keep security at the top of the list, when there are so many other pressing business needs for a company to address.
Q: Equifax has created a website to help consumers determine whether their information has been comprised and is offering identity theft protection. Is there anything else consumers can actively do to prevent damage in these situations?
A: First, never use any personal data in your passwords. Too many people still use their date of birth, middle name or some combination of information that is easy to reconstruct from these breaches. Identity theft protection is a good idea, especially if you’ve been breached — it won’t stop someone from using your data, but it will alert you to suspicious activity, like loans being taken out in your name, or unusual credit card activity. Finally, be aware of things like your credit score and credit history. The longer it takes to find malicious activity, the longer it takes to recover.
More Science and technology
'Leap into the unknown' brought newly named Regents Professor to ASU
The plane landed at Chicago’s O’Hare International Airport and Meenakshi Wadhwa stepped into the terminal. She was 21 years old…
ASU provides fertile ground for anthropologist to thrive
Alexandra Brewis believes that anthropology should be an active part of any good life. “It is the broadest and the deepest of…
Sara Brownell named among inaugural Charter Professors
Sara Brownell, President’s Professor in the School of Life Sciences and Center for Biology and Society at Arizona State…