Large breaches have become such a fact of everyday life for the past few years that it’s easy to pass off the Equifax breach last September as just another in a long string of bad security news. But make no mistake about it: this was a huge breach that will take several years to sort out.
When the dust settled earlier this year, Equifax finally disclosed that 147.9 million people were affected in some way. Sensitive personal information was stolen, including the names, Social Security numbers, and dates of birth of the victims, as well as phone numbers, email addresses, and genders.
George Avetisov, CEO of HYPR, says while the breach itself caused great harm, rank-and-file consumers and companies not directly affected by the Equifax breach are still at risk because all that personal data still resides on the Dark Web and can be used for future account fraud, synthetic identity attacks and credential re-use.
"We know how many consumers had their data stolen," Avetisov says. "But it's difficult to quantify the impact, as we may never know the full extent of the account fraud and credential re-use that will stem from the Equifax breach for years to come."
Avetisov and other experts say companies must do all the security hygiene basics: such as more patching more effectively, deploying encryption and tokenization, and above all, taking better care of their data.
"Companies have to start treating data as something of value," says Brian Vecci, technical evangelist at Varonis. "Start by turning on the lights and finding what data you have."
In putting together this slideshow, we talked to Avetisov and Vecci; Julie Conroy, research director for Aite Group’s Retail Banking practice; and Peter Firstbrook, a research vice president at Gartner who focuses on security.