The Equifax Breach: What's Next

The Equifax Breach: What's Next

By: Tim Prugar

Yes the Equifax Breach is Bad, Really Bad...

With the Social Security numbers, birth dates, addresses and driver’s license numbers of over 140 million customers exposed in the recent Equifax breach, many are anxiously waiting for the next shoe to drop.

Whoever carried out the attacks, whether it was a hostile government or criminal enterprise, hit the proverbial fraudster lottery.  To make matters worst, Equifax disclosed the hack more than a month after it took place, giving bad actors a head start before consumers and organizations look to shore up vulnerabilities.

As it stands, it looks like 44 percent of the population may be affected.

Fraud is Coming, No Question

Account Takeover

You can bet that this is already taking place, most likely through the phone channel. With mild social engineering (most likely through social media), fraudsters have the information they need to pass any KBA processes. By spoofing calls to customer service agents, fraudsters can pose as the person whose information they possess and take over accounts. Identifying these spoofed calls will be a critical security measure.

Synthetic ID Fraud:

For many bad actors the risk of an account takeover is too great. And why take that risk when you can build a personality with the breached information and have access to massive lines of credit? The amount and type of information that was leaked will allow fraudsters to not just bypass, but pass credit checks and begin the process of building completely reputable synthetic IDs.

Mobile Phone Account Takeover:

In the world of 2Factor Authentication, the mobile channel is seen as a safe place to send sensitive authentication codes. Bitcoin, Google, Social Media, even Bank transactions. Look for fraudsters to use the acquisition of SSNs and other PII to commit account takeover at the mobile phone level. Again, having this information allows access to port numbers onto new devices, to set up call forwarding, or order massive amounts of handsets for resale.

What You Can Do to Protect Yourself

While things are looking pretty grim at this point, being watchful is your best bet. Keep a close eye on your finances and your mobile phone accounts. You should be actively monitoring your credit card statements and credit reports. Check for unknown purchases on your statements and notifications on your credit report to see if new credit applications have been filed on your behalf.

Tim Prugar is the VP of Operations at Next Caller. He can be reached at tim@nextcaller.com.