Yesterday, one of the three major credit bureaus in the U.S., Equifax, announced a data breach that could affect 143 million people, which is nearly half of the country’s population. As this news spreads like wildfire, we wanted to provide the LastPass community with a summary of the news and recommend steps for protecting your personal information.
Equifax discovered the data breach in on July 29. They found that personal information, including names, birth dates, social security numbers, addresses, credit card numbers, and possibly driver’s licenses were part of the leaked data. The initial investigation revealed that attackers exploited an application vulnerability that allowed them to access files with the personally identifiable information.
The credit reporting firm is now notifying all impacted customers by mail and continuing to work with both private and public investigators. While the majority of impacted consumers are in the U.S., Equifax said that a portion of UK and Canadian consumers are also affected.
In addition, Equifax created a website – www.equifaxsecurity2017.com – the allows consumers to determine if they’re impacted by the breach and learn more about the incident.
How This Compares to Other Breaches
Unlike the Yahoo, LinkedIn, and other breaches we’ve seen so frequently over recent months and years, the current belief is that passwords did not play a role in the initial breach. It appears this breach occurred as a result of a vulnerability in the Equifax website, not via a stolen password or credential, and is likely due to an outdated security patch that Equifax failed to update.
Your LastPass account is not impacted by this incident. Regardless of the cause, there are steps you should take to protect your personal information if it’s been breached.
What You Can Do Now
Start by visiting the Equifax security site to determine if you’re impacted by the breach, but don’t stop there. Here’s what else you should do to secure any information that’s potentially leaked, and protect from future incidents:
1. Sign up for credit monitoring: You may already have credit monitoring, whether it’s through your credit card company or a credit monitoring firm. Credit monitoring means that future account fraud and identify theft attempts will be noted, and immediately brought to your attention.
2. Freeze your credit files: Make sure you’ve signed up for credit monitoring before you freeze your credit. Once you freeze it, you will not be able to sign up for the monitoring to be notified of any unauthorized changes that could occur if your information has been stolen.
The benefit to freezing your credit in this scenario is that it prevents anyone – authorized or unauthorized – from applying for credit in your name. In the wake of the Equifax news where many of us are unsure who has our personal information, these steps will block any and all activity. It also protects your credit score as each inquiry impacts it overall.
To do this, you have to contact each of the credit monitoring firms directly (here are the direct links: Experian, TransUnion, Equifax, and Innovis) and request the freeze. It can take some time (and sometimes a small fee) but in this scenario, this is a step we highly recommend. When you freeze, each firm will give you a pin code to use when you want to unfreeze. Store each pin in a note in LastPass for simple, secure access when you want to unfreeze it.
3. Monitor your bank and credit cards: Easily overlooked in a world where everything happens online and we take it for granted that nothing has gone wrong. Your bank and credit cards should be notifying you of suspicious activity but small transactions may fly under the radar. Especially after a breach like this, it’s important to take note of what’s going on with your accounts.
4. Keep up your strong password behavior: Your passwords are the gatekeepers to everything you do online, whether it’s your bank account, 401(k), or your step-tracking app. Unauthorized access to any of these could be detrimental, and using long, strong, unique passwords for every single account and storing those in a password manager like LastPass is a very good step toward securing your personal information and identity.
As always, security is our top priority here at LastPass and we know it’s very important to you, too. Whether the news is directly related to passwords or otherwise, we want our community to be as informed as possible and know how to protect your personal information.