On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.
ASU Now spoke with Jamie Winterton, director of strategy in ASU’s Global Security Initiative, to learn more about why breaches are so common and what impacts consumers face as a result.
Question: Data breaches have become so common. Should consumers consider these instances to be a new normal?
Answer: I wish I could say no, but, unfortunately, data breaches are a fairly common event. And the numbers are staggering. The Equifax breach affected 134 million people — that’s almost half the population of the U.S.
Perhaps more concerning is that consumers aren’t always notified immediately when their data has been compromised. Equifax mentioned in the press release that the files were accessed sometime between mid-May and July, through an unspecified web-based vulnerability. So, several months passed where an affected individual’s data could’ve been used for identity theft.
Q: What kinds of challenges exist for cybersecurity professionals who are trying to stay a step ahead of hackers?
Jamie Winterton
A: Hackers are incredibly creative — there’s a saying that “red team only has to be right once.” This means that, for all the security protections a company takes, a hacker just needs to find one vulnerability to exploit. Staying on top of all the potential methods of attack is one challenge.
Another challenge is that companies often don’t prioritize cybersecurity until it’s too late. We’re still too vulnerable to known methods of compromise. We don’t yet know the exact methods that the Equifax hackers used, but most often, hackers compromise a network by exploiting known security issues in the system. It’s very unusual that a hacker will have to use a brand-new method of breaking in (also known as a “zero day”). It can be difficult for information security professionals to keep security at the top of the list, when there are so many other pressing business needs for a company to address.
Q: Equifax has created a website to help consumers determine whether their information has been comprised and is offering identity theft protection. Is there anything else consumers can actively do to prevent damage in these situations?
A: First, never use any personal data in your passwords. Too many people still use their date of birth, middle name or some combination of information that is easy to reconstruct from these breaches. Identity theft protection is a good idea, especially if you’ve been breached — it won’t stop someone from using your data, but it will alert you to suspicious activity, like loans being taken out in your name, or unusual credit card activity. Finally, be aware of things like your credit score and credit history. The longer it takes to find malicious activity, the longer it takes to recover.
More Science and technology
Podcast explores the future in a rapidly evolving world
What will it mean to be human in the future? Who owns data and who owns us? Can machines think?These are some of the questions…
New NIH-funded program will train ASU students for the future of AI-powered medicine
The medical sector is increasingly exploring the use of artificial intelligence, or AI, to make health care more affordable and…
Cosmic clues: Metal-poor regions unveil potential method for galaxy growth
For decades, astronomers have analyzed data from space and ground telescopes to learn more about galaxies in the universe.…