Equifax breach: what’s next?

The mas­sive data breach im­pacted nearly half of all Amer­i­cans, and credit unions will now need to be on guard for a va­ri­ety of fraud types that could arise as a re­sult.

Credit Union Journal - - Front Page - BY RICHARD GAL­LAGHER

THE WORLD OF iden­tity theft shifted a bit on Sept. 7, when news broke that hack­ers had in­fil­trated the Equifax con­sumer database. It’s es­ti­mated that ap­prox­i­mately 143 mil­lion con­sumers were af­fected. This means vi­tal in­for­ma­tion such as names, dates of birth, So­cial Se­cu­rity num­bers and credit card in­for­ma­tion could po­ten­tially be up for grabs. And while it’s sober­ing to think that all of this data could be sold to the high­est bid­der, the re­sponse by Equifax seemed to fur­ther com­pli­cate the mat­ter.

The web­site, www.equifaxse­cu­rity2017.com, was set up by the credit bu­reau to as­sist con­sumers with as­cer­tain­ing whether or not their in­for­ma­tion had been com­pro­mised. How­ever, the of­fi­cial Equifax cor­po­rate Twit­ter ac­count redi­rected con­sumers to a fake phish­ing site for a while be­fore the tweets were no­ticed and re­moved. Once the mis­take was re­al­ized by Equifax, the phish­ing site was taken down. It was a step by an engi­neer to bring per­spec­tive to the is­sue of just how dan­ger­ous and un­nerv­ing the se­cu­rity breach is.

And while it seems that those sit­u­a­tions have been rec­ti­fied, the po­ten­tial is still very real for the se­cu­rity breach to af­fect your credit union. Be on the look­out for mem­ber­ship du­plic­ity. It can hap­pen very eas­ily. Here are two sce­nar­ios.


Once an iden­tity thief has some­one’s vi­tal in­for­ma­tion, they could eas­ily ap­proach your credit union and pre­tend to be one of your mem­bers. They might try to ap­ply for an auto loan or credit card, or go straight for the big score and take out a home loan. Any one of these sit­u­a­tions could spell dis­as­ter for your credit union and cre­ate a huge mess for your mem­bers.

Stop for a mo­ment and con­sider the dif­fer­ent ways an iden­tity thief can take ad­van­tage of your credit union. Many in­sti­tu­tions of­fer on­line loan pro­cess­ing. An iden­tity thief could ini­ti­ate the loan process on­line, then come in later to fi­nal­ize the pa­per­work and have in­stant ac­cess to funds. The best way to pre­vent this type of sce­nario is sim­ple: Your staff needs to be vig­i­lant but not sus­pi­cious. Re­ly­ing on the pre­pon­der­ance of data (from all re­li­able sources) to ver­ify true in­tent is cru­cial. This could pre­vent an iden­tity thief from run­ning straight to the goal line with stolen in­for­ma­tion.

Credit cards are a bit trick­ier. Usu­ally, a mem­ber can ap­ply for those on­line with no for­mal ver­i­fi­ca­tion re­quired. It might be a good idea to ver­ify that your mem­ber did in­deed fill out a credit card ap­pli­ca­tion be­fore a new ac­count is es­tab­lished. Credit cards will be easy bait for iden­tity thieves if they have all of your mem­ber’s vi­tal in­for­ma­tion. All they have to do is fill in the on­line blanks and hit the sub­mit but­ton.

An­other po­ten­tial worst case sce­nario might in­clude a du­plic­i­tous “mem­ber” open­ing an­other ac­count type, only to gain ac­cess to funds ex­ist­ing in al­ready es­tab­lished bona fide ac­counts. This, in time, could end up be­ing the more dis­as­trous sce­nario.


Of course, most iden­tity thieves will be a bit savvier. The eas­i­est thing for them to do is to sim­ply go to an­other credit union and es­tab­lish them­selves as a mem­ber. Once they have a new ac­count, they can then avail them­selves of all the new ser­vices that par­tic­u­lar credit union has to of­fer, in­clud­ing loan prod­ucts and credit cards. This is where dili­gence is re­quired. Mem­ber du­plic­ity can be hard to stop, but is some­thing that you sim­ply have to be on the look­out for as this will be a very real threat for the time be­ing.

The cur­rent state of af­fairs is as deep as it is wide. There could be wide­spread iden­tity theft as a re­sult of the Equifax breach or there could

“Staff needs to be vig­i­lant but not sus­pi­cious. Re­ly­ing on the pre­pon­der­ance of data (from all re­li­able sources) to ver­ify true in­tent is cru­cial.” – Richard Gal­lagher

be very lit­tle. Your credit union has the po­ten­tial to be im­pacted a great deal, or the re­sult could be zero.

This is the hard truth as it cur­rently stands.


This is one of those sit­u­a­tions where a great of­fense is bet­ter than a good de­fense. Now is the time to be proac­tive and look at your pro­cesses. Make sure cur­rent pro­cesses are se­cure and there are mea­sures in place for ver­i­fi­ca­tion to pre­vent fur­ther dam­age.

We have the forms process and prod­ucts cov­ered. How­ever, we can’t stop iden­tity thieves from try­ing to es­tab­lish them­selves at your credit union with some­one else’s in­for­ma­tion. Be dili­gent — ver­ify and au­then­ti­cate ev­ery­thing as much as you can be­fore pro­cess­ing. This will min­i­mize the im­pact and en­cour­age them to re­move your credit union as a tar­get. In the grand scheme of things, the Equifax data breach serves to un­der­score the times we live in.

Cy­ber­at­tacks are the new Wild West for all busi­nesses and iden­tity theft is al­ways a threat. It’s not un­re­al­is­tic to con­sider that this could be done by mul­ti­ple of­fend­ers at mul­ti­ple credit unions. Some­where in be­tween the worst case sce­nario and the best (zero iden­tity theft), is the re­al­ity of things. Know­ing what to look for when a ma­jor data breach oc­curs is the best way to keep you pro­tected in the long run.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.