The Wall Street Journal just reported that Credit-reporting company Equifax Inc. disclosed Thursday that hackers gained access to some of its systems, compromising the personal information of about 143 million U.S. consumers. OUCH.
"Equifax said an internal investigation revealed hackers exploited a vulnerability in a U.S. website application to gain unauthorized access to files from mid-May through July. The company, however, said it hasn’t found any indication that its “core consumer or commercial credit reporting databases” had been comprised.
"The company, which offers also offers credit-monitoring and identity-theft protection products to guard consumers’ personal information, said it discovered the breach on July 29. Equifax said it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review."
One more reason to expect phishing emails with credit-card related themes, which are sometimes very hard to resist because money is at stake. Training employees at the house and in the office to correctly spot social engineering red flags (PDF) is simply a must. The link to the PDF is a free job aid you should download and send to all your employees as part of your security awareness training program.
Even more fun about this. The monitoring company they’re offering services from they own, their terms were updated on Sept 6th, and it includes a forfeiture of your rights to sue Equifax. Never mind that it took them 3 months to disclose the breach and their execs are under fire for selling off stock 3 days after the company found out about it.