Equifax, one of the big suppliers of credit information and credit services, said Thursday that a security breach this summer may have affected as many as 143 million people in the United States.
Let’s do the math on that pretty quickly. There are, according to recent estimates, about 325 million people in the country. So that means that about 44 percent, or nearly half of United States residents. In other words, read on, because this affects you.
“Criminals exploited a U.S. website application vulnerability to gain access to certain files,” Equifax said in a statement.
The breach, discovered July 29, exposed names, birthdates, social security numbers, addresses, and drivers license numbers, as well as 209,000 credit-card numbers and “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.
Cool. Cool, cool, cool.
Equifax’s very bread and butter is protecting exactly this information. The company completed its private investigation into the breach, and NBC News said that the FBI is actively investigating the incident with cooperation from Equifax.
CNBC notes that three Equifax execs, including the company’s Chief Financial Officer John Gamble Jr., as well as the company’s workforce solutions president and information solutions president, sold $2 million in shares just days after the breach was discovered. It’s hard not to look at that as an indicator that they knew very early how bad this breach was and took measures to protect themselves.
Don’t use static identifiers when you don’t have to
Mr. Robot, Season 1
The lesson here is that even companies that exist literally to protect our data can’t be considered reliable. Whether the breach was a result of negligence or was a result of ingenuity on the part of the intruders, a huge stash of data is now out there in the wild with tons of our personal information.
A year ago, we went into how to store and protect good passwords. One element of that comes in in the form of recovery questions. When you’re answering a recovery question, the answer will likely either be what’s called a “static identifier” or something you get to choose. Static identifiers include all the stuff above – stuff like your Social Security number, your address, and your mom’s maiden name. Stuff that isn’t going to change. Leaks like this make that information a liability. We can’t force banks, utilities, and other companies to stop asking us for our SSNs and other static identifiers, but it’s worth remembering that when we get to pick the answers to these questions, we can put in whatever we want.
It’s a small security blanket, but it’s still another way to protect yourself when breaches like this happen. With a breach of this unprecedented size, though, something will have to change. Hopefully the types of firms I mentioned above will stop relying on those static identifiers and start giving us more secure ways to identify ourselves.
For now, though, keep an eye on your accounts, your statements, and your credit score. This is some Mr. Robot-level stuff.

Add magic to your living space with these string lights
String lights add personality and soft light to your living space. Here are some of the best.

Disguise your little one with the help of a themed costume
From roaring lions to hoppy bunnies, costumes speak to every child's unique spirit. And we've collected our favorite options.

The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!

Solve all of your problems, add the perfect calculator to your life
With the right calculator, everything adds up! Whether you need a basic model or one with more advanced functions, there is a calculator that will meet your functional requirements.