The Equifax Breach One Year Later: 6 Action Items for Security Pros

The Equifax breach last September was the largest consumer breach in history. We talked to experts about lessons learned and steps companies can take to prevent and minimize future breaches.

Steve Zurier, Contributing Writer, Dark Reading

September 10, 2018

7 Slides

Large breaches have become such a fact of everyday life for the past few years that it’s easy to pass off the Equifax breach last September as just another in a long string of bad security news. But make no mistake about it: this was a huge breach that will take several years to sort out.

When the dust settled earlier this year, Equifax finally disclosed that 147.9 million people were affected in some way. Sensitive personal information was stolen, including the names, Social Security numbers, and dates of birth of the victims, as well as phone numbers, email addresses, and genders.

George Avetisov, CEO of HYPR, says while the breach itself caused great harm, rank-and-file consumers and companies not directly affected by the Equifax breach are still at risk because all that personal data still resides on the Dark Web and can be used for future account fraud, synthetic identity attacks and credential re-use.

"We know how many consumers had their data stolen," Avetisov says. "But it's difficult to quantify the impact, as we may never know the full extent of the account fraud and credential re-use that will stem from the Equifax breach for years to come."

Avetisov and other experts say companies must do all the security hygiene basics: such as more patching more effectively, deploying encryption and tokenization, and above all, taking better care of their data.

"Companies have to start treating data as something of value," says Brian Vecci, technical evangelist at Varonis. "Start by turning on the lights and finding what data you have."

In putting together this slideshow, we talked to Avetisov and Vecci; Julie Conroy, research director for Aite Group’s Retail Banking practice; and Peter Firstbrook, a research vice president at Gartner who focuses on security. 

About the Author

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights