R&K Blog
In early September, it was revealed that there had been a major data breach at Equifax, one of the nation’s three major credit reporting agencies. The breach, which took place from mid-May through July, affects 143 million Americans and over 8 million New Yorkers. During the breach, hackers gained access to names, Social Security numbers, birthdates, addresses and, in some cases, driver’s license numbers and credit card numbers.
While most assume Equifax’s massive data breach is solely an issue for consumers, it’s important to consider that many small businesses’ credit activity is under the name of business owners. Therefore, businesses that use personal credit cards and/or maintain debt in the name of an individual are also at risk for cybersecurity and identity theft attacks.
How can I protect myself and/or my business?
The first step, according to the Federal Trade Commission, is finding out if your information was exposed to the hackers and – whether exposed or not – enrolling in a year of free credit monitoring and other services from Equifax’s cybersecurity support. Consumers and business owners, alike, should be cognizant about protecting their credit cards and bank accounts, and cautious about clicking any links that may be phishing attempts from the cybercriminals responsible for the breach. These recommendations should be distributed to all employees, as to avoid phishing incidents in the workplace.
The FTC also recommends affected individuals take the following steps:
What comes next?
In New York State, Governor Andrew Cuomo released regulations that subject credit reporting agencies, including Equifax, Experian and TransUnion, to the same rules as banks and insurances companies. This effort to protect consumers will require these companies “to register with the state’s Department of Financial Services, whose superintendent will have broad powers to deny or revoke their authorization to do business in the state, or to sue, if a company fails to comply or engages in prohibited practices deemed unfair, deceptive or predatory,” explains The New York Times. Companies that fail to comply would be barred from compiling consumer reports and collecting fees for their services. The new regulations, which are expected to be adopted within 60 days, will require credit reporting agencies to register by February 1 annually.
Under these new regulations, credit reporting agencies will be required to comply with the cybersecurity regulations recently adopted by financial services providers, including implementation of programs for protecting consumer data, appointment of chief information security breaches and reporting of all security breaches to the regulator. Governor Cuomo hopes, and we expect, other states will soon follow suit to replicate the regulations across the nation.
Will this happen again?
The most recent Equifax breach was the second cybersecurity incident to impact the credit reporting agency in this year alone. Two months prior, during the 2016 tax season, Equifax experienced a separate and unrelated attack involving a payroll-related service. Cyberattacks of this magnitude are often highly sophisticated, and thus, hard to predict. As a consumer or small business owner, it’s critical to follow recommendations from the FTC, should a similar episode occur.
If your business manages confidential client information, it is crucial that your company has the best available cybersecurity insurance in order to avoid a debilitating situation. Speak to us about risk management solutions that can help protect your company from cyberattacks and help you to meet the protection requirements customers need.