Recently, credit monitoring company Equifax was the victim of a
serious software vulnerability that exposed the Social Security
numbers and other sensitive information for approximately 143
million Americans. This major data breach has caused an uproar
regarding the possibility of widespread identity theft. Equifax
discovered the hack on July 29 but waited until Sept. 7 to warn
consumers. The reasoning behind the public delay is done
oftentimes to allow U.S. authorities to investigate the breach
further while pursuing the attackers. Further analysis revealed
that consumers’ files were accessed between mid-May and July of
this year.

Equifax’s system security lapse could be the largest data theft
involving Social Security numbers, which is one of the most
common methods used to confirm a person’s identity in the
United States. Equifax’s breach overshadows the 2015
hack of health insurer Anthem Inc
. that involved the Social
Security numbers of about 80 million people.


Equifax hack (Image:


What can be done with the stolen data?


The data stolen by the attackers can be for malicious activity
through the
dark web
(a.k.a. Black Market). The attackers will attempt
to use this information illegally by:

  • Re-selling victim data to the highest bidder.
  • Using the data to update existing, already stolen records
    for individual consumers that get bought and sold by cybercrime
    data brokers.
  • Selling the stolen data to nation-states, which helps them
    build better records on potential individuals for recruiting,
    blackmailing, and intelligence-gathering purposes.


How did the breach occur?


The cause of the Equifax breach is largely believed to have
been caused by a successful exploitation of a vulnerability
found in the open source software Apache Struts. Apache Struts
is a framework used by many top organizations to develop web
applications. This list includes websites for airlines, car
rental companies, e-commerce, nonprofit organizations, social
networks, and government agencies. Apache Struts is a widely
used platform which runs on Java.

The vulnerability in question has been known around the
cybersecurity community since March 2017. An attack against
this vulnerability can allow the attacker to send a specific
HTTP requests (typing commands in the address bar) that contain
special syntax in order to take advantage of a system that is
not up to date. Once the attack is successful, the hacker can
use further commands to take over the web server, which allows
the theft of database/ application credentials in order to
exfiltrate (steal) data from the targeted web server.


How can you protect your credit post-Equifax


Continue to check your credit

Since the Equifax breach happened about three months ago,
review your credit report to make sure that no suspicious
activity is taking place.

Freeze your credit

Freezing your credit is a great preventative measure. Anyone
who attempts to use your credit to open an account would have
to use a PIN number that you have created. If you’re not
planning on making any big purchases soon or opening any new
credit accounts, freezing your credit will benefit you.

Set up Fraud alerts

Setting up a fraud alert may become a hassle while using your
credit but it can keep you protected. If anyone attempts to use
your credit illegally, that particular company will have to
verify your identity before an account can be opened in your

Make it a point to keep an eye on your taxes

It is important to keep a close eye on your credit activity
because it is possible that someone could use your personal
info to file false tax returns to get a tax refund. If this
fraudulent activity happens when you attempt to file your
taxes, the IRS will provide you with a message stating that
your taxes have already been filed. Keeping a close watch on
your credit will limit the chance of this type of activity
happening to you. If possible, file your taxes as early as

To verify if you have been affected by the recent security
breach, contact Equifax.