If there’s one word I’m tired of hearing, it’s the word “breach.”
If masked thugs with machine guns hold up a bank, does the news media call it a “breach?” If a burglar breaks into your house and robs you blind, do you call 9-1-1 and cry, “I’ve suffered a breach!” If some punk threatens me with a knife and takes my wallet, do I tell people, “my pants pockets were breached?” If your lawnmower chopped off your foot, would you say, “my leg has been breached?”
No, of course not. The answer to all four questions is, “no.” Why, then, when an Internet-related company is robbed by criminals and things are stolen, are we constantly assaulted, insulted and misled by press releases and news reports the company was “breached?”
It comes off as a deliberate effort to soft-peddle and downplay the seriousness of the event, similar to using the word “compromised.” To say an Internet company was “breached,” and accounts were “compromised” makes the event sound much less catastrophic than it really was, sort of like if I said Hurricane Irma “breached” the state of Florida and homes were “compromised.” I sometimes wonder if the word “breach” is purposefully used to confuse people who don’t really know what it means; they think “breaches” are what you put on in the morning before going to work.
The most unfortunate result of all this deceptive use of the English language is that people don’t take Internet security issues seriously. They hear about “breaches” and “data compromises” and think, “Oh, ho-hum, that doesn’t sound too scary, and I haven’t noticed anything wrong.” Then, the news media stops reporting the issue because it isn’t “hot” anymore, and people forget all about it.
It’s turned us into a society full of those wacky uncles we all seem to have, the ones who go around bragging about how they never wear a seatbelt while driving their car, and say, “look at me, I’ve never had a problem.” Yeah, right, pal; you don’t wear seatbelts and you’ve never had a problem — yet.
So, here we go again, the big news of the week: yet another Internet-related company has gotten in trouble, only I’m not going to call it a “breach.” I’m going to tell it like it is, with all the scary details included. Strap on your seatbelt.
Due to careless website security, credit bureau and personal data megawarehouse Equifax has been robbed by Internet criminals for the second time this year, this time in an on-going, every day robbery that lasted for almost two months. Crooks discovered a flaw in Equifax’s poorly-designed website, and used it to hack in and steal personal credit information impacting at least 143 million Americans, about half of the U.S. population.
Equifax then waited six weeks before telling anyone about the theft, giving the Internet bad guys a six-week advantage before U.S. consumers were warned they might need to protect themselves.
The stolen information included names, addresses, birthdays and, the most dangerous of all, Social Security numbers. Much of the stolen loot also included driver’s license numbers, 209,000 credit card numbers and 182,000 additional documents containing “personally identifying information.”
If your information has been stolen and used by Internet crooks, they can use it to masquerade as you, obtaining loans in your name, as well as home mortgages, bank accounts and new credit cards. They can even get a bogus drivers license based on your information and, if ever given a speeding ticket, it’s you that will carry the blame. Using your personal information, they can file with the IRS to steal your tax refund, and have your Social Security checks deposited in “your” new bank account, which they control. All this can lead to personal and financial ruin.
This is serious business, and you should take action today. Don’t be like your wacky, seatbelt-less uncle who, after years of never having a problem, has a wreck and gets thrown through the windshield.
What follows are the steps I have personally taken to abate the potential calamity that can occur. (1) Visit www.equifax.com and fill out the form to see if you are potentially affected (I was). (2) At Equifax, no matter what result you get from Step 1, go through the process of putting a security freeze on your account. (3) Sign up for the free year of credit monitoring. Forget stories you may have heard about how Equifax will charge you for any of this; they won’t.
(4) Visit the other three remaining credit bureaus (yes, there are four major credit bureaus in the U.S., not three) and freeze your accounts there, too. Forget credit “alerts,” you want a full-on freeze. The other three bureaus are Transunion (www.transunion.com), Experian (www.experian.com) and Innovis (www.innovis.com).
(5) Call your credit card company, tell them you are concerned about being a victim of the Equifax hack, and request a new credit card. They will know exactly what you mean, and will be happy to oblige. When they tell you it will take three to seven days to receive your card, ask them to expedite the process. They will send it to you overnight, for free.
You can also contact the state Department of Public Safety or Motor Vehicles department. Tell them you are concerned your drivers license information has been stolen, and ask if you can have an alert on your number and driving record.
The fallout from the Equifax hack will be with us for a long time, so you might as well get your protections in place, now. The ball is now in your court.