By now, you are well-aware of the Equifax data breach affecting 143 million people whose personal information and sensitive data were potentially exposed. The event is being reported as the “largest ever recorded” compromise of social security numbers.1
According to Equifax: the breach lasted from mid-May through July with hackers accessing names, social security numbers, birth dates, addresses and, in “some instances,” driver's license numbers. Credit card numbers were stolen for approximately 209,000 people and dispute documents with personal identifying information for about 182,000 people.2 Though most of the personal information stolen was for U.S. citizens, some UK and Canadian accounts were accessed too.
At this point, we do not know the full extent of the hack or what the hackers intend to do with the compromised information.
Until the full extent of the attack is understood, there are some steps you and your staff can take as precautions to help combat the potential increase in identity fraud:
- Because most of the private data compromised were social security numbers and drivers’ license numbers, be extremely cautious of any transaction or procedure that relies on that data for identification or verification.
- Increase oversight for wire transfer or other transaction requests.
- Require an authentic wire transfer agreement with the customer prior to any wire transfer.
- Enforce your bank’s verification procedures. Allow no exceptions.
- Use out-of-band, multi-factor authentication procedures to verify every request.
- Increase oversight when processing or reviewing new credit card accounts or loan applications.
- Be skeptical of remote attempts to change existing account information, such as addresses, email, telephone contact numbers, etc.
- Be extra vigilant for social engineering scams.
- Be prepared to answer questions from customers regarding account security and your bank’s policies and procedures for handling personally identifiable information; steps customers can take to minimize their own risk (monitoring accounts, freezing credit, filing taxes early, etc.); and resources available to victims, like services offered by Equifax, free credit reports, and information from ftc.gov/idtheft.