Breaches Becoming More Common

The massive security breach last week involving Equifax Inc., is drawing more concern as ransomware, phishing and other kinds of hacking become more frequent on a small and large scale.

Around 143 million Americans — including 8 million New Yorkers — were affected in the latest massive breach with the major credit reporting agency. The breach, spanning between mid-May through July, gave hackers access to names, Social Security numbers, birth dates and credit card numbers of individuals.

The breach immediately caught the attention of New York State Attorney General Eric Schneiderman, who announced the beginning of an investigation.

“The Equifax breach has potentially exposed sensitive personal information of nearly everyone with a credit report, and my office intends to get to the bottom of how and why this massive hack occurred,” Schneiderman said.

New York law requires businesses with New York customers to inform them and the Attorney General’s Office regarding a security breach that could jeopardize personal information. The attorney general then investigates the breach to see whether customers were properly notified and if appropriate safeguards were in place to protect consumers’ data.

Schneiderman reminded New Yorkers on Monday to stay vigilant against any possible hacking and phishing attempts by cyber criminals following the Equifax breach. He’s also urging residents to think twice before clicking on any suspicious links claiming to be from Equifax or financial institutions.

“Hackers are resourceful criminals who are constantly looking to exploit any vulnerabilities, and I encourage everyone to educate themselves about how to best protect their personal information,” he said.

Those in the financial industry don’t prepare for if there’s going to be a breach, but they prepare for when there’s a breach. John Felton, CEO of the Southern Chatuauqua Federal Credit Union, said his staff is trained to give advice to members when a breach occurs.

“Usually a breach of this magnitude, what happens is this information is too hot for anyone to touch,” he said. “People who have this information are going to sit tight, in my opinion, for the next 60 to 120 days. Then they’re going to piece meal it up and sell it on the black market. No one needs to overreact right now.”

Felton said people should sign up for a credit monitoring service and look at their credit card statements to make sure charges are accurate before sending out a payment.

“They need to review their statements,” he said.

Other major companies have become victims of hacking. In November 2014, hackers released confidential data from the film studio Sony Pictures. In December 2015, a hack affected customers who frequented Target stores in the U.S. Customers’ names and credit and debit cares were targeted. Home Depot was also hacked.

With attacks on large companies also come the attacks on local systems. The Press-Republican out of Plattsburgh reported that the Schuyler County Sheriff’s Department, headquartered in Watkins Glen, was temporarily hacked. The attack ended up impacting the 911 emergency system and the ability for dispatch to get deputies to calls.

Jon DeAngelo, Chautauqua County chief information officer, said the county system hasn’t experience a major breach. He said maintaining the system supporting the work force and public safety is a 24/7 operation.

“We’re always trying to stay one step ahead of the people trying to knock down our door, which is constant,” he said.

As for the frequent attacks on individuals at home, DeAngelo said hackers are targeting those who aren’t educated computer users.

“People get things like ransomware and email phishing that look innocent and look like it’s from a boss or company they know,” he said. “Hackers are doing a better job at targeting humans.”

In the fallout of the Equifax breach, consumers are told to consider placing a credit freeze on their files. A credit freeze makes it harder for someone to open a new account.

Since Social Security numbers were affected, the Attorney General’s Office says there’s risk of tax fraud. Tax identity theft happens when someone uses a Social Security number to get a tax refund or a job. People are being told to consider filing taxes early and pay close attention to correspondence from the IRS.