What you need to know about data security.
The numbers are staggering–143 million, 1.9 billion, 211,000. And yet, they seem almost too large to fully understand the impact on an individual or a business. Or perhaps, so insurmountable that you might as well leave it up to luck.
Data breaches are not new, but the scale has risen exponentially with connectivity. As technology becomes increasingly “smart,” it only makes sense that consumers and businesses need to get smarter.
- 143 million Americans exposed in the Equifax breach1
- 1.9 billion data records breached during the first half of 20172
- 211,000 data records lost or stolen every hour3
The Equifax breach announced in 2017 affected over half of the American population. Equifax, one of the three major credit reporting agencies in the country, stores personal information for anyone who has a credit history. If you own a home, have a credit card, or pay utilities, you have a credit history.
Agencies like Equifax store data ranging from Social Security and driver’s license numbers to credit and debit card information. Once stolen, any bit of this highly personal data could be used to commit fraud. In fact, identity theft is the most common result of data breaches, a whopping 73%.3
A smart thief can use your information to open new credit accounts or access existing ones without your knowledge until you receive a bill, or worse, a notice from a debt collector. By this time, you may have piles of unpaid bills and a devastated credit history.
If only 1% of people affected by the Equifax breach were not able to buy a home because of identification fraud or other credit reporting problems, it could mean over a million fewer homes sold, about 26% of all the existing homes sold in the US last year.4
Equifax offered remediation to affected consumers, but their solution was less than stellar. Attempting to reassure consumers, they hosted a website where individuals could determine if their personal records had been compromised. The site was stripped of validity among reports of conflicting answers and fictitious or nonsensical names generating results.
The same website offered one free year of credit monitoring to consumers using a very specific enrollment process. This offer was beset with similar issues of faulty, confusing, and non-responsive performance. Consumers can still attempt to enroll until January 31, 2018.
One of the best ways to check for identity theft is to request credit reports from the three major credit reporting agencies and then look for accounts you did not open, incorrect personal information, credit inquiries from companies you did not contact, and incorrect balances on accounts.
A troubling issue with many data breaches, including Equifax, is the delay in notification. Equifax waited 41 days to alert consumers.5 In the case of the Uber breach in late 2016, consumers were in the dark for over a year, and Uber execs attempted to cover it up by paying the hackers to destroy the stolen data.5
Even more insidious, some data breaches aren’t even uncovered until well after the fact. According to many cyber experts, data breaches are inevitable, and no company can prevent them all. Waiting for an alert to pop up is not enough, as hackers become more and more skilled in their criminal activity.
Equifax did not receive any internal alerts, but they may have missed a US-CERT (U.S. Computer Emergency Readiness Team) alert about a specific vulnerability.6 Getting out in front means actively searching for threats 24/7 as well as implementing well-thought-out plans in the event of a breach, which include timely notification, quick and effective remediation, and well-coordinated follow-up with cyber liability insurance.
Protecting Your Business
The National Association of Realtors® tracks legislation and keeps members aware of current policy on data security, consumer privacy, and legal issues. Review their Cybersecurity Checklist for best practices for real estate professionals.
Congress is stepping in to assist consumers and businesses in managing cyber threats, which may offer some reassurance. In addition to a special panel reviewing the Equifax breach, the Senate is introducing two bills outlining minimum requirements for companies to follow in the event of a breach to better protect consumers.
The Consumer Privacy Protection Act of 2017 includes regulations on security and notification for companies that collect or hold data on at least 10,000 Americans with fines for failure to comply. The bill proposes a minimum of five years of remediation at no charge to consumers.
The Data Security and Breach Notification Act has been re-introduced to standardize data breach reporting across all 50 states. This bill proposes a 30-day window to report a breach and imprisonment for failure to knowingly report.
Protecting Yourself and Your Clients
- Check your credit reports once a year (it’s free at annualcreditreport.com)
- Place a credit freeze on your file so companies cannot access your credit reports, so it is harder to open new credit accounts (you need to contact each of the three credit reporting agencies directly)
- Monitor your existing credit and bank accounts closely
- Place a fraud alert on your file so companies must verify your identity before opening a new account, increasing a credit limit, or issuing additional credit cards on an account (requesting from one credit reporting agency will notify all three, lasts for 90 days, and can be renewed)
With appropriate planning and advance measures in place, you, your real estate firm, and your clients can be prepared for cyber threats or even a data breach. The odds may seem slim, but it only takes one successful attempt to cause months or years of damage.
If you suspect you are a victim of identity theft, visit www.IdentityTheft.gov. Or, if you’re having trouble with a financial product or service, submit a complaint with the Consumer Financial Protection Bureau (CFPB) or call 855.411.CFPB (2372).
This article is for informational purposes only.
1Gressin, Seena. “The Equifax Data Breach: What to Do.” Consumer Information, The Federal Trade Commission, 8 September 2017, Web. 19 December 2017.
2Gupta, Sunil. “Why Data Breaches have become regular news, and how to actively prevent them – Tech-Talk by Sunil Gupta | ET CIO.” ETCIO.com, The Economic Times, 4 December 2017, Web. 19 December 2017.
3“Data Breach Statistics by Year, Industry, More.” Breach Level Index, Gemalto, breachlevelindex.com, Web. 19 December 2017.
4Krell, Dan. “Massive data heist poses threat to housing market.” Real Estate News and Commentary, 17 September 2017, dankrell.com, Web. 19 December 2017.
5“Two Data Breach Bills Introduced in US Senate.” The National Law Review, 11 December 2017, www.natlawreview.com, Web. 19 December 2017.
6“House Panels Focus on Failures in Equifax Data Breach Investigation.” MeriTalk, 5 December 2017, www.meritalk.com, Web. 19 December 2017.