Up to 143 million people have had their private data exposed in one of the worst data breaches in recent history — and many Penn students may not even know that they were affected.
Equifax, a credit-reporting agency, announced on Sept. 8 that the names, birthdays, social security numbers and even credit card numbers of customers were hacked in late July. Then, on Sept 20., The Verge reported that Equifax had been mistakenly directing customers concerned about this date breach to a fake phishing site.
College senior Christopher J. D’Urso is the president and founder of Penn CASE, a student run customer advocacy group on campus. D’Urso said that while it's unfortunate that Equifax isn’t doing more to help consumers, it’s important for Penn students to be vigilant and protect their data.
“[Equifax] put out a national press release, and that’s all they plan on doing,” he said. “Actively monitoring all accounts and being vigilant can significantly mitigate the chance of being a victim."
College senior Lacy Wright, the vice president of campus initiatives at Penn CASE, said that while Equifax has set up a for customers to check if their information was potentially leaked, they haven’t contacted affected consumers individually.
“The sad thing is that’s half of all Americans, and most of them don’t even know it,” she said. “Equifax is not reaching out to people, so it is important to be an informed consumer.”
D’Urso said he recommends affected students enroll in TrustedID Premier, Equifax’s credit monitoring service, and put a credit freeze on their files.
Wright said Penn CASE members are also willing to talk to affected students about what they can do to protect themselves.
“Any one of our members is always willing to sit down with you and help direct you to where the best resources are,” she said.
Peter Conti-Brown, a professor of legal studies and business ethics in the Wharton School, said there is no publicly confirmed knowledge about who might have caused the breach.
“We don’t know. We have rumors and speculations. Equifax isn’t sharing that information,” he said.
Conti-Brown added that Equifax has previously been warned of security vulnerabilities, but lied about patching them. Equifax only disclosed the hack to customers six weeks later and after high-level executives had already sold off their shares. He also said that if victims want to accept Equifax’s credit monitoring services, they have to waive some of their legal rights.
Conti-Brown added that there was almost nothing in Equifax’s response to the scandal that has been impressive.
“Equifax mishandled nearly every aspect of this crisis; before, during and after it occurred,” he said.