KUSA - There’s a reason why people are kind of freaking out.
About 143 million U.S. consumers could be impacted by a cybersecurity attack against Equifax, a credit reporting company. An estimated 209,000 credit card numbers were stolen, plus certain dispute documents with personal identifying information for some 182,000 consumers.
Our viewers had a lot of questions, so we brought in Dr. Steve Beaty with Metro State University’s computer science program.
You can read some of his answers to questions we got on Facebook below:
Equifax says that its credit reporting site wasn’t affected, but criminals exploited vulnerability on a U.S. website application. What does that mean exactly?
So websites are run on software and software has bugs, so what they were able to do … I assume at this point … was break into it without having a password and then download the [account information] for 143 million people through that. So, it was a vulnerability in the pre-existing software.
Why did they wait two months to tell us? Will Equifax be responsible for the money lost and those affected?
In general, Equifax won’t be responsible for it. Your own credit card company is also on the hook for the fraud.
There are laws in each of the states and federal laws as to how long a company has to report any sort of breach.
How are they going to bring out credit card scores back up if they dip because of the hack?
I don’t believe it will be a seven-year waiting period. I think essentially because it’s just one of the big three, you will have an opportunity to fix it.
Up to this point, we haven’t actually seen any fallout of the particular breach, at least as far as we know. So at this point, it doesn’t appear that anybody’s data has been used to reduce anybody’s credit score.
A 9NEWS viewer says their eight and 10-year-old boys came up at potentially impacted. Do they really have information on minors?
I think that is a concern. I’d be very concerned if children actually ended up being part of this breach.
I’d urge caution since there are a number of sites saying they are related to this particular breach and the truth of the matter is there’s only one site that you can look at this point and trust and that’s equifaxsecurity2017.com.
There are going to be a lot of people phishing, piling on and trying to take advantage of people, so I would urge some conservatism. Wait for a little while to see how things shake up.
Is it true if you sign up with Equifax to receive this information, you have to agree not to sue them?
It is true. Part of the signup procedure is that you are agreeing not to sue them, not to be part of a class action suit, and they will monitor your credit for one year through one of their subsidiaries.
So it’s all sort of playing together here, and again, I would urge people to slow down. You can monitor your own credit just fine.
There are concerns about this breach, but I would let it shake out for at least a week and see how people are going to exploit this data.
You can see a full Facebook Live with Beaty below:
Can’t see the video? Click here: http://bit.ly/2wOVbBq
© 2017 KUSA-TV