What you should do about Equifax hack: tips from cyber security expert

Data security expert Mark Sangster, vice president of strategic marketing at eSentire, a Cambridge, Ont. cyber security company, says people should take active steps to protect themselves after the Equifax credit data breach.

'The gatekeepers had their pockets picked, and that's what's most disturbing'

Company Equifax is one of the largest credit monitoring services available. (Mike Stewart/Associated Press)

A cyber security expert is urging Canadians to take active steps to protect themselves, after a major security breach at credit reporting agency, Equifax.

The credit file data company announced this week that the information of 143 million of people in the U.S., Canada and the UK had been stolen by hackers thanks to a web vulnerability. 

Mark Sangster, vice president of strategic marketing at eSentire, a Cambridge, Ont. cyber security company, says a breach like this is particularly significant both because of its size, and the kind of information that the hackers now have access to.

"From a criminal's perspective, it's the holy grail of information to steal," he told CBC Kitchener-Waterloo.

In this case, they would have social security numbers, credit card details, driver's license information and so on —everything a criminal would need to steal a person's identity.

"Unfortunately it's the gatekeepers [who've] had their pockets picked, and that's what's most disturbing," Sangster said.

Ultimately, Sangster said, the criminals want to turn this into money so they'll sell the information the dark net.

"They have the equivalent of eBay, or Amazon [or] Kijiji," he said, "where they can list what they've stolen, and other people can buy it."

That information is then used by the purchaser, or resold.

What can people do?

Sangster urges individuals to be proactive about ensuring they have not had their information used.

Aside from contacting Equifax, a call to the fraud department at your bank and any other debt-holders can help to determine if they think you've been affected.

Pretend you're the bank, and look for those behavioural anomalies

"If nothing else, what you're doing is putting a flag on your file," said Sangster.

Banks can then use behavioural analytics to track any unusual activity on your card.

As well, he urges individuals to look at credit card and bank statements frequently, even several times a day. 

It's still unknown exactly how many people  in Canada were affected by the breach.