From mid-May through July, hundreds of thousands of people across the country were at risk of hackers accessing their personal data after Equifax — one of the nation’s three major credit reporting agencies — was breached. In that time, hackers accessed people’s names, birth dates, Social Security numbers, addresses, and even some driver’s license numbers. They stole credit card numbers and other personal information.
The breach left the information of 143 million Americans exposed, and 100,000 Canadian consumers may have had personal information breached as well. After the latest Equifax breach, an earlier breach of Equifax’s human resources and payroll service, TALX, was reported. But there is no evidence that the two incidents are related.
Equifax hired the cybersecurity company Mandiant to investigate both breaches.
Nevertheless, there are ways to protect sensitive information, even if it exists online, and that type of cybersecurity was the subject of an afternoon seminar at Thomas College on Wednesday.
Representatives from the Department of Homeland Security and the FBI made presentations at the event. However, quoting the presenters and taking their pictures were forbidden — restrictions Thomas College and the Maine State Chamber of Commerce, the two organizations hosting the event, were not told of ahead of time.
The Homeland Security and the FBI said they work together when cybersecurity threats arise, and that they cooperate on finding the motivations behind attacks, as well as identifying indicators of a potential future attack.
Frank Appunn, a professor at Thomas College who teaches cybersecurity, stressed that there is an opportunity for many organizations to work together and collaborate on protections and solutions.
Appunn talked about InfraGard, a nonprofit organization that serves as a public-private partnership between U.S. businesses and the FBI. Appunn, who is president of the Maine chapter of InfraGard, said the organization is a liaison that collaborates with others to help information flow as best it can.
“We’re trying to do all this through collaboration,” he said.
In 2016, there were more than 1,000 cyberattacks in Maine and 273 data breaches, Appunn said. To counter these instances, he said, initiatives have been launched including developing a comprehensive incident response plan, sharing cyberthreat information across governments, developing an education and exercise program to benefit entities in state, partnering between the public and private sector, and identifying state cyber resources to leverage an incident response. The goals of those initiatives are to improve cyberthreat sharing, to establish education programs and to improve coordination of that education.
Cyberthreats will only continue to grow, Appunn said. By 2020, it is estimated that there will be 20 billion electronic devices in the world. While the numbers are approaching three devices per person, Appunn said that includes babies and people on the planet without an internet connection.
Carli Carter, a junior at Thomas, said cybersecurity is intense right now so it is important to educate people. She said cybersecurity is a big and broad subject, so seminars like the one on Wednesday and any other educational opportunities can help. Knowing the consequences of doing something harmful — such as clicking on a website or reading an email that will compromise a person’s personal information — can prevent major situations, she said.
“Anything could happen, honestly,” Carter said.
The three-hour seminar began with video messages from U.S. Sens. Susan Collins and Angus King, who each spoke about the dangers surrounding hacking, cybertheft and espionage. Collins said the U.S. Department of Defense alone experiences 100,000 attempted cyberattacks a day, and that the motivation behind any such attack ranges from mischief and theft to causing mayhem.
“The recent epidemic of ransomware attacks is the latest front in an ongoing battle,” Collins said.
Ransomware is a malicious software that locks a user off his or her computer, preventing access to files. The scammers then contact the victim, demanding a ransom payment or the victim will remain locked out. This type of attack is more likely to affect bigger businesses, such as the WannaCry ransomware attack this past May that targeted computers running Microsoft Windows operating systems. The attack encrypted data and demanded ransom in the form of Bitcoin payments.
Collins mentioned the Equifax attack, saying the 143 million people targeted represented nearly half the population of the United States.
“From the hijacking of account information, to multi-million dollar thefts from large corporations, no business of any size is immune,” she said.
King said attempted hacking is a problem for everyone. He said while the United States is the most technologically advanced country in the world, the downside of that means it makes it the most vulnerable to attacks. King called cyberattacks a “serious risk” and praised seminars like the one at Thomas for being tools for education.
“You can have a lot of fancy software, but education of the workforce is an important action,” King said. That education involves deleting and not reading suspicious emails.
King said he is working on a bill to make recovery of stolen data easier and to protect the population from serious attacks.
“I believe we have to do more and develop a cyber policy, a doctrine of defense as to what constitutes a cyberattack,” he said, adding that the country’s adversaries would have to know there will be a price to pay for attempted attacks.
Colin Ellis — 861-9253
cellis@centralmaine.com
Twitter: @colinoellis
Send questions/comments to the editors.