The full consequences of one of 2017’s biggest cyber breaches have yet to be realized. When hackers stole the social security numbers of 143 million US citizens from Equifax, it was hailed as one of the worst data breaches in US history. Other cyber attacks may have taken the headlines since, but the after-effects of the Equifax hack have the potential to run and run like no other.
“I expect a lot of personal cyber issues to arise this year as a result of the Equifax breach,” said Jeremy Barnett, senior vice president of marketing at NAS Insurance Services. “That data is going to be exploited during tax season this year and my expectation is that many individuals are going to be affected by fraudulent tax filings.”
Although interest in personal cyber insurance policies is on the rise, the reality is that those individuals affected by a fraudulent tax filing as a result of the Equifax breach will be forced to deal with the consequences independently.
“Those people are going to have to deal with the potential for identify theft, fraud issues, and attacks on their own systems or devices,” Barnett said. “They will also have to arrange a forensic exercise to figure out who has what data and what has been affected. Have loans been taken out with that social security number? Has someone filed taxes under that social security number with a different name and address and arranged for a refund to be sent out?”
The fallout from the Equifax hack looks set to become a major stressor for millions of Americans, however such large scale breaches do represent an opportunity for insurers to reassess how they’re approaching risk.
“When someone like Equifax has a breach, it certainly calls into question what level of security insurers should be assessing when underwriting,” Barnett said. “When companies with the most sophisticated security systems and networks have an incident, it means there must be a better way to evaluate the things put in place in the underwriting process.
“With each new incident, the entire industry learns a lot about where the vulnerabilities are. When we all understand more about the vulnerabilities that get exploited and what that really means, then we can use that knowledge to advise our clients about their own possible weak spots.”