Wednesday 11 Oct 2017 @ 11:42
National Cyber Security Centre
Printable version

NCSC advice for Equifax customers

Advice for Equifax customers affected by the recent cyber incident.

Equifax yesterday confirmed that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in the cyber incident that took place in May 2017.

If you have been told by Equifax that security details from your Equifax.co.uk membership account – such as password and secret questions - have been accessed, you should ensure those details are not used on any other accounts. NCSC advises that passwords are managed carefully across online services and more information can be found on the NCSC website.   

Another risk to UK citizens affected by this data breach is that they could be on the receiving end of more targeted and realistic phishing messages. Fraudsters can use the data to make their phishing messages look much more credible, including using real names and statements such as:

'To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number'.

These phishing messages may be unrelated to Equifax and may use more well-known brands. It is unlikely that any organisations will ask their customers to reset security information or passwords as a result of the Equifax breach, but this may be a tactic employed by criminals. The NCSC guidance on protecting yourself from phishing still applies.

Usually, if you are the target of a phishing message, your real name will not be used.  However, in this case, if fraudsters have your name, people will need to be extra vigilant around any message that purports to be from an organisation they deal with - especially when there are attachments or links which take people to sites asking for more personal information.

Fraudsters may also call. If you do receive a phone call that is suspicious - for example by asking you for security information - do not divulge any information, and hang up. You should then contact the organisation the caller claimed to be from – never using the details they provided during the call.

The NCSC, with Equifax and partners including the NCA, ICO and FCA, continues to examine this incident and should further information come to light about the extent and nature of the impact on the UK, we will provide further updates and advice as soon as we can.

Members of the public can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.

 

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/ncsc-advice-equifax-customers-0

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.