MBA Offers Member Resources in Wake of Equifax Breach
In the aftermath of the massive Equifax data breach, the Mortgage Bankers Association is a clearinghouse of resources for its members.
The data breach was allegedly discovered in July and reported Sept. 7. Equifax said the breach affected up to 143 million people, exposing private data including social security number and birthdates, potentially the largest cybercrime to date. In the wake of these and other damaging disclosures, Equifax CEO Robert Smith departed. House and Senate committees have scheduled hearings next week addressing the data breach.
Equifax revealed the data breach Sept. 7, several weeks after the hacking was discovered in late July. The breach exposed Social Security numbers, birthdates and other private data for as many as 143 million people.
“If you lend to consumers it will have some impact on your business, although the extent remains to be seen,” wrote MBA President and CEO David Stevens, CMB, in a Member Letter. “MBA will keep you up-to-date on developments as the credit bureaus and government officials deal with the fallout of this breach, and make sure you know what you need to know for your business.”
In 2015, MBA produced a white paper, The Basic Components of an Information Security Program (https://www.mba.org/2015-press-releases/sept/mba-releases-new-white-paper-on-information-security) that discusses the information security risks facing the mortgage industry and the basic security practices necessary to help mitigate the risks.
The report was authored by members of the MBA Residential Technology Forum (RESTECH) Information Security Workgroup and is intended to assist small and medium-sized entities that might need help in understanding and managing security risk.
“A risk-based approach is the most effective way to understand and implement an effective information security program,” said Robb Reck, the Chief Information Security Officer for Pulte Mortgage and the Vice Chair of the Information Security Workgroup. “This paper identifies those critical risks and offers suggestions for how to mitigate them. Our hope is that by providing this information, companies will be able to more rapidly mature their security practices.”
The white paper notes that the financial services industry has been designated as one of the six critical infrastructure sectors in the United States because of the value of its data as a target for criminals and other bad actors. The report outlines practical steps that MBA members can take to mitigate information security risk.
For more information about information security at their business, or to join the MBA Information Security Workgroup, MBA encourages members to contact Rick Hill, MBA Vice President of Industry Technology, at rhill@mba.org.
Additionally, MBA encourages consumers to visit www.equifaxsecurity2017.com to verify their exposure to the breach and take initial steps to protect their credit.
Other links:
Federal Trade Commission: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.
Consumer Financial Protection Bureau: https://www.consumerfinance.gov/about-us/blog/top-10-ways-protect-yourself-wake-equifax-data-breach/.
Shawn Malone, CEO of Security Diligence LLC, and chair of the MBA Information Security Workgroup, is closely monitoring this security breach. On his web site (http://www.secdiligence.com/cybersecurity-preparedness.html), he suggests that consumers should consider following these four steps recommended by Consumer Reports: https://www.consumerreports.org/equifax/how-to-lock-down-your-money-after-the-equifax-breach/.