Am I Affected?
Equifax has set up a landing site specifically with information on the breach, with a link called "Potential Impact" that allows users to input additional information to see if they may have been affected.
Ongoing Monitoring and Best Practices
It is highly recommended that consumers regularly review their credit reports and other critical financial information (such as banking and credit card security logins) on a regular basis to ensure for potential warning signs such as unknown new accounts or credit lines being opened.
There are several options that consumers may use to proactively monitor their credit. Some - such as the TrustedID program which Equifax is offering at no charge for a limited time - are connected or linked to one of the three major credit bureaus. There are also popular 3rd party/independent services available for consumers who are not comfortable using a service directly affiliated with one of the bureaus.
In addition, many companies are starting to make identify theft and credit monitoring services available as included or optional parts of many employee benefit programs. With fall open enrollment dates coming up in Q4, it may be a good time to check to see if your company has this as a benefit.
Trend Micro Protection
Equifax themselves have reported that the attack vector that was believed to have been used in the attack was a vulnerability in Apache Struts (CVE-2017-5638), an open-source application framework that supports the Equifax online dispute portal web application. This particular vulnerability was reported earlier in 2017.
Administrators are always encouraged to patch and address vulnerabilities as quickly as possible when they are aware of a potential issue.
The first recommendation is always to apply the vendor's specific patch(s) if they are available. As an additional line of defense, customers who have deployed virtual patching and other intrusion defense systems such as Trend Micro's Deep Security, Vulnerability Protection or TippingPoint products have had protection against CVE-2017-5638 and other similar critical vulnerabilities for several months now, shortly after the vulnerabilities were publicly disclosed. Customers using these products should also ensure they have the latest rules and/or filters applied for the most up-to-date protection.
Additional Information
Trend Micro has some comprehensive blog entries that covers this breach in more detail and provides some additional recommendations for administrators and consumers alike:
