Week 15

The article indicated that whatsup and skype calls had some spyware that impacted android users

week 14

There is new Trojan that gained the ability to steal Facebook, twitter, and gmail accounts

Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages. However, researchers at security firm Bitdefender have discovered that the banking Trojan has now been revamped with new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media and email accounts and even post on behalf of the infected user. Terdot banking trojan does this by using a highly customized man-in-the-middle (MITM) proxy that allows the malware to intercept any traffic on an infected computer. Besides this, the new variant of Terdot has even added automatic update capabilities that allow the malware to download and execute files as requested by its operator. Usually, Terdot targeted banking websites of numerous Canadian institutions such as Royal Bank, Banque Nationale, PCFinancial, Desjardins, BMO (Bank of Montreal) and Scotiabank among others. This Trojan Can Steal Your Facebook, Twitter and Gmail accounts

Week 13

According to Homeland Security recommendation this tips are very helpful for every/common man business organizations of any size:

Use strong passwords and change them regularly.

Keep your usernames, passwords, or other computer/website access codes private.

Only open emails and attachments from people you know.

Do NOT install or connect any personal software or hardware to your organization's network without permission from the IT department.

Make electronic and physical backups or copies of all your important work.

If you want to read the whole article 

https://www.dhs.gov/stopthinkconnect-campaign-blog

Resource Homeland Security

week 12 Career in the Cyber SecurityOnline IT Security Courses – CISA, CISM, CISSP Certifications

With this online training course, you will get the materials you require to dive deep into the most proven and practical methods for protecting vulnerable networks and any business environment. From the fundamentals of cryptography and encryption to the security holes in computer networks and mobile apps, this course will help you learn about information security audits, assurance, guidelines, standards, and best cybersecurity practices in the industry. If you don't know what are CISA, CISM, and CISSP certifications, below you can find brief information about the courses and their importance in IT industry. CISA - Certified Information Systems Auditor The CISA certification is renowned across the world as the standard of achievement for those who audit, monitor, access and control information technology and business systems. Being CISA-certified showcases candidates for their audit experience, skills, and knowledge, and signifies that you are an expert in managing vulnerabilities, instituting controls and ensuring compliance within the enterprise.

Week 11

There is a flaw or vulnerability in the Oracle's enterprise identity management system that has been discovered this week that could allow to hack in your system. Oracle has not release any details of the vulnerability that affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users' access privileges within enterprises.

Week 10

I found this article that talks about the Kaspersky, the Russian based antivirus that was accused of helping Russian hackers steal classified info from the U.S. Now Kaspersky is fighting back, by allowing third party to view their code in order to win back its customers

Week 9

WPA2 Flaw Could Blow WiFi Systems Wide Open

A security flaw in WPA2, the security protocol for most modern WiFi systems, could allow an attacker to steal sensitive data including emails, credit card numbers and passwords, Researchers at Belgian university KU Leuven reported Monday.

Depending on the network configuration, the flaw also could allow an attacker to inject or manipulate information in the system -- for example, inject ransomware or other malware into websites being used.

The weakness is in the WiFi standard itself, not in any particular products or implementations, so this impacts just about any correct implementation of WPA2, explained Mathy VanHoef, a postdoc researcher in the university's imec-DistriNet Research Group, who together with Frank Piessens, a DistriNet professor, discovered the flaw.

Widespread Impact

A series of vulnerabilities were found in Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other systems, the researchers said. In order to fix the problem, users need to update affected products as soon as patches become available.

The research will be presented at the ACM Conference on Computer and Communication Security, which will take place Oct. 30 to Nov. 3 in Dallas, and at the Black Hat Europe conference in December.

Microsoft released security updates a week ago, and customers who have Windows Update enabled or otherwise have applied the updates are protected, the company said in a statement provided to TechNewsWorld by spokesperson Rachel Martinez.

The company withheld disclosure of the flaw to allow other vendors time to develop and release updates, it said.

As a proof of concept, the DistriNet researchers executed a key reinstallation attack (KRACK) against an Android smartphone, noting that Linux and Android 6.0 or higher were particularly vulnerable. Both operating systems can be tricked into reinstalling an all-zero encryption key.

The main attack is against the four-way handshake of the WPA2 protocol, the researchers said. The handshake takes place when a user wants to join a protected WiFi network and the protocol is used to confirm that the client and access point have the correct credentials.

The attacker manipulates and replays the cryptographic handshake message. When the victim reinstalls the key, the incremental transmit packet number and the receive packet number are reset to their initial values.

"How it works is technically complex," said William Malik, vice president for infrastructure strategies at Trend Micro.

"The easy answer is the attacker gets the access point to rebroadcast part of the initial handshake, analyzes that information, and then the attacker can intercept the rest of the conversation," he told TechNewsWorld.

During the handshake, the device and access point set up and agree on an initial encryption key, Malik said.

Threat Responses

Users should install recommended updates from end device and network equipment manufacturers, Kevin Robinson, vice president of marketing at theWi-Fi Alliance, told TechNewsworld.

The alliance has taken immediate steps to address the issue, and it now requires testing for the vulnerabilities within its global certification lab network. The alliance has provided a vulnerability detection tool for its members' use.

The vulnerabilities can be lumped into two categories, according to the International Consortium for the Advancement of Cybersecurity on the Internet. In one, attacks would affect wireless endpoints as "supplicants." In the other, attacks would affect wireless infrastructure devices as "authenticators."

Depending on the device configuration, exploiting these vulnerabilities could allow unauthenticated attackers to perform packet relay, decrypt wireless packets, and potentially forge or inject packets into a wireless network, ICASI said.

Members including A10 Networks, Amazon, Cisco Systems, IBM, Intel Corp., Juniper Networks, Microsoft, Oracle and VMWare were notified.

Fundamental flaws that impact all Web users, like KRACK, are "incredibly rare" but not unprecedented, said Rich Campagna, CEO of security firm Bitglass.

The Heartbleed vulnerability, which surfaced in 2014, is another example of a flaw that had widespread impact across the spectrum, he told TechNewsWorld.

An attack exploiting the WPA2 flaw would require an adversary to be close to the target, noted Gaurav Banga, CEO of Balbix.

"Remember that many public networks are wide open anyway, and enterprises expect TLS (HTTPS) and VPNs to provide the real protection, even if WiFi is open wide," he told TechNewsWorld. "Perhaps this is why the vulnerability disclosure was not taken very seriously until this week."

Source: https://www.technewsworld.com/story/84888.html

Week 8

Petya's Ransomware Cloaking Device

Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes.

The Petya attack -- which disrupted major government agencies, infrastructure sites, multinational companies and other organizations -- actually used the cover of a ransomware attack to deploy a more malicious exploit, called a "wiper," that paralyzed thousands of computers and destroyed data in dozens of countries around the world, some leading cybersecurity experts have concluded.

The National Cyber Security Centre, which operates within the UK's GCHQ intellligence agency, late last month raised questions about the motives behind the attack, saying it had found evidence that questioned initial judgments that collecting ransoms was Petya's chief goal.

The financial motivation was questionable early on, based on critical evidence seen during the intial outbreak of the attack, noted Vikram Thakur, technical director at Symantec.

Ukraine Connection

The large number of victims located in Ukraine and the fact that the infection vector was software primarily used there raised suspicions, he told the E-Commerce Times.

Further, "the single bitcoin wallet payment method, use of a single email for decryption communications, absence of a C&C (command & control server), encryption of files with extensions primarily used by businesses, the wiping of the MBR, along with the randomly generated key displayed to the victim, all contributed to the belief that the attacker did not expect to receive ransom in exchange for decryption keys," Thakur said.

The single email was a key concern of researchers. German provider Posteo shut down the email used by the hackers as the sole means of contact, which professional hackers would have expected to happen. They would have established more than one potential means of collecting ransom and then releasing data back to victims.

Kaspersky Lab, one of the first cybersecurity firms to publicize the true nature of the attack, posting on June 28 that the Petya malware attack was a wiper disguised as ransomware.

"Our analysis indicates that ExPetr/NotPetya (additional names of the Petya exploit) has been designed with data destruction in mind," the firm said in a statement provided to the E-Commerce Times by spokesperson Jessica Bettencourt.

"To launch this attack, its authors have carefully created a destructive malware disguised as ransomware," Kaspersky noted. "While some parts of this destructive malware still operate as original building blocks, meaning they might be mistaken for ransomware, their true purpose is destruction -- not financial gain."

"Ransomwares and hackers are becoming the scapegoats of nation state attackers," tweeted Matthew Suiche of Comae Technologies, who separately came to the same conclusion as Kaspersky.

State Sponsorship?

The suspicion of nation-state involvement goes beyond idle speculation. The NATO Cooperative Cyber Defense Centre of Excellence made a similar assessment and raised the specter of invoking Article 5, possibly designating the cyberoperation as similar to an armed attack that would invoke a military response.

"In the case of NotPetya, significant improvements have been made to create a new breed of ultimate threat," said Bernhards Blumbergs, a researcher at the CCD COE.

For the latest attack, the malware was developed more professionally than the "sloppy WannaCry," he noted. Instead of searching the entire Internet, the malware searches for new hosts to infect, going deeper into local computer networks.

The attackers used the stolen EternalBlue exploit that the Shadow Brokers stole from the National Security Agency, the CCD COE confirmed.

The attack was too sophisticated for unaffiliated hackers to put together as a practice run, its researchers concluded.

Further, it was unlikely that cybercriminals were behind the attack, as the method for collecting ransom was so poorly designed that they would not have been able to collect enough to cover the cost of the operation, they pointed out.

While the think tank is accredited by NATO and financed by member nations, it does not speak on behalf of the alliance, a spokesperson for the CCD COE told the E-Commerce Times.

Neither WannaCry nor Petya utilized sophisticated revenue-collection methods, which suggests the campaigns may have been designed for "geopolitical deception or information operations designed to sow chaos in a rival political information space," Kenneth Geers, a NATO CCD COE ambassador, told the E-Commerce Times.

Russia was behind the Petya attack, according to the Ukrainian security agency SBU. The malware impacted numerous Ukranianan business and infrastructure targets, including the international airport and Chernobyl nuclear plant, before spreading worldwide.

Petya exhibited similarities to the 2016 Black Energy attacks that hit the Ukranian power grid, the SBU pointed out.

Extensions used in the recent attack were very similar to those of BlackEnergy's KillDisk wiper in 2015 and 2016, Kaspersky researchers noted.

In collaboration with Palo Alto Networks, Kaspersky found certain similarities in code design, but the firms could not say for certain whether there was an exact link.

"As in the case of WannaCry, attribution is very difficult, and finding links with previously known malware is challenging, said Costin Raiu, director of Kaspersky's global research and analysis team.

"We are sending an open invitation to the larger security community to help nail down -- or disprove -- the link between Black Energy and Ex Petr/Petya," he told the E-Commerce Times.

The Petya outbreak displayed similarities with the 2016 Ukraine attack, said Anton Cherepanov, ESET malware researcher.

There were links to the TeleBots used against Ukrainian financial institutions, he told the E-Commerce Times, as well as a Linux version of the KillDisk malware the attackers deployed.

North Korea is the likely culprit behind the WannaCry attack, in the view of a number of cybersecurity experts who noted code similarities to the 2014 Sony hack.

"North Korea is isolated and already under tight international sanctions, so cyberattacks offer Pyongyang the opportunity from time to time to sucker punch the west," said Kaspersky's Raiu.

However, nailing down the attribution for the Petya attack has been more difficult than tracing the Sony attack's origins, he suggested.

No Way to Collect Ransom, No Way to Restore Data

U.S. officials have not attributed the attack publicly to any particular organization or state, but the Department of Homeland Security's U.S. Computer Emergency Readiness Team earlier this month put out an alert with a technical analysis on the Petya malware attack, which DHS still referred to as "ransomware."

The Petya variant encrypts victim's files with a dynamically generated 128-bit key and creates a unique ID for the victim, the report states.

There is no apparent relationship between the victim's assigned ID and the encryption key, which means there may be no way to decrypt files even if a ransom were paid, it notes.

The Petya variant uses the SMB exploit, as described in the Microsoft MS17-010 security update issued in March, along with a modified version of the Mimikatz tool, which can be used to obtain a user's credentials, according to DHS.

The damage Petya caused to public infrastructure and private businesses was extensive. Global shipping company A.P. Moeller-Maersk issued an update at the end of June saying it expected to return to an almost-normal operational environment by July 3, but warned it would take longer to restore all applications and workstations.

Maersk IT chose to shut down all systems during the attack to contain the issue, Signe Wagner a spokesperson for the company, confirmed to the E-Commerce Times.

She did not have access to her own email for several days, she said.

Merck & Co. confirmed that it was hit by the malware despite having installed updated patches, but noted that it had implemented business continuity plans

Week 7

Every Third Computer Attacked was from the Manufacturing Sector

A new report from Kaspersky Lab found that in the first half of the year, the manufacturing industry was the most susceptible to cyberthreats – with the industrial control systems (ICS) computers of manufacturing companies accounting for almost one third of all attacks.

The Kaspersky Lab report, “Threat Landscape for Industrial Automation Systems in H1 2017,” also found that the peak of attackers’ activity was registered in March, after which the proportion of computers attacked gradually declined from April to June. Also during the first half of the year, Kaspersky Lab products blocked attack attempts on 37.6 percent of ICS computers from which the company received anonymized information, totaling several tens of thousands. This figure was almost unchanged compared to the previous period – it is 1.6 percent less than in the second half of 2016.

The majority of the cyberthreats were in manufacturing companies that produce various materials, equipment and goods. Other highly-affected industries include engineering, education, and food & beverage. ICS computers in energy companies accounted for almost 5 percent of all attacks.

 While the top three countries with attacked industrial computers – Vietnam (71%), Algeria (67.1%) and Morocco (65.4%) – remained the same, researchers detected an increase in the percentage of systems attacked in China (57.1%), which came in fifth, according to the data released by Kaspersky Lab.

Experts also discovered that the main source of threats was the internet; attempts to download malware or access known malicious or phishing web resources were blocked on 20.4 percent of ICS computers. The reason for the high statistics for this type of infection lies in the interfaces between corporate and industrial networks, availability of limited internet access from industrial networks, and connection of computers on industrial networks to the internet via mobile phone operators’ networks.

In total, Kaspersky Lab detected about 18,000 different modifications of malware on industrial automation systems in the first six months of 2017, belonging to more than 2,500 different families.

Ransomware Attacks

In the first half of the year, the world has faced a ransomware epidemic, which also affected industrial companies. Based on the research from Kaspersky Lab ICS CERT, the number of unique ICS computers attacked by encryption Trojans increased significantly and tripled by June.

Overall, experts discovered encryption ransomware belonging to 33 different families. Most of the encryption Trojans were distributed through spam emails disguised as part of the business communication with either malicious attachments or links to malware downloaders.

The main ransomware findings in the report include:

5 percent of computers in the industrial infrastructure of organizations were attacked by encryption ransomware at least once.

ICS computers in 63 countries across the globe faced numerous encryption ransomware attacks, the most notorious of which were the WannaCry and ExPetr campaigns.

The WannaCry epidemic ranked highest among encryption ransomware families, with 13.4 percent of all computers in industrial infrastructure attacked. The most affected organizations included healthcare institutions and the government sector.

ExPetr was another notorious encryption ransomware campaign from the first half of the year, with at least 50 percent of the companies attacked in the manufacturing and oil & gas industries.

The Top 10 most widespread encryption Trojan families include other ransomware families, such as Locky and Cerber, operating since 2016 and since that time have earned the highest profit for cybercriminals.

“In the first half of the year we've seen how weakly protected industrial systems are – pretty much all of the affected industrial computers were infected accidentally and as the result of attacks targeted initially at home users and corporate networks,” said Evgeny Goncharov, head of critical infrastructure defense department at Kaspersky Lab. “In this sense, the WannaCry and ExPetr destructive ransomware attacks proved indicative, leading to the disruption of enterprise production cycles around the world, as well as logistical failures, and forced downtime in the work of medical institutions. The results of such attacks can provoke intruders into further actions. Since we are already late with preventive measures, companies should think about proactive protective measures now to avoid ‘firefighting’ in future.”

Week 6

The War Room: Experiential Security Planning

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise generally.

For example, 62 percent of participants surveyed for ISACA's recent "Global State of Cybersecurity" survey experienced a ransomware attack in 2016, and 53 percent had a formal process to deal with it. While ransomware is already a big deal, it is set to become an even bigger deal down the road.

One of the questions organizations ask is what steps they can take to keep themselves protected. Specifically, what can organizations do to make sure that their organization is prepared, protected and resilient in the face of an outbreak?

A strategy that can work successfully is the long-tested "tabletop exercise" -- that is, conducting a carefully crafted simulation (in this case, a ransomware situation) to test organizational response processes and validate that all critical elements are accounted for during planning.

This strategy works particularly well for ransomware because it encourages direct, frank and open discussions about a key area that is often a point of contention during an incident: the ransom itself.

What Is a Tabletop Exercise?

Invariably, in the context of an actual ransomware incident, someone will suggest paying the ransom. Sometimes it's a business team that sees the ransom as a small price to pay to get critical activities back on track. In other cases, it might be executives who are eager to defer what is likely to be a long and protracted disruption to operations. Either way, paying the ransom can seem compelling when the pressure is on and adrenaline is high.

However, most law enforcement and security professionals agree that there are potential downsides to paying the ransom. First, there is the possibility that attackers won't honor their end of the deal. A victim might pay them but lose its data anyway. Even if the attacker should follow through, there is the danger of creating a perception that the organization is a soft touch, which could induce attackers to retarget it down the road.

An organization might make a decision when feeling ransomware pressure that it would not make when thinking it through calmly in the abstract. That is why working through the issues ahead of time can be valuable.

The exercise prompts discussions about these topics and fosters calm and rational decision-making. Further, it helps familiarize critical personnel with response procedures, pre-empting "hair on fire" behavior if an actual crisis should occur.

Ransomware is only one area where a tabletop exercise can provide value. In fact, many aspects of an organization's security posture can be tested in this way. An organization can employ tabletops to examine everything from business continuity to disaster preparedness to distributed attacks, using a structure tabletop exercise. It's also possible to test general response communication channels for unplanned situations with no explicit response procedures established -- for example, the kidnapping of key personnel traveling abroad.

Fighting in the War Room

Assuming that an organization wants to use this method, what's the best way to set it up? The process isn't difficult, but there are a few things to keep in mind. A few critical elements can separate a useful, productive event from a less-than-valuable one.

First, take time to fully bake the exercise plan. It should be based on something that actually could happen to your organization. Leverage areas that you might be concerned about, areas that participants will be familiar with from the news or outside sources (such as ransomware), or areas where you suspect you have potential issues.

Create a scenario that is plausible, that contains components that play out over time (for example, in response to actions that the participants may or may not take) and that is complex enough to give all participants a way to engage. Note that you may not wish to share all information with all participants -- one of the things you may wish to test is communication pathways, so it's in bounds to expect participants to communicate between themselves.

As you develop your plan, keep in mind that the one of the goals should be immersion: You want the participants to feel like there is something on the line as the exercise unfolds. Bits of realism can add significant value here. For example, depending on the exercise you're planning, you could use simulated screen captures, snippets of prerecorded audio or video (such as a reporter behind a desk conducting a news report), an on-camera interview with a key executive, etc. There's no need to break the bank to do this: You simply want to add enough verisimilitude to get people hot under the collar and feel like there's something actually happening.

Likewise, enlist participation from all levels of the organization, including -- and in particular -- senior leadership. Leaving key stakeholders or decision-makers out (for example, excluding a highly placed executive because of availability limitations or level of interest) can detract significantly from the value of the exercise.

Counterbalance the urge to cast too wide a net, though, as physical proximity to the exercise can be valuable, too. Having all the players in one room during the exercise can lead to conversations that wouldn't happen otherwise. A useful technique is to set up a "war room," or central meeting place where you can have everyone together to conduct open discussions.

Last, deliberately introduce elements that ramp up the adrenaline in the room. It may sound strange, but to some degree you actually want to cultivate some heat -- that is, exchanges that might be contentious between participants. Why? Because a disagreement that happens during the exercise (and can be worked through there) is a disagreement that won't happen when an actual event transpires.

A tabletop exercise can be a great way to hone your security response capabilities and make an incident (should it occur) much more manageable than otherwise would be the case. By planning through responses, by testing methods for information sharing and communication, and by getting disagreements out of the way in advance, the tabletop can be both an important and a fun way to improve your organization's security posture.

Week 5

CCleaner software hacked to spread 'backdoor' malware to more than 2 million people

The malware was hidden in a download file, experts saidMarkus Spiske/Unsplash

CCleaner, a piece of internet security software with more than two billion downloads, was recently hijacked to distribute backdoor malware to more than 2 million unsuspecting victims.

According to a cybersecurity division of Cisco known as Talos, the impact of an attack could have been severe "given the extremely high number of systems possibly affected."

Did China hack Holyrood? 'Senior sources' in Scottish parliament link Beijing to cyberattack

Read more

Why advertise with us

CCleaner, marketed as the "number-one tool for cleaning your PC" boasted at least 2 billion downloads by November of 2016 with a growth rate of five million additional users per week.

The hidden backdoor was found in software version 5.33 and was released on 15 August, Talos said.

The infected version was used by 2.27 million people.

Researchers from Talos said Monday that until 12 September this year, when a new version was released, it was being packaged alongside a malicious copy.

The company's press team said that, if infected, hackers could use the exploit to steal sensitive data and/or credentials which could be used for internet banking or other online activities.

"Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly," Talos researchers wrote in a blog post, revealing that they urgently informed Avast of its findings on 13 September.

CCleaner is maintained by British company Piriform, which was purchased in July this year by security and technology company Avast.

With malware being incorporated into legitimate downloads, the biggest fear was that an outbreak could be similar to the "NotPetya" ransomware attack.

During the installation, the CCleaner download contained a malicious payload that featured a Domain Generation Algorithm (DGA) and a Command and Control (C2) functionality.

The Talos team wrote in an in-depth research analysis: "In reviewing the version history page on the CCleaner download site, it appears that the affected version (5.33) was released on 15 August 2017. On 12 September 2017 version 5.34 was released."

CCleaner was being distributed with malware, Cisco Talos said this week iStock

It said the CCleaner with the malware was distributed between these two dates.

The booby-trapped version was signed using a valid security certificate that was issued to Piriform by Symantec, which researchers found was valid through to 10/10/2018. Experts said this should now be revoked.

Talos added: "This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organisations and individuals around the world.

"By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files [...] used to distribute updates."

In response to the findings, Paul Yung, vice president of products at Piriform, wrote in a blog post that this company was sorry for the malware incident.

He stated: "Let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker. We're moving all existing CCleaner v5.33.6162 users to the latest version.

"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing."

Now, affected systems need to be restored to a state before 15 August 2017, or reinstalled.

More from IBTimes UK

Did China hack Holyrood? 'Senior sources' in Scottish parliament link Bejing to cyberattack

China's VPN crackdown: Police detain man for helping web users bypass 'Great Firewall'

'You're a child': Twitter reacts as Trump shares clip of him hitting Clinton with a golf ball

Class 4  one of the largest credit reporting agencies in the United States

A massive cyber security incident at Equifax — one of the largest credit reporting agencies in the United States — may have exposed private information belonging to 143 million people — nearly half of the U.S. population.

The breach, which was discovered July 29, includes sensitive information such as social security numbers, birthdays, addresses, and in some instances, driver's license numbers. The agency said 209,000 credit card numbers were exposed in the breach, which includes customers in Canada and the United Kingdom.

Facebook

Twitter

Embed

Equifax: Personal Data for 143 Million Americans Potentially Exposed 1:24

Related: Hackers Were Able to Breach — and Then Rick-Roll — a Voting Machine

Adding to the scandal, three of the company's top executives sold Equifax shares just days after the breach was discovered. The breach was not publicly disclosed until Thursday, more than six weeks later.

John Gamble, chief financial officer; Joseph Loughran, president of U.S. information security; and Rodolfo Ploder, president of workforce solutions solutions, all sold shares days after the company was aware of the breach, according to SEC filings. Bloomberg, which first reported this, estimated the total value of shares sold to be $1.8 million.

An Equifax representative told NBC News the three executives sold a "small percentage" of their shares and "had no knowledge that an intrusion had occurred at the time they sold their shares."

The FBI is actively investigating the cyber incident and Equifax has been cooperating, law enforcement sources told NBC News.

Privacy Paradox

The irony: Equifax is the agency many people use to guard against identity theft and one that businesses turn to when verifying a person is who they say they are. Now, with the private information in the hands of cyber thieves, customers are being placed in a difficult position.

"Equifax is tasked with actually protecting this information in the form of identity theft protection and here we are with almost half of the country's population being affected," Robert Siciliano, CEO of IDTheftSecurity.com, told NBC News.

Richard Smith, chairman and CEO of Equifax, apologized to "consumers and our business customers for the concern and frustration this causes.”

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said Smith.

Play

Facebook

Twitter

Embed

Finance hacks to get you back on track 4:24

In a statement, Equifax said the cyber security breach was discovered on July 29. Since then, the company has been working with an independent security firm to understand what happened and how they can better protect themselves in the future.

Were You Affected?

Even if you don't think you're a customer of Equifax, there's a strong possibility they still have your data. As a credit reporting agency, Equifax gets information from credit card companies, banks, lenders, and retailers to help it determine a person's credit score.

Want to see if you might be affected? Equifax will let you check your potential impact by typing in your last name and the last six digits of your Social Security number. All U.S. customers will also be given a date when they can sign up for TrustedID Premier, which includes identity theft insurance, credit reports and a service that crawls the internet and alerts you if your Social Security number is posted somewhere online.

Equifax has set up a dedicated website and phone number for concerned customers to call with questions. In addition, the company said it will mail notices to people who may have had their credit card numbers or personally identifying information exposed on dispute documents.

The bottom line here, Siciliano said, is to pay close attention to your credit card statements. With more than 200,000 credit card numbers exposed, he said extra vigilance is vital.

"The best thing a consumer can do in response is to engage in what's called a credit freeze," he said. "This essentially locks down your Social Security number on your credit report, preventing criminals from opening new lines of credit under your name."

You'll need to call the three major credit reporting agencies to ask for a freeze. The Federal Trade Commission lists more details on how to do that here.