From mid-May through to July, cybercriminals had access to the addresses, social security numbers, drivers license numbers, and birthdates of Equifax “customers”- that’s pretty much everyone – in the USA, Canada, and the UK.
The September 7th, 2017 press release from Equifax states that nearly half of the population of the United States – 143 million people – have had their private information compromised by the Equifax breach.
Equifax maintains that relatively few Canadian and UK consumers’ private information was impacted and that they are working with the Canadian and UK regulators to comply with the necessary regulations surrounding breach transparency.
But that’s not the worst news…
As part of this Equifax cyber intrusion, 209,000 people had their credit card information stolen, AND according to Equifax, the breach also impacted 182,000 people who had private information contained in Equifax Dispute Documents.
(Are you looking for professional help with securing your private or corporate data? Let the professional cybersecurity experts of CTECH Consulting Group take this worry off your mind! Contact us now at (403) 457-1478 or firstname.lastname@example.org
The Equifax public relations bulletin regarding this breach tells us that they finally discovered the intrusion and theft of consumer’s private information on July 29th, and that following the discovery of the breach, they hired an independent cybersecurity firm to investigate.
That investigation apparently took a little over a month to complete, because the public wasn’t informed that their private information had been compromised until the September 7th press release.
What is Equifax doing about it?
Their Chairman and CEO, Rick Smith, recorded a public apology and defense of Equifax’s actions in this matter.
They set up a website for you to check to see if you are among the millions of people whose information was stolen. equifaxsecurity2017.com
They have offered a free year of credit monitoring and ID theft protection
They have set up a call center to handle the flood of calls from concerned consumers. 866-447-7559
That’s the official response from Equifax.
Here’s the problem.
They went for over a month without notifying the public that something very important and valuable – their private information – may have been compromised.
Ironically, the website that they have set up for you to check to see if you are one of the 143 million people affected by the breach asks you to give your social security number – again – to Equifax.
The free year of credit monitoring and ID theft protection is offered THROUGH Equifax.
Equifax is only notifying the people whose credit card numbers or Dispute Documents were seen by the criminals – not everyone affected.
To add insult to injury, according to TechCrunch and Bloomberg both report that three Equifax Executives dumped a portion of their Equifax stock BEFORE the news of the breach went public.
TechCrunch states, “The transactions in question were initiated by Chief Financial Officer and Corporate VP John Gamble, who sold $946,374 worth of shares; President of U.S. Information Solutions Joseph Loughran, who dumped $584,099; and President of Workforce Solutions Rodolfo Ploder, who sold $250,458 in shares. As Bloomberg notes, these transactions were not pre-scheduled trades and they took place on August 2, three days after the company learned of the hack.”
While Equifax has come out with a statement insisting that these men had no knowledge of the breach at the time of the trades, it still looks more than a little fishy.
So, what is the average consumer supposed to make of all of this?
Well, to put it in perspective, this isn’t the biggest case of a corporate entity being breached by cybercriminals. In 2016, Yahoo disclosed that 1.3 billion user accounts had been hacked in two separate incidents in 2013-2014. Wikipedia records that the criminals involved stole, “names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashedpasswords.”
So, this kind of breach – and corporate delay in disclosure – has happened before.
In an effort to calm public outrage over this breach, Equifax’s CEO, Rick Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
Rick Smith has a led Equifax since 2005 and has a good track record as a corporate leader and a conscientious and caring citizen. According to his Equifax bio, his “is currently a trustee for The Boys & Girls Clubs of Metro Atlanta and has formerly been a director of the Operation HOPE global board, director of the YMCA of Metropolitan Atlanta, and a Trustee of the Woodruff Arts Center.”
Although Equifax has hit some speedbumps in the rollout of their response to this crisis, it seems that the issues seem to mostly center around transparency, messaging, and public relations, not the leadership of Rick Smith.