Equifax Data Breach: More Questions Than Answers

Considering Equifax is one of the largest credit reporting agencies whose sole business relies on both credibility of data and securely handling the sensitive data of millions of consumers, it is fair to assume that they have the strongest security defenses in place at all times. Unfortunately, that is not the case. There are no words to describe the sheer negligence and lack of accountability we are witnessing. Equifax has compromised personal data of 143 million Americans. With this data, people could be at risk of identity theft
for the rest of their lives.

Let me break it down for you:

  • Cybersecurity professionals discovered, created a fix for, and told the industry about the vulnerability that allowed attackers into the Equifax network. The vulnerability was patched on March 7, 2017. Equifax said the unauthorized access began around the middle of May. That’s a period of two months in which the company could have, and should have dealt with the problem.

 

  • Equifax said it discovered the breach on July 29 – Richard Smith, CEO of Equifax claimed the company initially “thought the intrusion was limited.” On August 2, three Equifax executives sold nearly $2 million worth of company stock. Those same executives claimed to have had no knowledge an intrusion had occurred at the time they sold their shares.

 

  • Equifax did not announce the data breach to the public until September 6 – 39 days after the hack. In that 39 days, Equifax had enough time to prepare for outrage and provide a way for consumers to protect themselves.

 

  • The strongest, though not most painless, way to protect yourself after the breach is to freeze your credit; however, the surge in demand has overloaded the credit bureau’s ability to handle the influx of requests. All three major credit reporting agencies gave error messages the day following the announcement and prevented consumers from filing online requests to have their credit reports frozen.

 

 

  • For customers who wanted to check to see if their information had been compromised, Equifax suggested they visit their new site, www.equifaxsecurity2017.com. From there, consumers could find out if they’ve been potentially impacted and could sign up for credit monitoring services. When they went to the page and followed the process (which included providing personal information), they never received a definitive answer.

 


Best put by Jessie Opoien in a Twitter post:

Equifax: We may have exposed your SSN

Also Equifax: Give us your SSN and we’ll tell you if we did

Also Equifax: We actually won’t tell you


  • Additionally, customer service representatives at Equifax are not prepared to answer consumer questions. Not to mention, phone lines are jammed up or they aren’t answering so many can’t even get through to speak with someone.

 

Do yourself a favor – don’t rely on Equifax to answer your questions. Read all you can about what’s happening and how to further protect yourself.

I recommend the following:

Here’s how to freeze your credit to protect your identity

Learn more about protecting yourself after a data breach

Also, beware of these scams following the breach:

Phone scammers posing as Equifax reps

Equifax data breach and credit freeze: 3 scams

 

View a similar case: Warning Shot Fired: Healthcare Cybersecurity in Critical Condition