You would expect that a company – like Equifax – that is entrusted with vital information and tracking information of peoples purchase history would have iron-clad cybersecurity to protect its data.
On September 7, 2017, Equifax came out with the truth.
They had been hacked.
From mid-May through to July, cybercriminals had access to the addresses, social security numbers, drivers license numbers, and birthdates of Equifax “clients”- that’s pretty much everyone – in the USA, Canada, and the UK.
The September 7th, 2017 press release from Equifax states that nearly half of the population of the United States – 143 million people – have had their private information compromised by the Equifax breach.
Equifax maintains that relatively few Canadian and UK consumers’ private information was impacted and that they are working with the Canadian and UK regulators to comply with the necessary regulations surrounding breach transparency.
But that’s not the worst news…
As part of this Equifax cyber intrusion, 209,000 people had their credit card information stolen, AND according to Equifax, the breach also impacted 182,000 people who had private information contained in Equifax Dispute Documents.
(Are you looking for professional help with securing your private or corporate data? Let the professional cybersecurity experts of intivix take this worry off your mind! Contact us now at (415) 543 1033 or firstname.lastname@example.org
The Equifax public relations bulletin regarding this breach tells us that they finally discovered the intrusion and theft of consumer’s private information on July 29th, and that following the discovery of the breach, they hired an independent cybersecurity firm to investigate.
That investigation apparently took a little over a month to complete, because the public wasn’t informed that their private information had been compromised until the September 7th press release.
That’s the official response from Equifax.
Here’s the problem.
To add insult to injury, according to TechCrunch and Bloomberg both report that three Equifax Executives dumped a portion of their Equifax stock BEFORE the news of the breach went public.
TechCrunch states, “The transactions in question were initiated by Chief Financial Officer and Corporate VP John Gamble, who sold $946,374 worth of shares; President of U.S. Information Solutions Joseph Loughran, who dumped $584,099; and President of Workforce Solutions Rodolfo Ploder, who sold $250,458 in shares. As Bloomberg notes, these transactions were not pre-scheduled trades and they took place on August 2, three days after the company learned of the hack.”
While Equifax has come out with a statement insisting that these men had no knowledge of the breach at the time of the trades, it still looks more than a little fishy.
Well, to put it in perspective, this isn’t the biggest case of a corporate entity being breached by cybercriminals. In 2016, Yahoo disclosed that 1.3 billion user accounts had been hacked in two separate incidents in 2013-2014. Wikipedia records that the criminals involved stole, “names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords.”
So, this kind of breach – and corporate delay in disclosure – has happened before.
In an effort to calm public outrage over this breach, Equifax’s CEO, Rick Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
Rick Smith has a led Equifax since 2005 and has a good track record as a corporate leader and a conscientious and caring citizen. According to his Equifax bio, his “is currently a trustee for The Boys & Girls Clubs of Metro Atlanta and has formerly been a director of the Operation HOPE global board, director of the YMCA of Metropolitan Atlanta, and a Trustee of the Woodruff Arts Center.”
Although Equifax has hit some speedbumps in the rollout of their response to this crisis, it seems that the issues seem to mostly center around transparency, messaging, and public relations, not the leadership of Rick Smith.
Time will tell whether Equifax will be able to regain and hold on to public confidence. At the moment, their biggest statement defending their systems is,
“The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”