THE EQUIFAX HACK
On September 7, 2017, one of the biggest credit reporting agencies in the U.S., Equifax, publicly announced one of the most scandalous security breaches in history. The company’s highly-secured and sophisticated data system was hacked by unknown cyber intruders. As a result, personal data which include the social security, credit card, and driver’s license numbers, date of birth and addresses of around 144½ million consumers throughout the United States have been carelessly exposed and became vulnerable in the hands of hackers. Meanwhile, Equifax pointed out that the “core consumer or commercial credit reporting database”, which plays a crucial role in solving credit scores, were not penetrated by the hackers. Before we delve further, it would be helpful for us to know the timeline of events surrounding this scandal. A catastrophe that was highly preventable merely by human intervention.
According to Fox Business, the hackers successfully breached the database of Equifax halfway through the month of May until July 28, 2017. The following day, Equifax finally uncovered the unauthorized entry and quickly blocked the intruder. On August 1 and August 2, before the public learned of the incident, three high-ranking executives of the company sold almost $2million worth of Equifax stock. However, this was refuted by the company during the official public announcement of the incident on September 7. On the same day, Equifax informed the public of several services that they offer to assist their consumers. A website was created to help the consumers check if their account was affected. Next, Equifax is offering free credit monitoring as well as identity theft protection for every American. Lastly, a call center was established to address concerns of consumers.
Based on the information gathered and the recent incident, observers criticized Equifax for being negligent and incapable of protecting and securing the confidential data of their consumers. As evidenced by their failure to use the latest patch of Apache Struts and the advice to update their system, made Equifax vulnerable and eventually exploited by hackers to gain access to their system. The vulnerability was announced since March; hence, this massive breach was highly preventable by Equifax.
Accordingly, experts have raised their concern on the occurrence of identity theft after a data breach; thus, guidelines have been issued to protect the consumers. As suggested by the Federal Trade Commission, the first thing to do is to visit http://www.equifaxsecurity2017.com. The next step is to check your credit reports for free via http://www.annualcreditreport.com. Any activity or account that is suspicious needs to be reported; hence, you should visit https://identitytheft.gov to know what to do. Third step is to consider a credit freeze on your credit reports. Fourth step is to monitor existing credit card and bank accounts carefully. Another option aside from credit freeze is to place a fraud alert on your credit reports. For more information visit http://www.identitytheft.gov/Info-Lost-or-Stolen
The Equifax breach was the subject of the U.S. Congress hearings last month as reported by The Hill, which several measures were proposed to have an efficient notification and response in case of data breach. In addition, according to WIRED, there are several dozen people in the US who were affected that have formally filed a case against Equifax. The Financial Conduct Authority of UK is also investigating Equifax because almost 700,000 British people were affected. As quoted by BBC on there website, “The FCA announces today that it is investigating the circumstances surrounding a cybersecurity incident that led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent.”
As of November 8, 2017, the fifth hearing was conducted by the Senate Commerce Committee. The Washington Post reported that several senators who were part of the panel believed that new laws should be created and enforced to compel the companies such as Equifax to be more vigilant and strict in securing consumer data.