The September 2017 breach of credit reporting agency Equifax, which exposed the personal data of 150 million Americans as well as residents of the UK and Canada, was so extensive as to be dumbfounding. Certainly few compromises of its scope and magnitude have occurred in US history before. Data released to cybercriminals as part of the breach included citizens’ full names, Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers. Equifax also confirmed at least 209,000 consumers’ credit card credentials were taken in the attack.
Where the event really becomes unconscionable is when one considers a) how easy it was for the breach to occur, and b) the way “crisis management” was approached by the U.S. government in relation to this major financial institution.
According to an October 2017 report from Motherboard, around December 2016, a security researcher examining Equifax’s servers observed that an online portal, apparently created for Equifax employees only, was accessible to the open Internet. All the researcher had to do to access the information was utilize a web app which allowed searching of the data and the ability to download millions of cleartext results instantly. The anonymous individual reported, “I’ve seen a lot of bad things, but not this bad.”
The Senate made nominal efforts in the way of disciplining the agency by introducing a bill allowing consumers free credit freezes (and veterans free credit monitoring), but included a tax break worth far more than what credit reporting agencies would lose in providing the freezes for free. Additionally, citizens such as veterans made eligible for free credit monitoring services were stripped of their right to sue the agencies. The content of the bill in fact contains cause for consumers and citizens to trust these agencies even less.
The irony is that Equifax, a company that should first and foremost be trustworthy and secure, revealed itself to be anything but. They have legal expenses, PR expenses, lost executive institutional knowledge expenses—what a waste of company funds which should have been used actually protecting consumers. So where was all their money going?
Furthermore, a former Equifax executive was charged with insider trading ahead of the massive data breach. When people, companies or institutions continue illicit or unethical acts, they become brazen. Why is Congress failing to act against the big financial institutions again?
PR is how you make others feel and consequently behave toward you. No amount of positive publicity can cover up financial irregularities. People know when they are being lied to.
- “Equifax.” Wikipedia, Wikimedia Foundation, 1 Apr. 2018, en.wikipedia.org/wiki/Equifax.
- “Senate Gives Consumers Free Credit Freezes – but Also Gifts for Equifax.” Yahoo! Finance, Yahoo!, 15 Mar. 2018, finance.yahoo.com/news/senate-gives-consumers-free-credit-freezes-also-gifts-equifax-180517222.html.
- Picchi, Aimee. “Despite Equifax Breach, Congress May Boost Credit Bureaus.” CBS News, CBS Interactive, 14 Mar. 2018, www.cbsnews.com/news/despite-equifax-breach-congress-may-boost-credit-bureaus/.
- Lecher, Colin. “Former Equifax Executive Charged with Insider Trading Ahead of Massive Data Breach.” The Verge, The Verge, 14 Mar. 2018, www.theverge.com/2018/3/14/17119538/equifax-insider-trading-data-breach-charges.
- Duran, Paulina. “Australia’s Competition Watchdog Sues Equifax for Misleading Consumers.”Reuters, Thomson Reuters, 16 Mar. 2018, www.reuters.com/article/us-equifax-cyber-australia/australias-competition-watchdog-sues-equifax-for-misleading-consumers-idUSKCN1GS03X.