Equifax, You Had One Job

September 8, 2017

1:30 pm

Social security numbers, drivers licenses, and the kitchen sink have all been compromised in one of the biggest hacks of personal information to Equifax.

Customers generally found out through the media that Equifax’s breach was detected July 29, 2017 and impacted approximately 143 million U.S. consumers – which primarily includes names, Social Security numbers, birth dates, addresses, and some drivers license numbers.

“In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed,” according to an Equifax press release.

While the breach occurred between mid-May through July 2017, the company said nothing upon discovery, but seem to have plenty of time to prepare and think of themselves before the storm. CNN Money reported that the Equifax executives sold close to $2 million in stock shortly after they discovered the breach.

In their attempt to help consumers, the company put up a sad website, where you are met with their company statement, a video from the CEO, and then an option to enroll in a complementary identity theft protection program and credit file monitoring, TrustedID Premier, which is owned by… drum roll please…Equifax. Well that makes me feel better… not.

Ars Technica even called their website attempt “amateur” and lack enough security for the inputs.

“It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.

Consumers have already mocked this move by Equifax. And just so I understand this right, the company was trusted with 143 million or more consumers' (including mine) most important, personal and private financial information, and wants us to give them our social security number (again) and sign up for their credit monitoring, that they own? Seriously?

Equifax, you had one job… keep consumer’s information safe. And you blew it.

If you do ultimately decide to sign up for their six month Band-Aid monitoring service, it could wave your rights to join a class action law suit, TechCrunch reports. And yes, class action lawsuits are already on the way. Bloomberg reports that a complaint was filed in Portland, Oregon, federal court.

“…users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.”

This breach should be taken as serious as an earthquake, as it could lasting effects for people who want to get credit cards, bank loans, obtain security clearances, and more.

Hackers Can Now Silently Take Control of Your Voice Assistants

NBC reports that this historic hack is grabbing the attention of law enforcement and “…reported that the FBI was actively investigating the incident and that the company has been cooperating with the bureau.”

What You Can Do

To begin to protect your information, or what’s left of it, consumers should look to sign up for additional fraud protection services such as LifeLock, EZ Shield, and Identity Guard. In addition, begin to alert you bank and credit card companies your information has been compromised, begin to use two-factor authentication for your financial accounts, and for gosh sakes, strengthen your password.

Adam Levin, a consumer advocate and chairman of security firm CyberScout said to Market Watch,

“Customers should immediately freeze their accounts at all three credit bureaus. This restricts access to your credit report, which helps prevent other credit card companies accessing it to open up new accounts.”

This could help prevent anyone from opening a new account. Remember to never give your social security or driver’s license information over the phone or email.

Please read more about how to protect your personal information at TechCo

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Tishin is a technology journalist and correspondent. She has written for TechCrunch, Demand Studios and Fitness, and has regular network segments on local Phoenix affiliate stations. She holds a Master's degree in Clinical and Sport psychology, and has covered many areas of technology ranging from 3D printing and game development to neurotech and funding for over 15 years.