About two weeks ago, when Equifax first revealed their massive data breach, it was noted by many that the company didn’t appear to be prepared nor equipped to deal with the demands of whatever contingency plans they had prepared for the day they would be hacked. That was on the first day after Equifax had gone public.
In the two weeks since, those observations have proven to be more than prescient. Because so much has happened, I present you a list. Between then and as of September 19, 2017, the following are true:
- The price of Equifax’s stock has plunged 35% in response to the data breach and all the other news following it.
- A couple of Equifax honcho’s “retired” after the breach was made public, including the Chief Security Officer (CSO).
- It turns out that Equifax’s CSO has a bachelor’s and master’s degree in music.
- It should be noted, however, that she has worked in security-related positions at other big companies.
- Plus, plenty of programmers (security or otherwise) are music majors, philosophy majors, art majors… you get the idea. (On the other hand, this is apparently not the case for the ex-CSO, as far as one can tell).
- More than 30 lawsuits have been filed.
- The Federal Trade Commission announced an investigation into the data breach.
- The US DOJ started criminal investigations to see if the three executives who recently sold nearly $2 million in stock violated federal law.
- Security researchers found that Equifax’s Argentinian branch had an employee portal that used “admin” and “admin” for the username and password.
- Equifax initially blamed a vulnerability in Apache software for the hack. The latter immediately issued a press release pointing out that a security patch had been available since March.
- Speaking of March, it turns out that there was an initial data breach at Equifax that occurred in that same month.
- While currently being treated separately, it could possibly be the initial ingress into Equifax, well before the July data breach that was initially proclaimed.
- Equifax revealed that up to 400,000 in England had been affected by the breach.
- As well as 10,000 in Canada.
- And let’s not forget the 143 million in the USA.
- The site Equifax set up to reveal whether a person was affected by the data breach gave inaccurate answers.
- That site was set up outside of the main Equifax.com site. As certain security researchers noted, it made for easy phishing. One proved it by setting up a fake site, which ended up being passed via Twitter by whoever was managing Equifax’s Twitter account.
- Equifax tried to charge consumers for freezing their credit reports – and then announced that they wouldn’t.
Some of the reactions to the data breach are not unexpected, and yet surprising – like the lawsuits. It was expected, but thirty of them filed in less than a week? Wow.
Other outcomes, such as charging people for freezing their credit reports, are mind-blowing. It’s like no one thought to consult the PR department because… at this point, what’s the use?
The stock market seems to think that the other shoe has fallen. At the beginning of this week, Equifax’s stock price stopped its losses and ever so slowly begun to rise, although some say that it’s nothing but a dead cat bounce, either because the market hasn’t effectively priced everything in or because there’s more bad news on the horizon.
Based on the last couple of weeks, it wouldn’t be foolhardy to wait and see what other surprises spring up.
Related Articles and Sites: