Equifax, one of the three largest credit reporting agencies in the US, announced yesterday that they have been hacked. The leaked information includes full names, SSNs, birth dates, and addresses, among other data.
It’s not the biggest hack to date – that dubious honor goes to Yahoo, which claimed 1 billion users and 500 million users (that’s right; two data breaches involving over 100 million people each).
However, the Equifax data breach is more worrisome since it involves truly sensitive information. If Yahoo’s data conundrum gave the bad guys a phishing line, Equifax equipped them with a ordnance store full of dynamite.
Nearly Half the US Population Affected, Took 2 Months to Raise Alert
Per Equifax’s admission, approximately 143 million Americans were affected by this data breach. Taking into consideration that the US population is somewhere around 300 million people, it means that nearly 50% of the entire US has been touched by this latest hack.
And, when you consider that people are married, live together, etc, it wouldn’t be surprising to find that close to 100% of American households are affected.
Even more shocking: Equifax discovered the hack on July 29 (the hack itself was in May). It took them nearly a month to go public with the information. And while that’s probably within the legal boundaries, Equifax more than other companies, probably knows that going public with the admission sooner would have been better.
It is, after all, one of the go-to guys for other companies when they experience a data breach. One can only assume that Equifax knows all the ins and out of what to do when data breaches strike; they probably developed marketing and services around it. (Which brings up an interesting question: will Equifax, with a straight face, offer their own credit monitoring and identity protection services to 143 million people, “out of an abundance of caution,” as the industry saying goes?)
There are even reports that credit card numbers (for approximately 200,000 people) were also stolen in the hack. Which is weird because you’re not supposed to be storing such data, at least not without encryption.
Stock Down 12% After Hours, Insider Trading Accusations
The news didn’t go well. Aside from all the major (and minor) news networks reporting on this latest data incidence, people with access to after hours stock trading managed to push the price down by 12% (and today’s pre-market is pushing it further down).
This probably wasn’t helped by reports that three executives sold $1.8 million worth of shares shortly after the data breach was discovered. It could very well have been “innocent” (the sales were not pre-scheduled) but such news incentivizes outsiders to start dumping shares now, ask questions later.
All in all, these are not the actions of an organization prepared to meet head-on the demands of a data contingency plan.
Which is surprising.
Equifax and other similar companies know they are hacking targets for the digital data that they possess. They are the mother lode, so to speak. One would have expected them to plan accordingly, but if you look at tweets and whatnot, it’s beginning to look like they were caught with their pants down in every aspect.
For example, someone managed to reach Equifax’s help, and the person on the end of the line admitted being hired outside help and not having access to a database for checking whether the caller was affected or not by the data breach. More than one month into discovering the data breach.
The Silver Lining
Can any good come out of this? When you consider that half of the US is affected, you just know that government officials are going to be swept up in this. Perhaps enough P.O.’ed congresspeople will lead to something (finally).
But, if the past is the guide to the future, you’re best off betting that remarkably little will change.
Related Articles and Sites: