As has been widely reported, credit reporting and financial data power house Equifax announced early last that a data breach occurred. The breach affected a potential 143 million people, with credit, financial, and personal information stolen.
As an outside observer I have to say that the company’s response has been lackluster at best. They setup a website this week for people to find out they’re affected. I ran my info and it says that I am one of the people who the breach affected. They offered me their in-house identity protection service and insurance for free, but only for a year. When the website first launched they had a clause where by accepting the free offer you surrender your rights to sue. This decision was later reversed amidst pressure, but a serious fax pas none the less. Another problem with the monitoring service offer is that it is not immediately available. That’s right when you click to enroll you get a later date to come back to finish your enrollment. Again not a great look for Equifax. To have users data possibly floating around, but not having an immediate solution is rather aggravating.
The most serious offense, however, is the length of time it took them to disclose the breach to the public. The breach was discovered in July, and Equifax is just now notifying the public. I understand that things take time to investigate, and information may not have been immediately available. None the less, some form of notice should have been made to the public. It is all too common that when companies discover security incidents they keep it quiet, for a lengthy period of time. I repeat my earlier statement, it takes time to investigate these things. Regardless, it feels like these delays in reporting breaches are more about protecting the company, execs and shareholders, than about investigating.
The evidence to support this narrative is out there you just have to look at what has happened to Equifax since the announcement. Their stock (NYSE: EFX) has tumbled more than 20% since the announcement. In a recent development a Class-Action lawsuit has been filed against the company in San Diego District Court on Friday. The company is now the target of the scrutiny of the media and government officials from Attorneys General to Congress . One last piece of information to support this narrative. Allegations are being made that executives unloaded stock upon discovery of the breach.
I’m certain that Equifax will come out of this just fine. Government officials will huff and puff, but there will be little accountability. They may have to pay seemingly large amounts of money, in actuality it will be a small percentage of profits. The company that holds the records that can decide whether you get loans, employment or security clearances will get a pass on security. The message that needs to be sent, that data breaches are unacceptable, wont be. A show will be put on, but in the end nobody will actually be looking out for the consumer. We are on our own.
Find out if you’re affected, and take action!
If you have not yet taken action to see if you’re affected here is some things you can do.
- Logon to www.equifaxsecurity2017.com, and check if you’re affected
- Sign up for their credit monitoring program
- Review your bank accounts and credit reports regularly
- Consider if a credit freeze suits your purposes
Remember you have to be your own advocate when it comes to your privacy and your accounts. Nobody else will!