Equifax sleeps while hackers attack
- September 21, 2017
- Posted by: Bishop Group
- Category: Blog
It probably began when humankind first organised itself into social groups. Someone had to be appointed to look out for anything that might endanger the group while it slept, or while the men were out hunting or just to make sure the fire kept burning at night. They were look-outs.
Now, in the so-called information age, we have Equifax, a company that appointed itself guardian of our financial reputations. They did so with the implicit consent of governments; implicit because Equifax began building its access to information—our information—before most regulators even existed. Equifax was founded in 1899 in Atlanta, Georgia.
But Equifax fell asleep at its post. It has blown the financial safety of up to 143 million Americans and possibly 400,000 people in the UK. A company that is paid more than 3 billion dollars a year to do one thing—securely store our financial and personal data—failed to do so.
Waiting too long
Sometime between mid-May and July, Equifax was hacked via a flaw in the computer software it used to build its web applications. The software provider noted the flaw and fixed it on 6 March, but Equifax, for reasons still unexplained, did not apply the fix until 30 July, at least three months after the hack.
As a result an untold number of people may have had their names, dates of birth, addresses, social security numbers and even credit card details stolen by people who will make every effort to use that information to steal as much money from their victims as possible.
When the event became known on 7 September—more than a month after people’s information was stolen—Equifax began a belated effort to help the victims. First it offered a “credit freeze,” which means it would not release credit information to anyone for whom you are not already a customer. That, of course, could prevent people from carrying out transactions with new legitimate businesses.
Checking the small print
Then it offered “credit monitoring,” whereby people could spot any suspicious activity on their own credit reports. Initially Equifax wanted to charge for the service, then said it would be free for a year. However, the offer stipulated that anyone accepting the free monitoring could not participate in any class action that might arise from the company’s failure to protect information. They have since back-tracked on that, but only because the small print came under public scrutiny.
To quote The New York Times columnist Ron Lieber: “We all get it now. These companies don’t think of us as customers. They think of us as products. They get lenders and others to send over our payment histories to them, aggregate it and resell the data elsewhere. And until recently, they answered to no one, more or less.”
That, at least, is going to change. The Equifax chief executive Richard Smith has been summoned to a U.S. Congressional hearing next month. On 15 September a suit was filed in California against Equifax seeking damages of $500,000. It will be the first of many. But whatever penalties Equifax may face, it begs the old question: who watches the watchers?