Equifax's Data Breach: Here's What You Should Be Doing Right Now
The Equifax debacle is one of the worst possible breaches of our personal information in the history of breaches. The personal information of nearly every adult in the U.S. was leaked to cyber criminals. The information includes names, addresses, Social Security numbers, driver’s license numbers, birthdays, credit card numbers and more — just what the criminals need to make millions.
What’s so despicable about this is how this credit agency, one of three that we are forced to provide this information to if we want to get credit, failed to protect the data. It’s not as if they didn’t have warnings. This is the third time that their computers were hacked over the past two years. You wonder who's managing their security.
But it gets worse. When they discovered that there was a theft of all their data, they waited six weeks before informing anyone. That’s a long time and it allowed the thieves to take their data, package it, and go to the underground web and sell it. And if you can believe it, the story gets even worse. Three of their executives sold stock during the time between the theft and the announcement. The company claims the three, including their chief financial officer, were unaware of the breach of data. That’s astounding since the CFO's job requires him to know of any activity associated with the company that affects its financial conditions. Expect to see a well-deserved investigation and perhaps insider trading charges filed.
Because there are no government penalties when companies entrusted with our data do something like this, we are dependent on the integrity and capabilities of the companies. But there’s no way to know whom they entrust their security to and how good a job they do. Clearly, not so good in this case. We need some way for us to be assured that our personal information will be protected.
So what should you do now? First, I would do nothing that involves Equifax. They offer a free year of credit monitoring, a product they’ve offered for years, but because it’s an Equifax product I’d be suspicious. And when you apply, you waive rights for a class-action lawsuit. That was thought to include this incident, but the company says that's not the case.
Equifax let weeks pass between the breach and the announcement, and now the website they are sending us to is broken. It’s an unprotected site, revealing confidential code. Security researcher Martin Hall told ZDNet that the site Equifax is directing people to in order set up credit alerts "can be easily spoofed."
In addition, the instructions on what to do next are incomplete. While they say they're sending us there to get the free protection, in reality, they schedule a future date for us to return and say they will not remind us about it.