Equifax Breach

What Happened and What to Do About It
2017 Equifax Data Breach


     Equifax, one of the three largest consumer credit reporting agencies, announced on September 7, 2017, that they had previously been breached through a vulnerability on its website.

     This potentially affected a vast number of people in the US, UK, and Canada since they gather and maintain information on over 800 million consumers and more than 88 million businesses worldwide. Equifax announced that personal information of an estimated 140 million people had been exposed, including some in the UK and Canada. The company believes the hack occurred sometime between mid-May and the end of July and found out about the hack on July 29. However, it wasn’t until September 7 when they announced this publicly.

     Through exploiting the company’s website vulnerability, the hackers were able to acquire important personal information valuable in identity theft: names, social security numbers, birth dates, home addresses and some drivers’ license information. This was not all though, credit card numbers for around 200,000 consumers and certain dispute documents which also contained personal identifying information for approximately 180,000 were likely accessed by the hackers.

     The company and its efforts to aid victims and other reactive measures were not without controversy, however, since people have pointed out that the company took some time in notifying the public. There is even the possibility that Equifax’s executives committed insider trading by having sold stock a few days after the hack. This is because it is illegal to do so if they had known about the hack before the sales. One other controversial aspect of the company’s approach in the aftermath has been that of Equifax’s offering a complimentary ID-theft monitoring program for a year, TrustedID, in which there was originally a terms of service clause which has users waive their right to sue or join a class action lawsuit to receive the monitoring once they sign up. However, since this has gone public, Equifax has not only clarified that this clause does not apply to those affected by the hack and receiving the free year of credit monitoring for that reason but also has changed the terms of service to reflect that.

     Another part of Equifax’s poor response to the hack seems to be the tool that is being used by potential victims in discovering whether their personal information has been compromised, Equifax’s Hack Checker. CNET, a widely-known media website which focuses on technology and consumer electronics, had checked its validity with some tests the week after the event. For example, using made-up names and social security numbers and have come up with seemingly random answers. Sometimes the tool said that they had been affected, while other times it said that they hadn’t. Since this was announced, some reports attest to improvements made in the tool.

     Unfortunately, Equifax continued with its poor security policy when instead of using Equifax’s own domain, equifax.com, they hosted the tool on another domain, equifaxsecurity2017.com. This showed to be another instance of their lack of understanding in potential cyber threats since their choice of domain made it easy for people to fall victim to phishing sites which are fake sites with similar sounding domains set up to take advantage of visitors.

     Even worse, the company itself directed them to one of these sites on their Twitter. Fortunately, the site, securityequifax2017.com, was set up by Nick Sweeting, a software engineer, in order to educate the public rather than steal anyone’s information. So, while this wasn’t the case in this scenario, many people would have likely fallen victim to a phishing scam if it wasn’t a technology professional who got a hold of the domain but a person with bad intentions. The likelihood of the company causing any further damage could have been diminished if the company had only used its original site or at the very least also bought out any similar sounding domains which could then direct them to the correct site.

     This hack has brought the discussion of how companies manage our personal information in this new digital age back into the forefront as well as how companies have included arbitration clauses in their terms of service agreements to avoid being sued in court and forcing arbitration which can favor the companies rather than the consumers.

     Despite the change of tune in Equifax, a few experts have advised against any further interaction with Equifax as some still believe their security may be compromised while others believe that the data breach is so severe that one year of credit monitoring service will not help much since the data loss from the breach may affect people for much longer than one year, even for the rest of their lives.

     The best advice is to assume you have been affected and monitor your credit. One free and easy step is to sign up for Credit Karma’s free credit monitoring as well as put a fraud alert on your credit report which is free and is good for 90 days. However, it is recommended to freeze your credit with all three main credit bureaus. Although, this would cost approximately $20-30 for each bureau, including Equifax themselves.

Latest Stories

Young Designer Creates a Memorable Brand
Moreno Valley College
Posted: October 16, 2017
Mental Health Awareness
Moreno Valley Campus
Posted: October 16, 2017
Behind Motocross
Moreno Valley College
Posted: October 10, 2017
A Nation of Immigrants
Moreno Valley College
Posted: October 10, 2017
The Undocumented Experience at MVC
Moreno Valley College
Posted: October 10, 2017

Latest Poll

What's your favorite thing about Moreno Valley College's new Coffee Bar?:
Valley Vista News Logo