ClusterFax! Equifax Gets Hacked


By: R. Scott Raynovich

Watch out -- you may have been Equifaxed. And information security specialists are going to have a lot of explaining to do.

Equifax, one of the largest credit reporting agencies, is under siege after it revealed a data breach has put the information for as many as 143 million people at risk. The company has records on more than 820 million consumers and more than 91 million businesses worldwide, according to its website.

Equifax holds sensitive records including social security numbers, credit-card information, and drivers license numbers. The company reported that the cyberattack that resulted in the data breach occurred sometime between the middle of May 2017 and July 29. The company said that credit card numbers for about 209,000 people were exposed, as was "personal identifying information" on roughly 182,000 customers involved in credit report disputes.

This is the latest in a series of high-profile embarrassments for large organizations that have been unable to secure customer data. Last year Yahoo revealed that as many as a billion records had been hacked over a number of years. The 2013 hack of Target point of sale (PoS) systems that compromised as many as 40 million credit-card records remains a key case study in security lapses. Major cyberattacks have also breached data at the Democratic National Committee, the Internal Revenue Service, and British healthcare systems, among many others.

In morning trading, Equifax shares plunged 14 percent, falling $21.06 to $121.99, on the news that broke Thursday night. It's also expected to be hit with a barrage of lawsuits. Data beaches on this scale have typically cost companies between tens of millions and hundreds of millions of dollars.

For the security industry, it's another black eye. As Futuriom research has shown, many organizations have disorganized and ill-equipped approaches to data security. Even when security tools such as intrusion detection systems (IDS), firewalls, and endpoint protection are put in place, history has shown that many organizations have poor track records of integrating the technology and implementing systems for quick or automated responses when breaches are detected.

The blowback for Equifax will continue for months as the damage is assessed. Cybersecurity professionals are already criticizing Equifax for the lack of sophisticated security practices, according to the New York Times.

According to Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group quoted in the New York Times:

"This is about as bad as it gets. If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent."

It didn't help that Equifax executives sold millions of dollars in stock after the hack occurred but before it was revealed to the public. The company says that these executives did not know about the hack at the time of the sales.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," Chief Executive Officer Richard Smith said.

As a consumer, it can be hard to tell whether or not your information is being held by Equifax, as it references many credit-card agencies and banking systems. The company suggests that customers check their information security with a credit reporting service, and it is offering a one-year subscription through TrustedID Premier, according to CNN.