Equifax cybersecurity breach leaves 143 million Americans at risk of identity theft


Equifax Featured Image

Equifax, one of three major credit bureaus in the United States, announced a cyber-security breach that affected approximately 143 million consumers September 7. The hack occurred from mid-May through July and primarily compromised names, Social Security numbers, birth dates, addresses, and driver’s license numbers, according to investor.equifax.com.

Courtesy of align.com.

Equifax, Experian, and TransUnion are the largest credit monitors in the United States, and most consumers store credit information at all three agencies. A credit reporting agency is a company that monitors and catalogs an individual’s entire financial history and then uses that information to create a credit report, according to consumerfinance.gov. For example, a credit bureau contains all of an individual’s information regarding previous credit cards, any paid or outstanding loans, and bankruptcies.
Many consumers and major news organizations have lashed out at Equifax for waiting six weeks between when the company discovered the hack July 29 and when it released information about the leak September 7. Consumers are concerned because the information that the leak revealed, such as Social Security numbers, is very sensitive and could lead to a large increase of identity theft, according to wsj.com.
Further, many consumers are frustrated over the minimal aid Equifax is providing to those who suffered from the hack.
Equifax stock price plummeted after the September 7 announcement. Courtesy of finance.google.com.

In a prepared testimony, former Equifax CEO Mr. Richard Smith apologized for the leak and said Equifax was susceptible to the hack in the first place due to the company’s misunderstanding of the frequency and severity of cybersecurity breaches, especially as hackers learn more techniques that allow them to bypass even the most encrypted firewalls, according to pbs.org.
“Companies are vulnerable if they think that they could not be hacked,” Sacred Heart Greenwich Director of Educational Technology and Upper School Computer Teacher, Co-Director of SophieConnect, Mr. Karl Haeseler said. “As a general rule, cybersecurity administrators should always assume that their servers are vulnerable to attackers and never stop improving their current level of security.”
Courtesy of movingfc.com.

Immediately following their September 7 announcement, Equifax set up a website, equifaxsecurity2017.com, where consumers can see if the hackers stole their information. However, a third-party Software Engineer Mr. Nick Sweeting created a fake site of a similar name because he saw the flawed way in which Equifax approached customer service and wanted to illustrate that the company’s continued negligence and lack of cyber security awareness could easily put individuals at risk, according to npr.org.
In fact, Sweeting’s fake web address was so convincing, in many responses to news outlets and complaint messages, Equifax spokespeople accidentally linked concerned consumers to his page rather than the official website.
Not only is this cybersecurity breach a current problem, but the release of sensitive information such as Social Security numbers, which an individual cannot change, will be a long-lasting issue for almost half of American adults, according to nbcnews.com
It will be up to the victims of this breach to stay vigilant about their weakened financial security, as Equifax refuses to further support its customers. Rather, Equifax is exploiting legalities to waive their consumers’ right to sue, due to the company’s negligence and failure to notify the public earlier, according to npr.org.
Currently, the best way for victims to protect their information is to freeze their credit report. A credit freeze, also known as a security freeze, protects an individual’s credit by restricting access to his or her credit report which in turn prevents people from establishing new accounts or making transactions in his or her name, according to consumer.ftc.gov. However, this is not an ideal solution because security freezes often cost time and money to temporarily disable or totally disband.
“A credit freeze reduces the occurrence of ID fraud by 95% because credit issuing companies can no longer access your credit score without your permission,” Mr. Haeseler said. “The downside to a credit freeze is the hassle and inconvenience of locking and unlocking your credit file constantly, in addition to the fees you have to pay each time.”
-Daisy Steinthal, Photo Editor and Features Editor