New Information Shows the Breach Worse than First Reported
How worried should you be about last year’s Equifax data breach?
That’s the warning for the more than 145 million Americans — nearly half the nation’s total consumers — whose personal data was compromised in what ranks among the largest and most significant cyber scourges in history.
In first responding to the highly publicized September 2017 breach, Equifax reported that the hacked information included (only) the following:
- Social Security numbers
- Dates of birth
- Driver’s license numbers
Now, according to The Wall Street Journal and other outlets, Equifax disclosed in a sealed document submitted to the Senate Banking Committee that the following data also was accessed:
- Credit card numbers
- Tax ID numbers
- Email addresses
- Driver’s license issue dates
- Driver’s license states
A Series of Investigations by Federal and State Officials
What’s extremely disturbing about the latest revelations is this: It took a series of investigations by federal and state officials – led by Congress – to bring the hack’s full impact to the light of day.
Three things to consider:
- The Equifax hack was far more invasive than previously reported
- Companies like Equifax keep records of far more personal information than most consumers realize
- If you’re among Equifax’s 145.5 million scammed consumers, cyber criminals now have far more access to your finances
A nearly $900 million company based in Atlanta and one of the national credit bureaus, Equifax is now scrambling on several fronts. Not only because its initial report glossed over the full extent of those adversely affected, but because of its slow response to users and lawmakers.
First, the company failed to adequately inform its users — many of whom had no idea the company was keeping such personalized data on them in the first place — that they were, indeed, very vulnerable.
Then, in the hack’s immediate aftermath, the company’s CEO, Richard Smith, resigned under pressure. A few months later, he was rebuked by Senate committee members for evasive non-responses to their questions.
Plus, in a side development fraught with political intrigue, the Consumer Financial Protection Bureau (CFPB), the federal agency created by the Dodd-Frank Act as a banking and credit watchdog, immediately halted its inquiry into the Equifax data breach following the change in leadership.
Maybe they hoped it would go away.
Heading the Office of Management and Budget
Equifax now offers its clients free credit “freezes” through June 30. Freezing your credit helps prevent new accounts from being opened in “your” name. But remember, if you actually do need a home loan, new credit card, or want to open a bank account, that temporary freeze will need to be lifted.
Not quite enough to erase the psychic and fiscal pain of millions of consumers like you and probably everybody you know.
Negligence by Equifax? Certainly.
Negligence on the part of the federal agency that’s supposed to protect millions of U.S. consumers from the dizzyingly inadequate cyber security of companies like Equifax?
If you would like to get started on a comprehensive cybersecurity plan to protect against hacks like the Equifax breach, ICE can be of value to your organization.
- CNNMoney, Feb. 9, 2018: “The Equifax hack could be worse than we thought”
- Wall Street Journal, Feb. 10, 2018: “Equifax hack might be worse than you think”
- CNBC, Feb. 10: “Driver’s license, credit card numbers: The Equifax hack is way worse than consumers knew”
- MSN, Feb. 12: “The Equifax Hack Gets Scarier: Here’s What You Must Do Now”
- ZDNet, Feb. 12: “Equifax says more private data was stolen in 2017 breach than first revealed”
Be in the know.
Get industry insights on cybersecurity delivered right to your inbox.