An investigation is currently underway after the giant credit reporting company Equifax announced on 7th September that it had been hacked
Around 143 million people in the US (almost half of the population) are thought to be affected, as well as up to 44 million UK customers, many of whom may be unaware that their personal information is at risk because many UK companies use Equifax services.
The worrying thing about this, is that Equifax offer identity theft monitoring services and know all about protecting personal information. They have after all, written a whitepaper on this very subject. Interestingly, on page 7 of the article it states that “Almost three quarters (73%) of GB adults online think that companies should tell them that they have experienced a data breach and 63% would expect to be notified of a breach within hours. A further 21% would expect to hear on the same day”
So how long did it take Equifax to make the announcement? 40 days!
Inevitably, people who may be affected would like to know what they can do to protect themselves, but that’s a problem. Most of the information which has been compromised is thought to be peoples names, addresses, date of birth and US Social Security Numbers – all things which are not easily changed.
Equifax has set up an advice section on its website for those affected by the data breach and says it would provide free identity theft protection and credit file monitoring to all US customers. However, according online mag TechCrunch, the site’s terms of service state that by agreeing to use the service, those users are waiving their rights to take legal action against Equifax. Equifax have since responded, confirming that the waiver on the terms of service “does not apply to this cybersecurity incident”.
It has also emerged that three senior executives at Equifax sold shares worth a combined £1.3m days after the company discovered it had been hacked. However, Equifax told Bloomberg that the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares”. If that is true, then surely it raises more questions than it answers, such as “Why on earth were senior executives not informed about such a serious breach of security?” also the share sales were not listed in the companies scheduled trading plans, which suggests that they were unplanned.
It serves as another reminder that a data breach affects all types and sizes of organisations. If a company such as Equifax, which dedicates so much effort into its identity theft monitoring services has itself been hacked, that is a clear message for all businesses that no-one can afford to be complacent. It takes years of hard work to build a company’s reputation, but it can only take minutes for it to be damaged.
If you haven’t already registered, Integrity IT are holding an IT Security Event at Carlisle Race Course on Thursday 2nd November if you’re interested in learning more about how you can protect your business