Equifax Hack Turns Out to Be Much Bigger and Scarier

Yes, we are still talking about that humongous Equifax data breach, and, according to the latest news, it is even bigger and scarier than originally reported. We first learned about the incident back in September 2017 – two months after the actual incident – and now new data has revealed that the data breach affected Equifax users on a much larger scale. The breach occurred due to an Apache Struts vulnerability (CVE-2017-5638), and the company informed about a massive data leak via Twitter on September 7th. Although according to the original report, 143 million customers were affected by the breach, it is now known that this number has risen to 145.5 million. This was, reportedly, the biggest data breach to affect the credit reporting system. Soon after the initial report about the breach, the company set up a website to help victims, and it was revealed that necessary security patches were applied. Despite that, it appears that the company downplayed the severity of the incident.

As revealed by the Wall Street Journal, more personal details were exposed to hackers during the Equifax data breach. This conclusion was made after reviewing the data submitted to the Senate Banking Committee. According to the information presented by Equifax via its security website, the data that was leaked during the breach included “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers […] credit card numbers.” According to the newly revealed information, “tax identification numbers, email addresses and drivers’ license information” were exposed as well. Although some might think that the company was hiding crucial information from its customers, the company’s representatives claim that this newly revealed data changes nothing, and that everyone is fully protected. Of course, all Equifax customers who have a U.S. Social Security Number much check whether or not their personal data was jeopardized via equifaxsecurity2017.com. The website also offers steps that are meant to help all victims.

When Equifax Inc. first reported the data breach, the company’s shares dropped by 35% within a week, and while the confidence in the company was growing slowly but surely, the shares dropped again by 4.5% when new information about the incident emerged. Clearly, the trust has been lost. Of course, if the company starts communicating with the community, legislators, and investigators in a transparent manner, there is no reason why trust should not be restored. Unfortunately, Senator Elizabeth Warren has stated that the company is not cooperating well, and that the information it offers is “confusing and contradictory.” Congresswoman Kyrsten Sinema has also expressed her thoughts saying that the Consumer Financial Protection Bureau has not done its job either. The latest information also indicates that the company could get out of the situation without any repercussion at all, as it was recently reported that Trump Administration is trying to kill the investigation altogether.

Equifax applied security patches and created a service called “Lock & Alert,” which is meant to help customers control their own credit reports. The customer using this service, allegedly, can lock and unlock their credit reports whenever they want it. Some say, however, that this service is not as good as the credit freeze, and so those interested should weigh all pros and cons carefully. Another thing customers are advised to do is activate a two-factor authentication system to ensure that personal accounts are harder to breach.

References:

Andriotis, A. February 9, 2018. Equifax Hack Might Be Worse Than You Think. The Wall Street Journal.
Blanco, O. February 8, 2018. Equifax Data Breach Was Bigger Than Previously Reported. Consumer Reports.
Ducey, J. February 16, 2018. Let Joe Know: Is anyone investigating Equifax?. ABC15.
Equifax. October 2, 2017. General FAQs. Equifax.
Thomson, I. February 13, 2018. Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc. The Register.