Equifax data breach: 143 million records exposed but senior executives not told immediately?

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers –  a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Hackers gained access via a website application vulnerability to information including names, Social Security numbers, birthdates, addresses, drivers licence numbers, credit card numbers and dispute documents with personal identifying information.

The risk to consumers in having this information exposed is huge: it is the key to unlock medical histories, bank accounts and employee accounts. Armed with personal data, identity thieves can impersonate people with lenders, creditors and service providers, who rely on personal information to make financial decisions regarding potential customers.

Incredibly, the breach lasted for almost 2 months before it was discovered in late July. It’s also not the first time Equifax’s vulnerabilities have been exploited. Last year, hackers siphoned employee tax and salary data from an Equifax website. Earlier this year, hackers again stole employee tax data from an Equifax subsidiary TALX.

Equifax has created a website, www.equifaxsecurity2017.com, to help consumers determine whether their data is at risk. However consumers have reported difficulties contacting Equifax as well as the other main credit reporting agencies, Experian and TransUnion, having suffered website crashes, being placed on hold and being forced to use snail mail to freeze their accounts. Equifax has also been criticized for charging fees to freeze consumers’ credit files.

Meanwhile three of Equifax’s senior executives, including the company’s Chief Financial Officer John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered, but before the breach was announced to the public. New York-listed shares of Equifax fell 14 per cent on Friday to $US123.23. Apparently they didn’t know about the breach, meaning that it wasn’t worthwhile to notify these senior executives of a massive data breach.

Even though the severity of the data breach cannot be understated, it’s unlikely that Equifax will be shut down. It is too central to the US financial system as one of the three major credit reporting agencies. In a Big Data world, consumers are unlikely to be able to stop banks relaying their data to credit agencies.

Read more about the Equifax breach here, here and here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.