Blog3 - Lessons learned from the Equifax security breach

September 2017 saw one of the largest credit reporting agencies in the United States, Equifax, admit that they suffered a security breach, which went unnoticed for almost three months. During this period, over 143 million accounts had been violated, with hackers stealing identifiable information such as social security numbers and dates of birth. This kind of data breach is particularly damaging because the information stolen can be used for identity theft and other crimes.

When personal data is in the hands of the people that it actually affects, the consumers themselves, there is a lot that can be done to protect it and most people are actually very good at keeping private details, well, private. When it comes to service providers, we trust them to have the same level of diligence. Trouble with that is, hackers are unlikely to attack individuals when they know that service providers have a veritable treasure trove of data that is infinitely more valuable, meaning that they are far more likely to come under sustained attack.

Of course, none of that exonerates Equifax and nor should it. Companies of that size have not only have the means to implement the latest and greatest security measures, but they also have a legal and moral obligation to do exactly that and more.

I’m not talking and you can’t make me

What makes the matter even worse is the fact that Equifax is keeping schtum and not even attempting to communicate with its own customers with regards to the data breach. Whether or not you lay the blame squarely at the feet of the company, its lack of communication is simply unforgivable.

The whole affair highlights just how little control consumers have over their own data, and indeed their money, although not all companies are built in quite the same way as our reviews of best credit monitoring services of 2017 shows, some companies are just better at this than others and can actually be trusted – even in the wake of the Equifax debacle.

img1 - Lessons learned from the Equifax security breach

There is just no excuse for not addressing customer’s concern, especially when the situation is so bad that those same customers face the very real possibility of becoming victims of identity theft and all of the repercussions that come with that including, but in no way limited to:

  • Credit card fraud
  • Social Security Number Misuse
  • Passport fraud
  • Driver’s license number misuse
  • Change of address

Any one of these can have very serious consequences for the victim, so when the company that just had your sensitive information stolen is effectively refusing to communicate with their customers, those same customers have every right to be angry. It remains to be seen how this will affect Equifax in the future, but have no doubt their reputation has been very badly damaged, and it’s largely their own fault.

Effective communications systems seem to have been forgone too, although to be fair how is a single entity supposed to manage 143 million phone calls from customers all wanting to know the same thing? That being said, according to an Equifax chief executive ‘only’ around 15 million people tried to access the company website, in the wake of the attack.

Hacks highlight an uncomfortable truth

The security of our information is increasingly being placed in the hands of large corporations and we have no say in how it is used, stored or protected. Trust is a valuable commodity and it takes time to build it to the point where nobody questions it, or at least feel comfortable placing that trust in one company over another.

As consumers we have little choice but to place our trust in these corporations, but we do have the power of choice still and there are plenty of other fish in the sea. More trustworthy fish, as featured and reviewed elsewhere on AAACreditGuide.

There are steps that can be taken, as a consumer, in the event of something like this ever happening again and while it may already be too late for the customers of Equifax, it is worth noting for the future that you can protect yourself if you act quickly. Of course, the ability to react is wholly dependant on the company being forthcoming in the first place, which Equifax failed to do – the hack was reportedly discovered late July, but the company waited until September to say anything at all. It was a wait of a little over a week; plenty of time for the stolen data to be used and too late for customers to do anything about it.

If there is one lesson that companies need to learn from this mess, it’s that they need alert customers immediately so that appropriate measures can be taken, instead of waiting nearly two weeks.

hack - Lessons learned from the Equifax security breach

Protecting yourself in the event of data theft

There is one thing that customers can do, immediately, to stop anyone from using their details, in credit fraud at least.

Placing a freeze on your credit lines prevents anybody, even you until you authorise the agency or agencies to ‘unfreeze’ them, using your information to open new accounts anywhere and opening new lines of credit. Credit fraud is the major goal behind identity theft, so protecting yourself in this way, the very moment you know your details may have been compromised, is going to save you from some incredible headaches later on down the line.

Credit freeze is seen as something of a ‘nuclear’ option, akin to dropping a truck on an ant, but when it comes to protecting yourself against identity theft, until measures can be taken by the various agencies to protect or change details, then it is worth it.

It’s also worth remembering that no company can protect itself from a determined, skilled attack – not even government agencies are immune, which has been proven time and again. The way the company responds however, means everything. The customer must always take priority over the company trying to save itself from embarrassment. Something that Equifax has learned the hard way.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *