Submitted by Micah Smith on Mon, 01/15/2018 - 12:34
The Equifax Storm
The Equifax Storm

Whilst everyone has been watching Hurricane Harvey take on Texas and Irma batter Florida, in the same way one might watch a train crash, other extremely important events have been playing out.

These events have aftershocks for the financial markets and ripple effects in practically every sphere of life. In short, there could be chaos at a biblical level on the way, very shortly, and our best minds need to start working fast on maximal damage control.

We blather on about different hacks, all the time, with their crushing potential to individuals, companies and national infrastructure. It's nothing new, yet, the Equifax nightmare has laid out the future in one colossal example, that will see future firings of many a CEO and the filing of many a lawsuit, if a pragmatic plan isn't brought together soon.

For anyone who has been obsessively following the Mother nature's storms or the threats from the Mad Hatter of North Korea and ignoring the Credit reporting world's largest nightmare ever - it's time to listen.

Equifax admitted that hackers have gained access to the private date of 143 million consumers. Not only that they did a horrific job trying to fix it, but that there doesn’t seem to be a plan to prevent future similar scenes.

Equifax, unfortunately isn’t a standard operating company. Equifax Inc. based right here in Atlanta, is one of the largest consumer credit reporting agencies in the United States, alongside Experian and TransUnion. It holds important information on over 800 million consumers and 88 million businesses globally.

The Cybersecurity breach which took place at the end of July 2017 gave hackers access to the private data all those consumers mentioned above and, just to add a little salt in the wounds, 200,000 credit card details.

Private data, can mean different things in different arenas, unfortunately we aren’t referring to simple passwords or email accounts. This data included Social Security numbers, birthdates, addresses and driver license numbers.

Details that can't and won't be changed. Citizens will not be issued new Social security numbers and good luck changing your date of birth, so, in real terms, there are 143 million consumers with personal details, vulnerable and a heart-beat away from being on the black market.

Apart from the billion-dollar Negligence lawsuit from Equifax customers, Equifax, who have had ample time to react, have fumbled the ball.

That's not to say that it was easy. Given a hack of this scale and of this nature, you could argue that the best approach would have been to immediately set a cyber team on the trail of the hackers, or to start thinking about new plans of how we can ask security questions (that don’t involve your date of birth for example). We may need to start having serious discussions about biometric logins and keystroke dynamics.

Equifax, didn’t approach the crisis in either of these ways. With time and opportunity to start pointing their best guys in the right direction, decisions were made that hurt their company, the credit industry and their clients.

Initially, some of their top guys sold off their shares, days after the breach, raising huge suspicions. Equifax is claiming that the officers weren’t aware of the hack, but frankly, the sales shouldn’t have happened. It's bad form and Equifax knew that.

The second major screw up was how they approached their clients. They provided an online tool to check if their data had been compromised. This required you giving over, wait for it, a part of your social security number to identify yourself. The irony is not wasted on me alone.

Even worse, the tool was poorly designed and the security certificates invalid, showing it up as a phishing site.  In addition to which, it wasn't on the Equifax site which raised huge red flags for plenty of customers. 

Furthermore, there are many suggestions that customers who had signed up to check if they had been exposed at TrustedID premier, had a term of services clause revoking the rights to participate in a class action against Equifax.

Apart from being a colossal PR disaster this has obviously sent Equifax stock plummeting.  We may feel slightly sorry for Equifax (only slightly) but more importantly, the picture is becoming clearer with each and every massive data hack.

We have put all our chips on the table when it comes to I.o.T.  We know that, it's too late to turn around but our safeguards are catching us at every single turn. There is a gnawing gap in the cyber world between the information we have to hand over and the effectiveness of how we can protect that same information.

If Equifax can teach us anything, it's how caution must become a part of the cyber landscape.