Consumer credit reporting agency, Equifax, has been subject to a hacking that may have led to vital information being stolen, including the following: Full names; Birth dates; Postal addresses; Social Security details; Driver’s Licence numbers.
Reuters reports that some 209,000 consumers’ credit card information may have been accessed.
This is a breach on a monumental scale, and legal action will no doubt follow the incident. This breach is all over the news, and has been deemed as “one of the largest data breaches” to have occurred.
Massive breach
There are reportedly victims in the U.K., U.S., and Canada. The data breach is believed to have occurred earlier this year on July 29th when hackers managed to access a system through a vulnerability in the company’s website application.
Public officials are demanding answers, and lawyers are lining up to represent victims of the breach. Equifax’s own CEO has even been called to testify over the matter as well.
Strength of Equifax’s cybersecurity criticised
Investigations into the hacking also looked into Equifax’s own cybersecurity and the strength of their internal system. For this, they were heavily criticised.
Forbes reporter Lee Mathews revealed that:
“Researchers at Wisconsin-based Hold Security discovered an Equifax web portal that was secured by just about the worst username and password combination possible: admin and admin… [this] is a failure on so many different levels.”
It doesn’t take a genius to recognise just how poor of a password this really is…
Equifax likely to suffer
When the hacking was publically disclosed, Equifax reportedly saw their shares drop by a whopping 35%.
The FBI are involved in the investigation; not only in terms of the data breach, but also for the selling of company shares prior to the breach being publicly disclosed. The Times newspaper reports that “three Equifax executives, including its chief financial officer, John W. Gamble Jr. sold $1.8 million in company shares.”
The three executives claim they weren’t informed of the data breach at the time of selling the shares, but many doubt this. I mean, that is one heck of a huge coincidence…
Did Equifax know about the breach in March?
Some allege that the company knew about the hacking back in March but chose not to disclose it publicly until almost five months later.
Equifax have denied this and maintain that there was a March breach that was entirely separate. The company instructed cybersecurity firm Mandiant to investigate the supposedly earlier breach: “The retention of Mandiant in March was unrelated to the July 29 cybersecurity incident. Equifax complied fully with all consumer notification requirements related to the March incident”, reads a statement from Equifax.
Bloomberg news does not believe authorities and the public will be so easily convinced by Equifax’s assertions that there are two separate breaches, unconnected to one another: “The revelation of a March breach will complicate the company’s efforts to explain a series of unusual stock sales by Equifax executives. If it’s shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading.”