Equifax breach in­cluded info on driver’s li­censes

Chattanooga Times Free Press - - FRONT PAGE - BY MICHAEL E. KANELL

ATLANTA — No wait, it gets worse for Equifax: The mas­sive data breach an­nounced last month by the com­pany ap­par­ently in­cluded driver’s li­cense data for nearly 11 mil­lion Amer­i­cans.

The in­for­ma­tion, which could make it eas­ier to com­mit iden­tity theft and other fraud, was part of the breach first an­nounced Sept. 7, ac­cord­ing to the Wall Street Jour­nal, which quoted “peo­ple fa­mil­iar with the mat­ter.”

That breach, which Equifax even­tu­ally said in­volved in­for­ma­tion about 145 mil­lion peo­ple, has put the Atlanta-based com­pany in

the na­tional spot­light and in the crosshairs of con­sumer anger.

News about the driver’s li­censes will add to the taint on the firm’s rep­u­ta­tion.

“This adds to the sit­u­a­tion even if it doesn’t change the scope of the prob­lem,” said Kevin Crow­ley, ad­junct pro­fes­sor of fi­nance at Emory Uni­ver­sity’s Goizueta School of Busi­ness. “In­cre­men­tally, the sit­u­a­tion just keeps get­ting worse.”

The com­pany had pre­vi­ously said the theft had in­volved driver’s li­cense in­for­ma­tion, but did not say how many. Since then, Equifax has pri­vately told its cor­po­rate clients — mainly fi­nan­cial in­sti­tu­tions — that data for 10.9 mil­lion li­censes were taken, the Jour­nal re­ported.

Per­sonal and fi­nan­cial in­for­ma­tion is valu­able — to both le­git­i­mate firms and crooks alike. The pro­tec­tions used by com­pa­nies are sim­ply in­ad­e­quate, Crow­ley said. “It’s an arms race be­tween se­cu­rity and hack­ers and we are los­ing the war.”

Equifax has man­aged the news as badly as it man­aged its data pro­tec­tion, wrote se­cu­rity ex­pert Brian Krebs on his blog.

Con­sumers were, for a time, di­rected to a phony web­site. Sev­eral top ex­ec­u­tives left the com­pany in the days af­ter the breach was an­nounced, in­clud­ing two who had sold stock in Au­gust, af­ter the breach had been dis­cov­ered but be­fore it was made pub­lic.

CEO Richard Smith also re­tired, but then tes­ti­fied be­fore Congress, sit­ting through a bi­par­ti­san con­dem­na­tion.

This week, Equifax an­nounced that the breach in­cluded data on 15.2 mil­lion peo­ple in Bri­tain, then stum­bled with an at­tempt to help con­sumers deal with their con­cerns, ac­cord­ing to Krebs.

“It’s fairly ter­ri­fy­ing when you re­al­ize that a com­pany, which can’t even is­sue a press re­lease with­out man­ag­ing to omit the most im­por­tant piece of in­for­ma­tion in it, wields so much power over con­sumers,” Krebs wrote. “I’ve been spend­ing quite a bit of time look­ing at Equifax’s var­i­ous web prop­er­ties … and I have to say it gets scarier the more I look.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.