Equifax breach included info on driver’s licenses
ATLANTA — No wait, it gets worse for Equifax: The massive data breach announced last month by the company apparently included driver’s license data for nearly 11 million Americans.
The information, which could make it easier to commit identity theft and other fraud, was part of the breach first announced Sept. 7, according to the Wall Street Journal, which quoted “people familiar with the matter.”
That breach, which Equifax eventually said involved information about 145 million people, has put the Atlanta-based company in
the national spotlight and in the crosshairs of consumer anger.
News about the driver’s licenses will add to the taint on the firm’s reputation.
“This adds to the situation even if it doesn’t change the scope of the problem,” said Kevin Crowley, adjunct professor of finance at Emory University’s Goizueta School of Business. “Incrementally, the situation just keeps getting worse.”
The company had previously said the theft had involved driver’s license information, but did not say how many. Since then, Equifax has privately told its corporate clients — mainly financial institutions — that data for 10.9 million licenses were taken, the Journal reported.
Personal and financial information is valuable — to both legitimate firms and crooks alike. The protections used by companies are simply inadequate, Crowley said. “It’s an arms race between security and hackers and we are losing the war.”
Equifax has managed the news as badly as it managed its data protection, wrote security expert Brian Krebs on his blog.
Consumers were, for a time, directed to a phony website. Several top executives left the company in the days after the breach was announced, including two who had sold stock in August, after the breach had been discovered but before it was made public.
CEO Richard Smith also retired, but then testified before Congress, sitting through a bipartisan condemnation.
This week, Equifax announced that the breach included data on 15.2 million people in Britain, then stumbled with an attempt to help consumers deal with their concerns, according to Krebs.
“It’s fairly terrifying when you realize that a company, which can’t even issue a press release without managing to omit the most important piece of information in it, wields so much power over consumers,” Krebs wrote. “I’ve been spending quite a bit of time looking at Equifax’s various web properties … and I have to say it gets scarier the more I look.”