Equifax data loss; MoviePass price drop; Lenovo fined; Juicero gone.
Over half the adult population has personal data stolen
ON JULY 29, credit monitoring company Equifax discovered that over the previous weeks it had been hacked, and a huge amount of personal data had been stolen. This included full names and addresses, birth dates, social security numbers, driver’s license numbers, and even credit card numbers. It is the biggest security breach since Yahoo in 2014. It’s not just the sheer volume of data stolen, it’s the quality. Equifax is used by financial institutions to check identities and credit worthiness of potential customers. The stolen data is ideal for credit fraud and identity theft.
Why are you reading this now? Because Equifax didn’t say anything for more than five weeks. Once it had confessed, a website and hotline were set up for worried customers. Given the numbers involved, the hotline was quickly swamped (2,000 agents don’t go far when you potentially have 143 million callers), and even if you did get through, it merely pointed you toward the website, as the agents had no access to Equifax accounts. The website suggests you sign up for a free year’s worth of its credit-monitoring service (hardly tactful, especially as initially the terms and conditions mean you can’t participate in a class-action suit against Equifax if you take the offer). The site also proved unhelpful for many, reporting that their data “may” have been lost. It doesn’t help that most people don’t know if Equifax has their data in the first place.
Upon the announcement, Equifax stock took a 13 percent tumble. It also emerged that three of its top executives had sold shares, $1.8m worth in all, between the breach and before the public announcement. This is, at best, poor timing. At worst, it looks illegal. The company claims that the executives had “no knowledge that an intrusion had occurred at the time they sold their shares.”
Equifax has been weathering a storm of criticism. When such important personal data is lost, you need to know, and know at once. Waiting five weeks while worried executives brainstorm damage limitation scenarios is unacceptable. Identity theft can cause huge damage—having your credit rating destroyed is no joke, for a start.
Senator Mark Warner, vice chair of the Senate Intelligence Committee, called the data loss “profoundly troubling.” He has called for a rethink in data protection policies, so that there are “fewer incentives to collect large, centralized sets of highly sensitive data.” The House Financial Service Committee and the House Judiciary Committee have both said they will hold hearings on the breach. There will be lawsuits, of course—class actions in every state are in the pipeline, the first of which have been filed.
What has Equifax to say about all this? In a statement, its CEO, Richard Smith, said, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do.” He also said that the company was “conducting a thorough review of our overall security operations.” Bolt. Horse.
The breach also highlights what many security experts have been saying for some time now. Using personal data, such as your birthday and mother’s maiden name, are poor ways to validate identity. Such data is too easy to discover and is spread too widely.
Please don’t panic. Stealing data is one thing, an organized attempt to use it illegally is another. Keep an eye on your accounts, and monitor your credit rating if you’re worried. You will be forgiven if you eschew Equifax’s own service. As yet, we have no idea who stole the data, and there have been no reports of any of it being used maliciously. However, this is a big breach, and we’ll be hearing more: lawsuits and legislation, if nothing else.
Equifax CEO, Richard Smith, said, “This is clearly a disappointing event for our company, and one that strike sat the heart of who we are and what we do .”