Repercussions from Equifax’s data breach in the summer of 2017 still affect people today. Equifax, as their website states, is a global information solutions company that uses trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions.
The company, being one of the largest credit bureaus in North America, serves millions of people. The breach which occurred between May or June of 2017 affected close to 148 million customers.
Equifax claims the information accessed in the breach includes names, social security numbers, birth dates, and driver’s license numbers. Sen. Elizabeth Warren (D-Mass.) in a federal probe investigation stated that passport information also was included in the information accessed, however Equifax refutes this claim.
Equifax states they found out about the breach in July of 2017, yet they did not report the incident to the public until September 2017. Their first public announcement on their official website claimed that 143 million customers were affected.
Following the official announcements, Equifax created a website, www.equifaxsecurity2017.com, for affected customers and posted Tweets stating that there are resources for people affected. However, Equifax repeatedly Tweeted the wrong website address causing many people to insert information into insecure sites.
A month later Equifax released another statement saying another 2.5 million customers were affected. In early March of 2018, Equifax again released a statement saying another 2.4 million people were affected.
Shortly after the initial announcements, the executives of security as well as the CEO of Equifax retired or stepped down.
The investigation into the data breach and whether the company had proper preventative measures to protect customers information is ongoing.
The data breach is one of the largest in history. Customers, investigators, and the public ask questions regarding Equifax’s security protocol and their commitment to protecting their customers information.
What are the limits that companies need to go in which to protect their customers information? Should companies be held legally or morally responsible for information of customers that was lost in a security breach or hack? Did Equifax handle publicizing the security breach to their customers and the public well?
[Sources: CNN, Forbes, The Washington Post, TheSlate.com, Equifax]