I was disappointed in Equifax’s handling of what is one of the top 3 data breaches of all time after Yahoo and Sony. A few things concern me about this breach, as it should you.
First, the breach itself grew from an initial estimate of 50 million records, to what is believed to be 143 million records. As a credit agency that is focused on our financial security, this means it has detailed information on most of us – our names, social security numbers, home addresses, dates of birth, and in some instances our driver license numbers. This is a recipe for disaster for potential identity theft victims.
A second concern is the speed in which this breach was disclosed to the public. Initially uncovered in late July, it took over a month to announce this. And, there’s the suspicious sell off of Equifax stock by three executives just days after the breach was discovered, totaling almost $2 million.
My third and last concern is the fact that Equifax seems to continue bungling the response to this data breach. I tried going to the Equifax web site to see if I was impacted. There’s a big button on the home page leading you to their site where you can find out whether you’re impacted.
However, clicking on the link this morning, I see this connection warning in my Chrome browser. Apparently they didn’t bother to get an SSL certificate to protect their web site. Millions of people may be going to this site to find out the status of their information, and they couldn’t invest a few hundred dollars to secure the web site. That’s the straw that broke this camel’s back.
So, what can you do now? The FTC web site has a list of options. I like the idea of placing a credit freeze on your files which means someone with your information can’t open a new account under your name. Of course, you should add credit monitoring to your credit card and banking accounts, and look through your accounts for any suspicious activity.
The full list is here: