It would be wise for these consumers and perhaps anyone who has had dealings with Equifax to contact all major credit-monitoring services to ask that they watch for attempts to create new credit accounts—especially in locations far distant from their current residences.
Something that should be equally obvious is that businesses need to diligently apply patches and updates to operating system software and applications, especially public-facing web applications. Failure to do so in an environment where the business is responsible for protecting sensitive information is an invitation to be breached. There’s simply no reason to skip such a step.
There was a time when software patches were uncertain and updates were sometimes unreliable, but those days are long gone. Now, the need to wait until you’re certain that an update won’t break critical applications is unnecessary in most cases. In those cases where it is, it’s time to start paying for updates for those applications or find a new solution.
The reason is that the price for failure to update is so high it can cost you your company, or at the very least it can cost millions of dollars in lawsuits and more millions in reduced valuation. Failure to implement timely updates should be something that your board will demand accountability for. But worse than that, it will be something that your customers will demand to hold you accountable for.
Equifax has already sustained a sharp drop in its stock valuation and it's possible that at least three of its executives will face charges for violating securities regulations for selling stock before the company publicly disclosed the breach. The company is also going to have to provide free credit monitoring for everyone in the United States.
Worse, Equifax already has one class-action suit that’s been filed in Oregon, more are certain to be filed and the company stands to lose millions. Adding to the problems that Equifax is facing is the company’s poor record of managing its own security. A series of breaches stretching back years demonstrates that the company does not take security seriously. Furthermore the actions of some of its executives will lend credence to the belief that all that really to Equifax management is personal enrichment.
Considering that Equifax has presented itself as a trusted service for private consumer data only makes it worse. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Equifax CEO Richard F. Smith in the breach announcement. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations,” he stated in the announcement.
“I've told our entire team that our goal can't be simply to fix the problem and move on,” Smith said. “Confronting cyber-security risks is a daily fight. While we've made significant investments in data security, we recognize we must do more. And we will.”
This is a positive sign, but in reality, considering the series of breaches that Equifax has experienced over the year, one must ask why didn't Equifax take the danger of cyber-attacks seriously before the personal information of 143 million people was breached?