After what is actually latest in a long series of data breaches at the company, credit reporting firm Equifax said that it will do a better job of protecting the personal and financial data of millions of consumers in the U.S. and abroad.
Equifax made this promise in a Sept. 7 announcement about the July 29 data breach that exposed the data of 143 million consumers in the US.
So far Equifax hasn’t provided much information about the breach beyond saying it’s due to an application vulnerability. However, even that tiny bit of information, coupled with the company’s reported history of lax security and an apparent failure to apply patches and updates in a timely manner tells a troubling story.
Adding to the seeming lack of concern for critical personal data that is entrusted to Equifax comes word that before the breach was announced in September, three senior executives reportedly took advantage of their knowledge of the breach by selling massive amounts of the company stock.
Equifax's apparent failure in its duty protect customer data by keeping its computer systems secure has already resulted in multiple legal actions and at least one class lawsuit. That, along with the behavior of its executives suggests that company leadership was looking out for its own interests rather than the interests of customers or consumers.
The July data breach is hardly the first one reported by the company. In fact, it’s not even the first one in 2017. A number of security researchers have found repeated vulnerabilities on Equifax sites, some of which used software that was over a decade old.
In another case, Equifax was sued by employees of national retailing chain Kroger after the company lost control of nearly a half-million names, addresses and social security numbers. In that case, Equifax was ordered by the court in that case to fix its security vulnerabilities, but apparently failed to do so.
Fortunately for businesses, Equifax only lost control of consumer information. The company doesn’t track business credit histories. Another company, Dun and Bradstreet, handles business credit records. But the Equifax breach will still affect you.
The most obvious impact will come when you extend credit to customers. After such a large breach, it’s possible that anyone you do business with could be an imposter using stolen credit credentials. This won’t affect you if you’re dealing with a credit card transaction, but it could if you extend credit for some other reason. At least for large purchases, such as a vehicle, you will need to consider additional methods of confirming the identity for those customers.
In addition, you will have to find ways to confirm the identity of people when you’re using their credit for other reasons such as employment. Those ways could include taking a look at the customer’s other identification such as a government ID or a passport. The extra step may be annoying and time consuming, but it will be necessary to protect your business.
The first step for consumers is to check the special Equifax web page to check if their personal information was exposed in the breach. If so they will have to watch their personal credit ratings to make sure that criminals aren't creating fraudulent credit accounts with their stolen identities.