Most of you have probably seen the recent headlines that the credit reporting agency Equifax had a massive breach earlier this year, that was made public in the past few weeks and reportedly affects at least 143 million people. We believe that Equifax has done an atrocious job of handling this enormous catastrophe, providing little and wish-washy messaging, contradicting itself and offering unimpressive resources for those affected.
And while this event may have negative consequences for many of us, there are lessons to be learned.
Here is a rundown of the missteps made so far by Equifax, as reported on CNN Money:
- Equifax waited six weeks before it announced its massive breach that compromised the data of 143 million Americans.
- Three Equifax executives sold shares days after the company found out about the hack.
- Equifax chose not to notify people who were affected; instead it set up a website.
- The website wasn’t ready for days. People who entered their information were told to come back later.
- Equifax offered free credit monitoring, but it initially required enrollees to waive their right to sue the company.
- It later backtracked, allowing people to sue — if they send Equifax written notice within 30 days. Equifax has not removed the opt-out language from its general terms of service, but later assured customers that it won’t be applied to use of the credit-monitoring service.
- A customer service representative tweeted “Happy Friday!” from the ‘Ask Equifax’ Twitter account last week.
- Freezing credit is the best way for victims to protect themselves, but Equifax charges for freezes and has not made it easier to accomplish. On Monday, Equifax said in a tweet that “in response to consumer feedback, Equifax will waive all Security Freeze fees for the next 30 days.”
- Equifax assigned easy-to-guess PINs to people who froze their credit.
- CEO Rick Smith stayed mum until a USA Today op-ed on Tuesday.
- Equifax has still failed to say how many people in the United Kingdom and Canada were affected.
You might read this list and shake your head, asking how a huge company with armies of resources might have struggled so much with steps that seem like common sense? The answer is simple, they didn’t have a clearly defined plan before it happened.
In situations like this, the variables are overwhelming:
- How do we know when we know enough to make this public?
- What customers do we tell?
- How do we handle PR, Legal, IT?
- Who will handle PR, Legal, IT?
These are tough questions, but there are some questions you can have answers for prior to the event:
- Decide who in your business will be first chair, second chair in an event.
- Decide what money you would be willing to spend? This doesn’t mean you have to spend it, nor does it mean that is all you might spend in the heat of battle, but it ensures that you have decided what you are prepared to part with.
- Buy an insurance policy. Consult a professional who has expertise in the data breaches and make sure you have a policy that appropriately covers your risk profile.
While we don’t believe the risks to any of our customers who were affected will spill over to their professional lives, there is the possibility that the information that was hacked could be used to infiltrate users personal accounts, which could in turn compromise work systems if passwords are shared. Please use the following link to verify if you may have been compromised. We encourage you to check the following link: https://www.equifaxsecurity2017.com/potential-impact/
If you find your name, please attempt to verify if the password you use for Equifax may be similar or identical to the password used for any other systems and change them immediately. Changing key passwords is a good precautionary measure any time you have concerns.
Looking for a technology solution to this problem? Upward has several different options that can make your work environment significantly safer from security threats. Contact us today!