Published By Janet Gershen-Siegel at April 3, 2018
If you’re still wondering what the Equifax data breach means to you, read on! We round up the news that matters the most to you about the continuing problems with Equifax.
In the wake of the 2017 Equifax data breach, the company was shook up as if it had been hit by an earthquake. In particular, the president, Richard Smith, abruptly left the company. However, the Board of Directors took the rare step of saying they could retroactively reclassify Smith as having been fired for cause. Currently, Smith receives over $18 million in pension benefits and he holds $20.8 million in stock awards, plus $23.6 million in Equifax stock. A firing for cause would likely mean he would be forced to repay or forego some of that compensation.
If Smith is on the receiving end of a lawsuit and loses, then the Board may very well change its records and say they fired him for cause. Back on October 4, 2017, Smith testified in front of the Senate Banking Committee for about three hours. Questioning including whether the company had notified consumers of the breach so they could take proactive steps to prevent consumer credit damage, and how the credit bureau could (and should) have acted to prevent such a breach in the first place (reported by, among others, the New York Times).
And now, according to Fortune, Mark Begor was named the new president of the credit reporting agency in March of 2018. Begor’s new job officially starts on April 16. Prior to taking over the troubled CRA, Begor was the managing director at Warburg Pincus. And before that, he spent 35 years at General Electric.
Mr. Begor will undoubtedly also have to address press inquiries regarding the criminal and civil insider trading case against former senior executive Jun Ying (reported by, among others, Ars Technica). This case was brought by the Securities and Exchange Commission and the United States Attorney’s Office for the Northern District of Georgia. He (Mr. Begor) will most certainly also have to deal with O’Dell Properties, LLC, O’Dell & O’Neal, P.C., Jellie Donuts, LLC, et. al. v. Equifax, Inc. The O’Dell Properties matter is a class action alleging damages to several businesses due to last year’s data breach.
Whether more indictments will be handed down in the future is hard to say. Three other Equifax executives also seem to have protected themselves by selling shares with a combined value of $1.8 million on August 1 and 2, a mere few days after the July 29 discovery of the breach, per documents that were filed with securities regulators. However, the company claimed the executives did not know about the breach when they made their trades (Ying, on the other hand, was turned into the SEC by Equifax). These executives are the Chief Financial Officer John Gamble; and Joseph Loughran, Equifax’s president of United States information solutions; plus Rodolfo Ploder, Equifax’s president of workforce solutions.
Mr. Begor is probably not going to have an easy time of it.
And then there’s the technical side of things. Back on Thursday, September 7, 2017, the Associated Press reported the data breach at Equifax. A somewhat vague initial report gave way to more detail on Friday the eighth. Here are the details.
AP described the attack on Equifax as a “high-tech heist”. Some 143 million Americans’ data was a part of the breach. This exposed sensitive information such as Social Security numbers. The breach was evidently an exploit in a website application.
However, one of the more troubling issues about the breach is how tardy Equifax was in reporting it. Exposure meant the hackers had access to files between the middle of May and July of 2017. Apparently Equifax caught the breach on July the 29th but the company waited until September 7 to publicly announce it.
According to Ars Technica, the breach came through due to a software security patch not being installed. In fact, Equifax’s IT department had had the fix for two months before installing it.
Then the company stumbled while trying to help the people affected by the breach. The company first established a website, https://www.equifaxsecurity2017.com/, where consumers could look up if their personal data had been a part of the breach. Consumers could also telephone toll-free (866) 447-7559 for additional information. Equifax also initially attempted to get consumers to waive their rights to sue the company if a consumer agreed to get free credit monitoring. The company has since retracted the waiver attempt.
However, the Equifax Security 2017 website proved to be fatally flawed. On October 12, 2017, Ars Technica reported that there were redirects on the site, which led to spammy sites (e. g. “You just won an iPhone!”) or to a download of Adobe which was anything but. Instead, these downloads were malicious and were detected as being malware by Symantec (they are the Norton people), Panda, and Webroot. Malwarebytes, Avira, and Eset also showed red flags, although for a different stage in the process.
Now, according to CNBC, the company attempted to notify numerous persons of how the breach could affect them. That’s the good news. But the bad news is that the letters were inaccurate. Equifax has not confirmed just how many bad letters were sent out.
Mr. Begor will probably also be – one would hope – looking to replace a good chunk of the IT department.
If you need to dispute your personal Equifax report, go here.
Monitoring your credit is always a good idea, but with the breach and how it’s been handled, it’s more important than ever. When it comes to credit monitoring, Equifax’s credit monitoring service is called Business Risk Monitor. In addition, you can monitor your credit with D&B and Experian with us for $24/month. Our credit building programs also offer significant savings on credit monitoring.
If you are as passionate about following the Equifax debacle as we are, please help us spread the word about how the Equifax data breach continues to affect nearly everyone, and what you can do about it.