From mid-May to July 2017, Equifax exposed financial information and personal identifiers of 143 million Americans in what’s being called the worst leak of personal info ever. This is a very big deal, a full 44% of the population of country had their information exposed to hackers. Credit-card details, Social Security Numbers, credit history data, driver’s license numbers, birth dates and addresses were for the taking. Everything you need to steal an identity, blackmail someone, open credit in another person’s name, etc… Really, really bad stuff.
Furthermore, Equifax took a full five weeks between discovering the breach and disclosing it. In the meantime, the company allowed its top execs to sell millions of dollars’ worth of stock in the company. Equifax will have you believe those five weeks were spent preparing an ineffective, security nightmare of a website which itself is in many ways malicious.
The website the company put up in regards to the breach is a joke. It’s an unpatched stock WordPress installation with a broken TLS certificate which informs you that if you come back in a week or so you’ll be eligible for a coupon good for a year’s worth of Equifax credit monitoring. Calling the company’s phone hotline will get you a third party contractor who will simply refer you to the website:
I was able to get through to Equifax customer service and OMFG it's a huge mess pic.twitter.com/6XRRBM2Yl6
— Polly Mosendz (@polly) September 7, 2017
Now, here’s what’s truly malicious about the website: Simply searching the site to see if your information was included in the breach subjects you to a clickthrough agreement that clickthrough agreement waives your right to sue the company.
— Michael Fuller (@UnderdogLawBlog) September 8, 2017
A quick rundown on Equifax, and credit bureaus in general; they’re an oligopoly of three private companies exercising more power than most major federal agencies and do so with virtually no public transparency or serious oversight with just a few band-aid regulations put in place for show after the financial crises of the past decade. They wield enormous power, a black mark on a credit report can be seen by potential employers, state and federal agencies and financial institutions. If you want a job, a home, a car, a credit card or really anything in America, you will rely on credit reports to get them.
Let this be a lesson about the harsh truth of living in the 21st Century: No matter how careful you are about protecting your own confidential personal information. No matter how many 2-factor or 3-factor security systems, retina scans or fingerprint readers you employee. It doesn’t matter. Because your information has been and will be collected and eventually either leaked or just straight up sold by some indifferent third party.
At least Chief Executive Richard Smith found the breach “disappointing.” Let that allow you to rest easy.