Equifax — The Inherent Liability of Data Aggregation
The company was breached, exposing 143 million Americans, and they waited over a month to tell us.
How safe is your personal information? Not very, based on the latest mass breach of data last week at Equifax, one of the three credit-reporting giants, impacting about 143 million Americans.
But it gets worse.
“The company said in a statement the unauthorized entry occurred mid-May through July 2017, as criminals ‘exploited U.S. website application vulnerability’ to access files ranging from social security numbers, birth dates, addresses and driver’s license numbers,” Fox Business reports. “Hackers also accessed the credit card numbers of about 209,000 consumers in the U.S. and other documents with personal identifying information for about 182,000 people in the U.S. Equifax said it discovered the breach on July 29, 2017 but did not publically disclose the information until Sept. 7, 2017.”
That’s right — the company waited more than a month to disclose the bad news. That was plenty of time for executives to sell off $2 million in company stock.
Consumers can find out if their data was compromised at a Equifax’s dedicated website. But in yet another hack against those whose data was compromised, accepting the “free” credit monitoring and identity theft protection service Equifax offered as compensation included some fine print — that those signing up could not be part of any class action lawsuit against the company. After that was discovered, Equifax removed that stipulation.
The inherent danger of data breaches by hackers targeting personal data aggregators like Equifax is a growing, and likewise, the corporate liability for those breaches should be commensurate.