Equifax, one of the three big credit reporting agencies, has a business plan that involves selling personal financial information to companies that deal with credit and lending. Our own information is completely out of our control. Now that Equifax has suffered a well-publicized breach of unprecedented proportions, Americans are panicking, and for good reason.
Social Security Numbers are a terrible primary identifier; it was never designed to be an ID number and password rolled into one.
Unpatched public-facing websites are incredibly easy for nefarious parties to exploit.
Equifax brass are/were entirely unscrupulous.
Equifax noticed a breach in March, but they took no action. They were attacked again in May, but didn’t notice or halt the intrusion until the end of July. A couple of days after fixing the problem, three top company officials sold millions of dollars in stock, outside of their filed sale schedule (Equifax still contends that these three were unaware of the breach, so the SEC needn’t worry about anything untoward). More than a month later, Equifax let the public know. They offered free credit freezing (except not free; they would charge every time someone wanted to unfreeze an account) for a year. The website they set up to check if you are affected contains serious security issues. They even accidentally pointed people on Twitter to a fake mirrored site with a similar domain name that was made by a security professional to highlight the problems of said site’s name and poor security. The CEO has “retired” and been replaced with an interim CEO.
What Should We Do?
Get credit monitoring and freezing from a reputable (read: non-Equifax-affiliated) company. Keep an eye on your own credit and dispute anything out of the ordinary.
From a small business perspective, invest in good security and up-to-date equipment and software. Lock down any public-facing websites. Keep private information private. Lead with integrity. Present potential issues to clients as soon as they arise. Don’t ignore problems and hope they resolve themselves. Equifax is a wonderful case study of everything you should absolutely never do in business. So much could have been prevented by investing in greater awareness and security protocols.