Equifax data breach: What's changed since last year's huge hack of personal information?

September 6, 2018

 

I read an excellent article in the September 6, 2018 edition of USA Today.  I could not write this better, so I have reproduced it here for your reading.  FULL CREDIT goes to Kevin McCoy who wrote this:

 

Alvin Kleveno is among the nearly 148 million members of a not-so-exclusive club – consumers whose personal data was compromised in the massive cyberattack disclosed one year ago by Equifax, one of the nation's three major credit bureaus.

 

In the weeks after the bad news, the company alerted the Colorado resident that not only was his personal data endangered, a debit card he'd previously used to "unfreeze" his Equifax credit record had also been compromised.

 

Kleveno, "experienced unauthorized charges" on the card, and "spent time and effort contesting the fraudulent charges with his credit union, canceling the card and traveling to the credit union to obtain a replacement card," according to a court complaint on behalf of the victimized consumers.

 

Today, Kleveno is one of 96 named plaintiffs from all 50 U.S. states and the District of Columbia who are suing Equifax in a consumer class-action lawsuit. The case is among a multitude of lawsuits targeting the Atlanta-based company.

 

The lawsuits have inched through the legal system in the year since the news that nearly half of all Americans had personal information exposed by the breach. Meanwhile, federal, state and overseas authorities pursue yet-to-be-completed investigations.

 

Although a new law will let Americans freeze their credit reports without charge as of Sept. 21, Lauren Saunders, associate director of the National Consumer Law Center, says "very little has changed" for consumers because personal information for millions of consumers remains in the hands of thieves.

 

"After publicly announcing the worst data breach in history, Equifax still hasn't paid a price or provided the information and tools consumers need to adequately protect themselves," the U.S. PIRG Education Fund, an independent group focused on consumers and the public interest, says in a report issued on Thursday.

 

Equifax declined to make executives available for an interview about the one-year anniversary of its cyberattack disclosure. However, the company said it has tightened its data security perimeter, hired top cybersecurity and technology professionals, improved cyberattack detection and response times, and offered consumers more control over their data.

 

The company also agreed to a June consent order with financial regulators from eight states that requires it to conduct security audits at least once a year and take other steps to strengthen data safety.

 

"Protecting the data entrusted to Equifax is the company's top priority," the credit bureau said, adding that it has conducted regular cybersecurity briefings and calls "to update hundreds of business customers on our progress and lessons learned."

 

 

 

The cyberattack

 

In its initial September 7, 2017, disclosure, Equifax said as many as 143 million U.S. consumers could have been exposed to the danger of identity theft or other crimes when criminal cyberthieves carried out an electronic attack on the company's computer systems. The company later raised the potential victim count to nearly 148 million.

 

The embarrassing digital break-in primarily compromised names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers, Equifax said. Richard Smith, the former Equifax CEO, told a House subcommittee in October the company had known before the attack about a computer software vulnerability that required patching.

 

However, the Equifax security team member responsible for installing the patch took no action, Smith acknowledged. Electronic scans that should have detected any systems running the vulnerable software called Apache Struts also failed to find the problem.

 

Smith and two Equifax security executives abruptly retired after the breach.

 

 

 

Consumer impact

 

During the initial weeks after the breach disclosure, consumers complained about an online Equifax search tool that in some cases provided inaccurate results to those who used it in the hope of finding out whether their personal data had been compromised.

 

Consumer advocates also contended that free security products Equifax offered after the cyberattack were limited in scope and would only provide alerts after an identity theft had occurred.

 

The consumer class-action lawsuit also says the threat of identity theft proved all-too-real for some of the main plaintiffs.

 

Identity thieves used the personal information of Grace Cho, a California resident, to open unauthorized accounts in her name and make fraudulent purchases with a wireless phone provider and a department store, the court complaint charges.

 

Thieves allegedly attempted to use Cho's information to open unauthorized credit accounts at a retail warehouse club and another department store.

 

Jennifer Tweeddale not only suffered identity theft, fraudulent accounts on her credit report lowered her credit score by approximately 79 points. The drop could make it more difficult for the Florida resident to qualify for a loan.

 

The accounts of personal damages suffered by Tweeddale, Cho and Kleveno come from summaries in the consolidated class-action complaint filed in May. USA TODAY was either unable to reach them and other lead plaintiffs, or they did not return messages. A lead counsel representing the consumers also did not respond to an email. 

 

The millions of consumers whose personal data was stolen in the breach "remain subject to a pervasive, substantial and imminent risk of identity theft and fraud, a risk that will continue so long as Social Security numbers have such a critical role in consumers’ financial lives," the lawsuit alleges.

 

 

 

Business impact

 

Equifax's disclosure of the cyberattack accelerated the business crisis that had begun weeks earlier when the company first detected the breach.

 

After closing at $142.72 on September 7, 2017, Equifax shares plunged and closed at $89.59 close one week later, a 37 percent skid.

 

The breach created unexpected corporate costs, from providing credit alerts and other services to millions of consumers, to mounting legal bills and efforts to toughen and upgrade the company's cybersecurity systems.

 

When Equifax reported its second-quarter earnings In July 2018, the company said it had run up roughly $300 million in expenses so far. The earnings report said it is "reasonably possible" Equifax will suffer losses from the lawsuits and investigations, but added that it was not yet possible to provide an estimate.

 

Nonetheless, Equifax shares, which closed at $134.54 on Wednesday, have climbed back and are down just 5 percent from this time last year.

 

In March, Equifax recruited a new chief executive, Mark Begor, a business veteran with experience in private equity and at General Electric.

 

By July, he publicly touted a corporate turnaround, saying "we're rapidly approaching a mode of being back to normal commercial discussions with the vast majority of our (U.S. Information Services) customers," a critical part of the company's business. Fewer than five customers continued to have questions about Equifax's security plans, he said.

 

In part to allay such lingering concerns, Equifax hired a new security team as part of a cybersecurity overhaul after the breach. The question is how effectively new resources are used, said David Vergara, head of security at OneSpan, a security firm that says its clients include half of the world's top 100 banks.

 

"Equifax has taken the proper initial steps, post breach, with some stumbles along the way," Vergara said. "Only time will tell if Equifax can deliver. And if they do it right, none of us will ever know about it."

 

Some Wall Street analysts signal cautious optimism.

 

In a July 27 note to investors, JPMorgan Chase analyst Andrew Steinerman said, "Equifax is not out of the woods yet." He noted that rivals TransUnion and Experian have outpaced Equifax's U.S. Information Services results.

 

However, he added, "We sense a return to normalcy on the horizon."

 

Timothy McHugh, an analyst with William Blair, maintained an outperform rating on Equifax shares in a late July 26 note to investors.

 

"Equifax's story will continue to have a lot of moving parts," he said, "but we are optimistic that the company's growth rates, margins (and) technology ...  will improve over the next year or two."

 

Contributing: Elizabeth Weise, Adam Shell

 

Please reload

Recent Posts
Please reload

Archive
Please reload

© 2019 by Quogue Library.  This entire site is General Data Protection Regulation (GDPR) compliant.