Last year, hackers targeted the credit reporting firm Equifax in one of the biggest data breaches in history. While the company initially estimated the cyberattack had affected 143 million consumers, it increased that number by 2.5 million a month later. Then last week Equifax announced a further 2.4 million people had been harmed by the hack, placing the grand total somewhere in the neighborhood of 148 million. Unlike the vast majority of consumers who had their social security information leaked, these newly added victims had portions of their driver’s license data compromised.
The company claims these breaches took so long to identify because it was initially focused on analyzing accounts where a social security number had been stolen. “This is not about newly discovered stolen data,” said Equifax’s interim CEO Paulino do Rego Barros Jr. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.” What’s more, the firm estimates that costs related to the hack could reach “well over $600 million,” although some of that amount will be covered by insurance.
Still, Equifax has some prominent critics who question the company’s commitment to transparency. “I spent five months investigating the Equifax breach and found the company failed to disclose the full extent of the hack,” said Senator Elizabeth Warren. “Enough is enough. We have to start holding the credit reporting industry accountable.” Senator Warren’s investigation even found evidence that the hackers had stolen consumers’ passport numbers, although Equifax denies this claim. The company remains in the government’s sights, however, with the House Energy and Commerce Committee conducting its own investigation currently. In fact, Representative Greg Walden says the company has only provided partial responses to the committee’s “repeated” requests for documents. “The American people deserve to know what went wrong, and our investigation will continue in full force until there are answers,” said Walden.
- Should Equifax executives be more transparent with authorities who are investigating last year’s hack? Why do you think the company would be reluctant to do so?
- Do you think the final tally of consumers affected by the Equifax hack will stay at 148 million or increase by even more?
Sources: John McCrank and Jim Finkle, “Equifax Breach Could Be Most Costly in Corporate History,” Reuters, March 2, 2018; Brian Fung, “Equifax’s Massive 2017 Data Breach Keeps Getting Worse,” The Washington Post, March 1, 2018. Photo by Marco Verch.