This year, cyber attacks are happening with such regularity that it becomes difficult to even keep track.
And in each incident, the victims are just ordinary citizens whose privacy and personal data becomes exposed to hackers.
The latest such hack has dominated Equifax, one of top credit reporting services firms in the United States.
The data breach has affected some 143 million people—that is close to half the population of the country.
How is it that the very custodians of highly sensitive data be so casual about cybersecurity within their organizations? They definitely owe an explanation to the public in general, and to the affected members whose data has been compromised in particular.
Equifax Took Several Weeks to Make the Incident Public
From details now shared by the company, the data breach was actually detected on July 29 this year and they decided, in their own wisdom, to make the announcement about the hack only the previous weeks.
This delay in informing the public and the media so late has definitely raised some eyebrows, if not questions.
Many organizations take time to inform their customers and other stakeholders in such cases, primarily with the intention to avoid creating any panic.
They would first plug the loophole and be sure that no further cybersecurity issues persist, and then send out a statement communicating the issue.
It is not clear if Equifax has indeed taken any substantial steps to remedy the shortcomings in the cybersecurity provided on its servers, or wherever the data is residing.
Numbers Quite Large
As mentioned, the data breach at Equifax has affected 143 million people whose credit-worthiness and other personal data were evaluated by Equifax and shared with lending companies and other financial institutions.
If one were to make comparisons to other high-profile hacks, Yahoo’s data breaches over the past few years come to mind.
These breaches affected a billion people worldwide. Experian, also a credit rating agency, suffered a hack in 2015 affecting around 15 million people.
But this is really not about the numbers; it’s about cybersecurity, pure and simple.
Company’s Obligation to Secure Data
Organizations that collect and store sensitive data, like what Equifax has been doing, whether small or corporate in size, have an obligation to protect their customers’ data.
They have to add several layers of security and erect foolproof firewalls around their networks.
They have to hire the best experts in town to keep periodically testing the strength of their cybersecurity, so that any vulnerability can be detected and removed on time, before an outsider hacks the network.
Obviously, Equifax’ ability to keep personal data safe would be questioned by many, and rightly so.
An agency that specializes in furnishing confidential financial status reports of individuals and businesses cannot be found to be incapable of protecting the confidentiality of the data it has collected and stored.
On top of that, they collect charges for this service and therefore their responsibility is higher, from the cybersecurity perspective.
Aftermath of the Large-Scale Hack
Equifax is now involved in a damage-limitation exercise.
Firstly, the company has been communicating with each of the customers whose data has been compromised in the hack and has setup a separate webpage to address the issue.
Even if someone has not received any communications from the company, but would want to be doubly sure they’re not affected, they can go to this page and check and confirm if their data was stolen during the breach.
The affected persons include people from Canada and the U.K. as well, besides U.S. citizens.
It has yet to be determined who is responsible for the hack, but some scammers have already taken advantage of the situation to do even more harm to the customers involved.
On the dark web, a group of scammers claimed responsibility and demanded Equifax pay a large ransom sum in Bitcoin in exchange for the stolen data.
These claims were quickly debunked by researchers, and the fake sites have since been removed from the dark web.
Equifax Trying to Regain Customers’ Confidence
Equifax is offering a year’s service in credit-monitoring and identity theft protection for one full year, without any cost to the customer.
But to avail this concession, the individuals have to enroll themselves on the site and check if their request has been accepted.
If your data was lodged with Equifax and your data was not touched by this hack, you will not receive any special offer.
If you wish to be cautious with your personal information, you can freeze your credit and thereby deny any hacker or cyber criminal to apply for or obtain a credit card using your details, even if they’re stolen from such sites.