Breach Response Poor Following the Equifax Hack

Equifax, one the three main credit reporting agencies in the country, recently disclosed that a recent data breach may have impacted as many as 143 million Americans. On September 26, Equifax CEO Richard Smith announced his retirement.

Data stolen in the breach includes 209,000 credit card numbers as well as millions of names, Social Security numbers, addresses, birth dates, drivers license numbers, etc. But what may be more concerning than the hack itself is Equifax’s breach response.

Poor Breach Response Compounds Hack’s Damage

First, the company took 6 weeks to disclose the breach, which gave hackers ample time to use consumer information to their advantage. Apparently Equifax did not have a breach response policy in place. If it did, it was not implemented fast enough or far-reaching enough to reassure concerned consumers.

If the delay wasn’t bad enough, the company’s first move following the breach confused security experts even more. Instead of creating a page on their trusted website, Equifax.com, the company created a separate domain, equifaxsecurity2017.com, where individuals could enter their information, but the site was full of bugs and could easily be spoofed. To prove what a poor idea this was, developer Nick Sweeting created a site with a similar URL, securityequifax2017.com. It recieved roughly 200,000 page loads and could have been used to solicite even more information from victims and potential victims.

What does the Equifax hack boil down to? Here are two lessons: 1. Companies like Equifax that handle sensitive consumer information simply can’t afford to be lax about security. 2. Mega companies like Equifax can get by with poor security cultures, but it always catches up to them, sooner or later.

End-to-End Security with CertainSafe

CertainSafe offers the most secure cloud platform. Our award winning MicroEncryption® technology secures data at a level never before possible. Our CertainSafe Digital Safety Deposit Box high security cloud storage solution mitigates risk, ensures compliance and protects your reputation with your clients. To learn more about our product, visit our homepage.