The Money Coach
  • About
    • Meet Lynnette
    • Media Kit
  • Contact
  • Subscribe
  • QR Code
  • Books
  • Categories
  • Coaching
  • Hire Lynnette
  • Money Coach University™
  • The Money Coach Recommends™
No Result
View All Result
The Money Coach
  • About
    • Meet Lynnette
    • Media Kit
  • Contact
  • Subscribe
  • QR Code
No Result
View All Result
The Money Coach
No Result
View All Result

The Equifax Hack: What Equifax Got Right and Wrong Amid Data Breach

Lynnette Khalfani-Cox, The Money Coach by Lynnette Khalfani-Cox, The Money Coach
in Identity Theft
Reading Time: 10 mins read
Equifax Hack
17
SHARES
285
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The Equifax hack is one of the nation’s largest ever data breaches, affecting up to 143 million Americans or nearly half the population in the United States.
From mid-May of 2017 through July 2017, hackers got into Equifax’s systems and gained access to Social Security numbers, names, addresses, birth dates, and even certain people’s driver’s license numbers and credit card numbers. Additionally, some folks in Canada and the U.K. had their data stolen in the Equifax hack too.

At this point, the full impact of this complex drama is not yet known and could take months or even years to unfold.

But with so much at stake – for both consumers and Equifax – and with so many individuals impacted by this historic data breach, it’s worth noting what Equifax has already gotten right, and terribly wrong, in handling this unfortunate fiasco.

Sadly, there are a lot more negatives than positives thus far.

Here’s a look at both sides, in the hopes that Equifax and other organizations will learn some do’s and don’ts when the next inevitable data breach occurs.

The Equifax Hack: What They Did Right

  1. The timing of the breach announcement

Critics may disagree, but I believe Equifax did precisely the right thing – in many ways – by announcing this data breach when they did.

Equifax says they first detected the hack on July 29, 2017. The company told the public about it on September 7, 2017. Some people have jumped all over Equifax for this nearly six-week gap. But jeez, what do you expect?!

Equifax had to wait to make an announcement about an incident of this magnitude. To do otherwise would have been dangerous, irresponsible and foolish – putting Americans’ data further at risk.

I’m sure their very first priority, upon detecting this hack, was to stop it. Equifax no doubt had to also step up their cyber security and buttress their electronic defenses.

They company said they notified authorities, hired a firm to determine the scope of the breach, launched and concluded a preliminary investigation, and took other measures to mitigate this crisis – including setting up a website and a toll-free number for consumers to get more information about the Equifax hack.

Six weeks, in my opinion, was not an unreasonably long time to handle all of this considering the scope of the review, the amount of data that had to processed, and the investigative analysis that had to first get done to figure out what had gone wrong.

Besides, if company officials had immediately told people what occurred with the Equifax hack – before knowing all the facts that it’s provided thus far – can you imagine the heightened level of confusion, misinformation and problems that such a premature disclosure would have caused?

Another point about the timing of the announcement is worth noting.

Equifax revealed this data breach early afternoon on a Thursday.

They didn’t do it late at night or make the announcement after business hours on a Friday, to try to bury the news. They didn’t wait to reveal this mega-breach over the weekend, when they had to know that TV news would be dominated by coverage of mega-Hurricane Irma.

Less honest companies might have tried to weasel out of being in the harsh glare of the media spotlight, by disclosing a cyber hack at some less-than-peak time in the news cycle.

But Equifax didn’t go there. I give them brownie points for that.

  1. Equifax CEO Richard Smith immediately personally apologized

I can’t stand it when corporate executives don’t fess up or recognize their own shortcomings amid a scandal.

It’s even worse when execs intentionally look past company and employee ineptitude, disregard wrongdoing and a lack of professionalism, or try to pin the blame elsewhere when things go awry.

Equifax doesn’t appear to have done any of that.

Even though cyber thieves set this catastrophe in motion with their illegal shenanigans, Equifax’s CEO took responsibility for the Equifax hack, and I give him credit for adopting that initial position.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax Chief Executive Officer Richard Smith said in a YouTube video.

Obviously, that apology isn’t enough. But it’s a good start.

Despite the apology, and the steps it’s taking to prevent another breach, Equifax has already been hit with a proposed $70 billion class action lawsuit filed in a Portland, Oregon federal court. The plaintiffs alleged Equifax was negligent in failing to protect consumer data. Another lawsuit out of Atlanta makes similar claims against the company in the wake of the Equifax hack.
As the fallout continues, I’m sure some people will even call for Smith’s resignation.

But in my opinion, this CEO did the right thing. He didn’t wait for the inevitable backlash to say sorry. He apologized right away, and he did so with an acknowledgement that Equifax has to do a better job of safeguarding client info.

The Equifax Hack: 4 Ways Equifax Screwed Up

I’ll leave it to the courts to decide whether Equifax will bear any legal responsibility for the breach itself. My guess: probably not. But who knows?

Meantime, however, Equifax is now in the throes of a major public relations crisis, not to mention dealing with the fallout to its stock price.

Equifax’s stock suffered a predictable, knee-jerk reaction: on Friday, the day after the company announced the Equifax hack, it’s stock fell about 14%. Additionally, Moody’s Investor Services predicted the breach would negatively impact Equifax’s finances over the next year or so, a Yahoo Finance report said.

Regardless of whether or not the stock rebounds, Equifax will definitely pay a price on the P.R. front for botching things amid its faulty execution of guiding consumers through the “what to do next process” in the wake of the breach announcement.

Here’s are 4 ways Equifax screwed up royally, and eroded consumer trust, in its initial handling of this enormous data breach.

  1. It promised upfront answers to consumers then failed to deliver

Equifax urged people to go visit http://equifaxsecurity2017.com, which is the website Equifax created to help you determine if your information was illegally accessed.

On the site, you must enter your last name and the last six digits of your Social Security number.

Based on that information, Equifax says you will receive “a message indicating whether your personal information may have been impacted by this incident.”

Well, that’s not actually what is happening.

Plenty of people – myself included – followed Equifax’s instructions and are still in the dark about whether or not our information was compromised.

After entering the data Equifax requested, I expected to get some kind of clear and direct message about this matter, something to the effect of:

“Yes, it appears that your data was illegally accessed” or

“No, it does not appear that your data was illegally accessed”

But Equifax provided no such clarity.

Instead, I just got an online message saying “Thank you” and telling me to visit the site again in a week in order to complete my free enrollment in the company’s credit monitoring service, TrustedID Premier. That service includes:

On Equifax’s newly established website for consumers, the company had also said: “Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier.”

Ultimately I, like countless other people, was left wondering: So did crooks tap into my information or not?

This was an epic failure – one that could have been avoided with more care and attention to how consumers would experience this process.

  1. Equifax blew it on the telephone customer service front

Equifax also recommended that consumers with additional questions contact a newly set up, dedicated call center at 866-447-7559. Equifax promised that the call center would be open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time, in order to help people.

But writers from Fast Company said they called the customer service line at 5:45 pm on Thursday – only to get a recorded message saying they were calling after business hours.

Bloomberg writer Polly Mosendz shared on Twitter that she had to wait 48 minutes for customer service help. When an Equifax rep finally got on the phone, he said he worked for a company to whom Equifax had outsourced phone duties, and the guy Mosendz spoke to couldn’t tell her whether her data had been compromised.

I had pretty much the same experience as Mosendz.

When I called Equifax’s toll-free number twice on the day after the Equifax hack announcement, I initially got busy signals; yes, busy signals!

During the second call, just before I was about to hang up, a recorded message came on saying that if I was calling about “the incident” please hold on for further help and information.

I waited on hold for 9 minutes before a customer service rep got on the line.

Unfortunately, he was literally no help whatsoever.

He simply read me a script about the data breach and referred me to the new Equifax website.

When I told him that I had used the website but I still didn’t know if my data was compromised and I wanted to know if I was affected or not, he told me that he worked for a “third party” and did not have any access to my credit files so he didn’t know the answer to the question I was posing.

In the midst of a crisis like this, why on earth did Equifax refer people to a “dedicated” customer service line for so-called “help” with “additional questions” only to subject consumers to incessant phone delays, outsourced know-nothing workers, and an understaffed call center?

Totally ridiculous.

  1. Equifax gave the appearance of financial wrongdoing

One of the most damning narratives that have emerged about Equifax in the wake of this data breach is the idea that top company officials tried to shield themselves financially from the fallout of this hack.

According to Bloomberg, three Equifax executives sold nearly $1.8 million in stock after the data breach was discovered on July 29, and before the public was notified about Equifax hack.

“Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans,” Bloomberg reported.

An Equifax spokeswoman said none of the three executives knew about the data breach before they sold their stock. Even if that’s true, the damage has already been done.

Hundreds of media outlets have reported the poorly timed stock sales. Most news stories either strongly implied that some fishy business had gone on, or flat out stated that Equifax execs were guilty of malfeasance or insider trading.

Assuming we believe Equifax’s assertion that those stock sales were done without the executives knowing about the breach, how could the Equifax team (whoever did know about the hack) be so stupid as to not immediately advise the company CFO (of all people!) about an unprecedented data breach of this scale?

July 29 was a Saturday and the CFO sold his stock three days later, on Tuesday, Aug. 1, 2017, according to regulatory filings. It’s not entirely implausible that the CFO, for whatever reason, didn’t get wind of the breach over that weekend when the Equifax hack was detected. (He should have though).

But you mean to tell me that the CFO went to work on Monday, July 30th or even on Tuesday, August 1st and simply never got wind of this calamitous news?

Talk about being out of the loop.

If this is truly the case, I don’t know which is scarier: The fact that CFO was not instantly informed of the data breach by his Equifax colleagues; or the fact that Equifax, which is supposed to keep our sensitive personal data safe, didn’t even detect the hack for more than two months into the episode.

  1. Equifax initially unfairly strong armed consumers

If you immediately hopped onto the website Equifax set up, you may or may not have read the fine print, in the form of the terms of service Equifax posted online.

The gist of it, as The Washington Post’s Brian Fung reports, is that buried in Equifax’s terms of service is a clause that could potentially prohibit you from joining any class action lawsuits against Equifax tied to this breach.

Now before you scream bloody murder, know that Equifax has already tweaked this. Bottom line: you can opt out of this provision if you notify Equifax in writing within 30 days. I’m sure the lawyers were involved in all of this.

But again, how moronic of Equifax staff to throw that language in there in the first place!

Strong-arming consumers into online agreements that force them to give up their legal rights just to check on their credit data was just wrong. And that gives Equifax yet another black eye in this whole mess.

All of these blunders, unfortunately, were self-inflicted wounds caused directly by Equifax – not the hackers.

In fairness to the company, I know this must be a fast-moving, sensitive PR and corporate nightmare for Equifax. It’s a challenge to everything right for any company or organization victimized by a large-scale, high profile data breach.

And let’s not forget, of course, that Equifax is far from alone in getting hacked. Bigger attacks have struck Yahoo, LinkedIn and Adobe, and the laundry list of businesses and entities that have been hacked seems to grow nearly every day.

Data breaches have occurred everywhere from financial services firms like TD Bank and Citigroup to retailers such as Target and Home Depot.

Heck, even some of the most sensitive federal agencies of the U.S. government – including the IRS and the Office of Personnel Management – have been hacked!

So clearly, more needs to be done in the effort to stay ahead of online crooks and cyber thieves intent on wreaking havoc, stealing consumer’s private data, and making a buck off of unsuspecting people’s good name or credit.

Until then, we all have to remain vigilant and proactive in protecting our data. You can start by take smart steps like getting a credit freeze or putting a fraud alert on your credit files.

By putting an alert on your credit files or even locking down your credit files, at least you make it way tougher for cyber criminals to harm your credit.

It probably also wouldn’t hurt to sign up for the one year’s worth of free credit monitoring and identity theft services Equifax is now offering consumers.

After all, that’s the least Equifax can do to start making things right.

#Equifaxhack #Equifaxbreach #EquifaxDataBreach

Tags: equifax data breachEquifax hack
Previous Post

September is Emergency Preparedness Month: Here’s a 911 For Your Wallet

Next Post

How to Protect Your Credit After The Equifax Data Breach

Related Posts

Identity Theft Victim What to Do Ask The Money Coach

Victim of Identity Theft? Here’s What to Do

by Guest Blogger

In 2017, 16.7 million people were victims of identity theft, suffering a record $16.8 billion in losses. Today, many of our standard transactions like banking, bill paying, and even shopping are online. The growth of online activity has increased convenience for consumers, but the continuous exchange of personal information online has likely...

Equifax Data Breach

How to Protect Your Credit After The Equifax Data Breach

by Lynnette Khalfani-Cox, The Money Coach

Scores of Americans are worried about the latest huge cyber hack in the U.S., an Equifax data breach that could impact up to 143 million consumers nationwide. Equifax, one of the country’s biggest credit bureaus, says cyber criminals hacked into its systems and gained unlawful access to people’s Social Security...

How to Keep Hackers From Ruining Your Financial Life

How to Keep Hackers From Ruining Your Financial Life

by Lynnette Khalfani-Cox, The Money Coach

Hackers have victimized tens of millions of Americans lately by stealing personal information ranging from credit card accounts to Social Security numbers. With such information, a hacker or identity thief can open new loans or accounts in your name, file a fraudulent tax return, or even empty your bank accounts...

phishing scams

Watch Out for Tax-Related Phishing Scams

by Guest Blogger

Just because your tax return has been filed and any refund may have already been spent or tucked away in savings, that doesn’t mean thieves are done trying to get their hands on your data or your cash. This is the time of year when identity thieves are on the...

filed taxes in your name

Did Someone Use Your Social Security Number to File Taxes? Here’s What to do

by Lynnette Khalfani-Cox, The Money Coach

The IRS says that millions of people have become victims of con artists that have used the victim's social security numbers to file taxes. Once the scammers file taxes, they turn around and collect tax refunds from the government. Meanwhile, not only has the victim's identity been stolen, they are...

How to Safeguard Your Tax Refund and Your Credit From Identity Theft

by Guest Blogger

Imagine filing your federal taxes with the Internal Revenue Service, only to have your tax return rejected because some crook has already used your Social Security number and claimed a bogus tax refund. All of a sudden you face an IRS nightmare. You must prove your identity to the feds....

error on credit report

Is Privacy an Illusion?

by Guest Blogger

By Eva Velasquez The term “privacy is dead or is dying” has been bandied around for the last few years. It makes me wonder if the real issue isn’t that privacy is dead, but that it never really was alive in the first place. Is it that times have changed...

Load More

Popular Posts

  • Car repair

    What to Do If You Can’t Afford a Car Repair Bill

    1376 shares
    Share 550 Tweet 344
  • What to Do if Your Spouse Stole Money From You

    1164 shares
    Share 466 Tweet 291
  • What to Do If You Can’t Afford to Leave Your Spouse

    1102 shares
    Share 441 Tweet 276
  • Here’s Why I Pay My Kids For Good Grades (And Maybe You Should Too)

    1008 shares
    Share 403 Tweet 252
  • What Do All Those Strange Codes In My Credit Report Mean?

    813 shares
    Share 325 Tweet 203
  • Do This Now If Your Wages Were Not Reported

    743 shares
    Share 297 Tweet 186
  • How to Find Out if a Debt Collector is Licensed to Collect Your Debt

    722 shares
    Share 289 Tweet 181

All information on this blog is for educational purposes only. Lynnette Khalfani-Cox, The Money Coach, is not a certified financial planner, registered investment adviser, or attorney. If you need specialty financial, investment or legal advice, please consult the appropriate professional. Advertising Disclosure: This site may accept advertising, affiliate payments or other forms of compensation from companies mentioned in articles. This compensation may impact how and where products and companies appear on this site. AskTheMoneyCoach™ and Lynnette Khalfani-Cox, The Money Coach® are trademarks of TheMoneyCoach.net, LLC.

©2009-2023 TheMoneyCoach.net, LLC. All Rights Reserved.

RSS / Sitemap /Submit an Article / Privacy Policy / LynnetteKhalfaniCox.com

No Result
View All Result
  • Books
  • Categories
  • Contact Lynnette
  • Get Coaching
  • Hire Lynnette
  • Money Coach University™
  • The Money Coach Recommends™
  • Home
  • Subscribe to Newsletter
  • QR Code

©2009-2021 TheMoneyCoach.net, LLC. All Rights Reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist