Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

The Equifax Data Breach – Boiled Down to the Essentials

September 11, 2017

The problem with writing about a new data breach is that the story evolves. So if the news overtakes this story, so be it. But here is what we seem to know…

143 million Americans have had their social security numbers stolen from credit reporting agency Equifax, along with other personal data, including names, address, credit card numbers, etc.
The attack vector was a vulnerability in the company's website.
Equifax is known to have suffered two previous breaches.
The intrusion was discovered on July 29^th.
Three senior executives, including the company's chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered.
There is an information site at www.equifaxsecurity2017.com – rather a poor one since you can pump in any name and any six numbers and be told that you are likely impacted by the breach.
The site provides an enrollment date for its protection service (TrustedID Premier), and it may not start for several days. The terms of service require that consumers agree to mandatory arbitration, though the company stated on Friday night that the requirement would not apply to this incident. However, the process to opt out is arduous – consumers who want to opt-out must write to Equifax within 30 days with their name, address, Equifax user ID and "a clear statement that you do not wish to resolve disputes with Equifax through arbitration."
Equifax's credit protection service, which is free for one year for consumers who enroll by November 21, is available to everyone and not just the victims of the breach.
Experts suggest freezing your accounts at Equifax, Experian and TransUnion.
There has been heavy criticism of Equifax for not revealing the breach sooner.
A class action lawsuit was filed in an Oregon federal court last Thursday, hours after the breach was revealed, accusing the company of failing to adequately protect its data.

The New York Times carried a good initial story about the breach.

Though it is probably a good idea to freeze your account, don't think that it is impossible for criminals to unfreeze your account. You can read about the woefully insecure PINs that Equifax issues consumers here.

Thanks to Dave and Chris Ries, who have continued to send me updates on this evolving story.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

The Equifax Data Breach – Boiled Down to the Essentials

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer