The unauthorized access occurred between mid-May and July 2017, and was discovered on July 29 - the company just announced it last week. "If any of the data was exposed, you will be living with that for the rest of your life", said Rich Mogull, who runs the security research firm Securosis.
What remains to be addressed, is why Equifax used such a flawed security protocol in terms of issuing of credit freeze PINs for more than a decade in the first instance. To place a fraud alert, you only need to contact one credit bureau, which is then responsible for contacting the other two: Equifax, Experian or TransUnion. An alert means a business must verify that you are the person asking for a credit request by calling you, for example.
"It's far from a flawless solution - freezing and unfreezing isn't slick - but short of changing your SSN and date of birth it's probably your best protection". If a creditor wants to view your data because an identity thief is trying to set up an account using your name and information, the freeze will prompt the creditor to refuse to set up a new account. The report stays open and is updated to keep track of your debts, payments and other information. Criminals exploited a United States website application vulnerability to gain access to certain files. But for Australian businesses, it's a powerful reminder that it's time to get your breach notification house in order. He says someone likely made a programming or configuration mistake. Often, Mogull says, corporate security is underfunded or isn't given the authority it needs to make sure application developers do what's right. "It's really up to the institution to have better security", said Rivers.
A data breach, as conventional wisdom goes, can happen to anyone, but how an organization handles the fallout is what shows us if they care about users at all - and Equifax is failing spectacularly at it.
The site where Mashable uncovered the information is now offline.
"It's teaching people entirely the wrong things about using the internet securely", Weidman said. "I encourage all New Yorkers to immediately call Equifax to see if their data was compromised and to consider additional measures to protect themselves".
Potentially, a lot of people.
While their services are essential to the US economy, the credit-reporting bureaus don't have the same regulatory oversight as the financial industry. "While I look forward to hearing Equifax management testify under oath before Congress very soon, this bill is another way we can protect consumers". Dang said everyone should have anti-virus and anti-malware protection.
Along with the lawsuit, it has also raised public attention when it was reported that three Equifax executives, John Gamble, Rodolfo Ploder and Joseph Loughran, had sold their shares prior to the data hack, according to the SEC.
The stock has fallen more than 25 percent since Thursday and the company is meeting with investors this week in NY in hopes to contain the fallout.