8 lesser-known facts about Equifax and the cybersecurity breach
Equifax is one of the leading credit rating providers in the country, which makes it the guardian of extremely important information. Almost every single individual with a bank account or a social security number is registered with Equifax. Having sensitive information also makes the company a prey for cybersecurity scams.
Among the top 3 companies
The credit rating industry is synonymous with a concentrated industry. There are only three big companies that cover the entire transactions of the industry – Equifax, TransUnion, and Experian. These three major companies are considered to be the most influential ones in the industry. Their influential behavior is what makes these agencies the big three of the industry. Equifax was the first to be founded, in 1899, followed by TransUnion in 1968 and Experian in 1996.
Credit determination of customer
For those who are unaware of this fact, it is the credit reporting company that determines the eligibility of its customers for loans, credits cards, and any other financial products. These agencies do this by collecting information on their history with financial products and then compile them to form credit scores. These credit scores are sent to businesses for them to analyze whether an individual is creditworthy or not.
Impact of a cybersecurity breach
A cybersecurity breach of Equifax or any of the two other credit rating companies can affect more than just the citizens of the country. Yes, it does affect the company on a larger scale than the others, but it also affects people in other surrounding or affiliated countries. 44 million users in the United Kingdom were also affected by breach as compared to 143 million users in our nation. There were also a few Canadians among the user’s whose information was breached.
Partial blame for the breach
After a few detective invasions, it turned out that one of the causing factors was the sloppiness of Equifax. The web framework at Equifax had a vulnerability called Apache Struts, which was patched in the breach that happened in March 2017. Equifax did not go ahead with installing the patch into their systems, which led to their systems being breached. This could be a clear enough example for companies to patch in their software and hardware as and when required to stay safe from a breach of heavy magnitude.
Multiple lawsuits
This fact could qualify as a smart guess, as a breach in the system is most likely to be followed by a number of lawsuits by the consumers that have been affected. In one of the lawsuits, the law firm stated that they are expecting a sum of $70 billion in terms of compensation for their client’s losses. There were many other lawsuits with different kinds of compensation amounts that were faced by the company.
Incomplete damage control
In a bid to cover up for the breach and increase their transparency for the customer, Equifax set up a new website where their customer could check if their information is safe or not. However, the website had a clause in its terms of use that some people suspected would hold them for arbitration. This meant that if they checked their safety on the website, they would not be eligible to file a class action lawsuit against the company for the improper security of their information. This, evidently, led to a massive level of irritation among the customers and eventually led to the removal of the clause.
A wider range of information
The company received a massive amount of criticism in the 1960’s and the 1970’s as they asked for information that was not required. It used to extract extra information from their customers in those years as compared to the required information today. It collected information about the employment history, personal and private lives, and their political beliefs. It is also speculated that they were willing to make use of rumors, which meant that they encourage their employees to extract negative information.
A computerization prompted legislation
During the 1970’s, the Government passed a new legislation that secured the citizens from the information they provided to online credit rating companies. This was the time when Equifax decided to store their information online. This meant that the information would be available to a larger set of audience and hackers. Another larger concern was that Equifax did not state a list of the people they sold the information to.