Yet another example of a financial institution that cares more about profits than customers, Equifax’s lax security made it vulnerable to one of the most devastating hacks in recent history.
Equifax had been hacked twice in the last few years prior to this most recent attack. Amidst the flood of lawsuits pouring in from customers alleging negligence and/or fraud–the latter stemming from recently uncovered information that Equifax executives sold shares and exercised options just days after the massive hack–Cybersecurity professionals and government regulators are heavily criticizing Equifax for overlooking the fundamental measures and protocols necessary to maintaining adequate database security.
According to Avivah Litan, a fraud analyst at Gartner, Equifax should have had “multiple layers of controls,” a fundamental step that could have prevented hackers from doing excessive damage. But despite Equifax’s previous experiences–experiences which should have prompted them to be more responsive in terms of developing proactive security measures–they ignored those lessons, and in doing so, they inadvertently made it easy for hackers to gain access to its database through one single weak point in their software.
A single weak point in Equifax’s software resulted in the theft of information belonging to 143 million Americans.
So, what makes the Equifax hack more destructive than, say, the Yahoo breach in 2016? Certainly, the Yahoo breach was much larger in terms of scale. It’s the qualitative nature of the information that counts. And that’s what makes the Equifax hack far more destructive. Hackers were able to access a far greater degree of personal information through Equifax. How so? Let’s count the ways.
If you were one of the unfortunate 50% who fell victim to this attack, here are just a few informational items belonging to you that might now be in a criminal’s possession:
● Your Social Security number;
● Your Driver’s License number;
● Your credit card numbers;
● Your name and address;
● Information that may provide access to your employee accounts;
● Information on your medical history; and
● Your bank account information
In short, hackers might be in possession of virtually every piece of information that can potentially make you vulnerable not only to identity theft, but to any crime that your private information allows a criminal to commit.
It turns out that criminals were able to access the company’s files from mid-May to July. The company finally discovered the breach on July 29, upon which Equifax decided to wait six more weeks before informing their customers. According to Equifax CEO Richard Smith’s statement on a USA Today op-ed, “Shortly after discovering the intrusion, we engaged a leading cybersecurity firm to conduct an investigation,” an investigative process that took “thousands of hours” before Equifax as able to form a valid assessment.
Why did it take “thousands of hours”? Wouldn’t you think that a company storing such highly-sensitive information would have a security system that, if unable to prevent attacks, would at least be able to adequately respond in less than six weeks?
Smith’s response to this disaster: “We apologize to everyone affected. This is the most humbling moment in our 118-year history.”
Typical canned CEO-speak. He couldn’t have just stopped after the apology or after the humility statement. Of course, he had to slip in something subtle–the “118-year history” part. It implies: having had existed for 118 years providing quality service and not screwing up, this humbling incident is a mere blip in our history (albeit a blip that just severely compromised the privacy and security of half of America’s population).
But we can all see that this blip is an iceberg; one that embodies Equifax’s corporate culture as well as its demeanor toward customers. If you have been following our blog posts for some time, you will recognize this very sad trope that seems to repeat itself across almost all narratives concerning financial institutions and their relationships to customers: profits over customers.
This is NOT capitalism at its best. It is capitalism at its most irresponsible, selfish, and inept!
Digitization certainly has its dangers, as every technology carries with it its own unique negativity. But in this case, it’s not the technology to blame, but rather the people behind it, the corporate culture that allowed it, and the institutional impulse toward contempt that not only made such a disaster possible, but virtually guarantees, in all degrees of misfortune, that customers will experience negativity on a perpetual basis.
Of course, non-digitized assets, such as physical gold and silver, remain safe and untouched.