In an update to the on-going investigation into the largest data breach in American History, Equifax is quick to point out what they did wrong – by blaming a single person. In a truly “what the” moment, former CEO Richard Smith offered the Digital Commerce and Consumer Protection subcommittee an interesting explanation for how hackers were able to bypass the security team – one person didn’t do their job.
In many ways, this particular pass the blame solution makes clear that Equifax didn’t have a comprehensive security plan to protect the information trove it sits on – hundreds and thousands of pages worth of information on any given individual. Equifax collects social media, salary, and employment records – and over 143 million people were compromised in this last leak.
Yet, with all that data, and an over 200 person IT security staff – it all boiled down to one person. This is a ludicrous assertion, but if it turned out to be true, would indicate a severe deficiency in processes and management for cybersecurity in a department that supposedly had over a quarter of a billion dollars since 2014 to feast on. Smith also cited an issue with a “bad scanner” that failed.
Perhaps unsurprisingly, the House subcommittee had little things nice to say to Smith. Rep. Greg Walden (R-Ore) perhaps summed it up – “I don’t think we can pass a law that can fix stupid.”
What happens next for the data giant Equifax will be contingent on the next several days of interviews and requests for data.
While Equifax continues to deal with the fallout of the breach, consumers and small business owners should keep aware. To protect yourself, set up fraud alerts with the three major credit agencies: Experian, Transunion, and yes – Equifax. Consider a credit freeze so that only companies you currently do business with can have access to your information. Check out your free credit report from all agencies from annualcreditreport.com. And consider adding a credit monitoring service. As a final precaution – next year plan on filing your taxes early – giving thieves a small window to utilize your information.
