I still remember that day like yesterday.
I opened Twitter and saw the news.
I saw something different. Something that doesn’t happen every day. — Something that can shock anyone in the world.
Around 147 million people’s personal information got stolen from Equifax. — Names, Social Security Numbers, Addresses, Birth Dates, Credit Records. It even reached to the fact that they stole some driver’s license numbers.
I couldn’t believe it in the beginning.
It was labeled the worst data breach in US history.
Attackers stole almost half of US population’s Social Security numbers in spring 2017, but Equifax notified people in September.
Half of the US population’s!
“This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” New York Attorney General Letitia James.
There were lawsuits everywhere. Every consumer demanded free credit freezes, compensations, and government agencies came all over the place to look into the big incident.
Fast forward to July 22nd.
Equifax agreed to pay a settlement that can go up to $700 million depending on the number of compensation people claim. There’s a part of the settlement, where Equifax will provide free credit monitoring services to anyone affected for up to 10 years.
And guess what?
The company will pay cash payments of up to $20,000 per person to refund any costs incurred as a result of the breach.
Imagine paying around 20,000$ per person, for failing to take basic security measurement steps?!
For some people, it’s not about the money for sure. It’s about making their information safe. — The breach affected 147 Million consumers!
So, 147 Million people got affected by this, and I think that can break people apart and their trust for sure. For the people, it’s quite disturbing, painful, and difficult to understand.
Not only because of the breach but because many of these people would not even have been customers of Equifax.
Equifax makes a lot of its money from selling credit reports and other products to lenders to evaluate their potential customers.
“It’s a pretty simple business model, actually. They gather as much information about you from lenders, aggregate it, and sell it back to them,” said Brett Horn, an industry analyst.
The Security Slip
What’s ironic is that the security team for Equifax actually reported the vulnerability that caused the breach on March 2017, but it was never followed up to make sure it’s patched or fixed that year. It was disclosed on Sep 2017.
“Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. “
“This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
(Joe Simons) — Federal Trade Commission Chairman.
It's not only about money.
Now, Equifax has agreed to do a couple of internal security measures to prevent such things to happen again.
These measures will happen every two years.
The first one is that they will conduct an annual internal assessment of security risks.
Second point will be that they will obtain a third-party assessment as well.
If you were affected by the breach, you can use the FTC page to read more about how can you make a claim against Equifax.