Equifax, the largest consumer credit reporting bureau in the United States, has been hacked, leaving nearly half the country's population -- roughly 143 million -- vulnerable to identity theft.
Consumers have already begun the process of justice by filing a $70 billion lawsuit, according to Zero Hedge. The worst part? They sat on the information for six weeks before alerting consumers of the breach and even made stock sales prior to the announcement, according to Bloomberg.
The leak also included credit card numbers for more than 200,000 Americans and documentation related to disputes, which contains personal and identifying information for some 180,000 Americans -- on top of the millions whose basic credit information like social security numbers and credit reports are vulnerable to internet poaching, according to Forbes.
The top three Equifax executives sold $1.8 million worth of company stock in the days after they found the breach in what appears to be an attempt to save their assets soon to be lost in lawsuits, according to Bloomberg.
John Gamble, the firm’s chief financial officer, sold 6,500 shares for $145.60, for a total of about $946,400. As of midday Sept. 8, following the firm’s disclosure, the shares were trading at a bit over $123, according to the Los Angeles Times.
“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” said Avivah Litan, a fraud analyst at Gartner, according to The New York Times.
Oregon residents Mary McHill of Portland and Brook Reinard of Eugene have filed a class action lawsuit against Equifax for failing to protect their sensitive data and the data of the rest of the individuals who relied on Equifax.
They filed the lawsuit the same day Equifax announced the breach, Aug. 3, despite having confirmed the situation on July 29 and undergoing investigation since May, according to Oregon Live.
“In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard’s information from unauthorized access by hackers,” the complaint stated, according to Zero Hedge. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to."
According to The Atlantic, cybersecurity for the corporate world is very relaxed, and even more so when it comes to consumer credit. The extra cost to protect the information of Americans which was not spent will seemingly cost Equifax dearly in the end.
The reporting bureau has launched an additional website to handle the incoming inquiries from consumers who are worried they may have been affected through equifaxsecurity2017.com. However, this site requires the consumer's last name and last 6 digits of their social security number to process. It then provides only a date and a promise to review the information at that time through a partner of Equifax, TrustId.
“The fact that the breached entity (Equifax) is offering to sign consumers up for its own identity protection services strikes me as pretty rich,” security expert Brian Krebs observed on his website, according to The New York Times.
Equifax hasn't shown any proof that they have been able to rectify the situation or provide a more secure connection than what was previously offered, making the request for further personal data off-putting for some consumers, according to The Atlantic.
Sources: Zero Hedge, Oregon Live, Bloomberg, Los Angeles Times, The New York Times, Forbes, 2016 Census, The Atlantic (2) / Featured Image: GotCredit/Flickr / Embedded Images: Frankieleon/Flickr, Sgt. Steven R. Doty/U.S. Air Force