We haven’t written yet about the Equifax data breach. It is one of the worst, if not the worst, security breach of our personal information in history, the personal information of most U.S. adults having been obtained by cyber criminals. However, I had nothing of note to say about it. Stuff happens, I thought, and very bad stuff can happen in our digital age.
My view changed when I read an article in PJ Media by Phil Baker. According to Baker, this was the third time in two years that Equifax computers were hacked. The company thus had plenty of warning about the problem, yet failed adequately to deal with it.
In addition, says Baker, Equifax waited six weeks after discovering the theft of all of its data to inform anyone. This gave the thieves a head start, with ample time to package the data, go to the underground web, and sell it.
Baker also reports that three Equifax executives sold stock in the company during the period between the theft an the announcement of the theft. Equifax Chief Financial Officer John Gamble and president of U.S. information solutions Joseph Loughran collectively sold shares and exercised stock options totaling approximately $1.5 million on Aug. 1, just three days after the hack. Rodolfo Ploder, president of workforce solutions, sold approximately $250,000 worth of stock on Aug. 2.
The company claims the three had not yet been informed of the breach. Perhaps not, but the timing certainly raises suspicions. The matter ought to be investigated.
Baker’s article also contains advice on how what we should do to protect ourselves from the consequences of the Equifax breach. I’m not in a position to evaluate his advice, but I encourage you to read it.
UPDATE: Clark Howard’s website provides a good discussion of the “credit freeze” option as a response to the Equifax security breach and the problem of identity theft in general. It includes practical guidance on how to effectuate such a freeze with the three major credit bureaus.