Custom Search

September 19, 2017

It Just Keeps Getting Deeper - Equifax Suffered Second Undisclosed Data Breach

Bloomberg.com is reporting that the gigantically huge data breach that Equifax disclosed less than two weeks ago is not the only hack the consumer reporting agency suffered this year.  There was allegedly a hack in March, two or more months before the big data breach that has put 143 million Americans at risk of having their identities stolen and their lives ruined.

According to Bloomberg, Equifax notified a small number of outsiders and banking customers in early March that it had suffered a breach.  At that time, Equifax brought in a security firm to determine the scope of the breach.  What Equifax did not do was tell the general public about the first data breach, either then or in July when it learned of the second, larger breach.

The second, big breach occurred (according to Equifax) when hackers gained access to Equifax's computer system through a known flaw in the company's web software that somehow was not patched until after the breach was discovered in late July.  Was the flaw in the system discovered by the security firm in March and Equifax negligently failed to implement the patch to fix the vulnerability?

While the Bloomberg article focuses on the first hack's implications for the three executives that dumped Equifax stock after the second breach was known by Equifax but before the public was informed and the subsequent stock price drop, one thing the article does not mention is how the timing of the first hack completely undermines Representative Loudermilk's claim that his Equifax protection bill was drafted before the Equifax data breach, not in response to it.  I posted about Loudermilk's position yesterday.

Loudermilk introduced his bill designed to protect Equifax and the other credit bureaus and hurt consumers (such as his constituents) in May, a few weeks before the second breach allegedly occurred.  However, now that we know that Equifax knew of the first breach in March, why would we think that Loudermilk was not attempting to shield Equifax, a donor to his campaign, from liability from the first breach by pushing a bill that does nothing but protect the credit bureau from having to pay for its malfeasance?  The timeline is looking very bad for both Equifax and Loudermilk.  If I were a citizen of the 11th Congressional District of Georgia, I would have some very serious doubts about where my congressman's loyalties lie.

No comments:

Post a Comment