This Equifax nonsense just keeps going…
By now, everyone who chooses to live their lives amongst the rest of us knows about the Equifax hack (if not, check out our other post about it here). But, like Hollywood’s appetite for sequels and reboots, it just doesn’t seem to want to stop.
Equifax is under multiple investigations (in Canada and the US) and subject to multiple lawsuits for their stunning misuse of public trust. We now know they had been hit, possibly by the same intruders, with multiple other security breaches going as far back as March, possibly even back to 2016. Although not directly related to the recent breach that saw 143 million people’s personal information lost to hackers, it does call into question two things: First, the subsequent investigation that happened after these early breaches may have been insufficient, and the security measures put in place were almost certainly insufficient. It has been suggested that Equifax knew some software it was using had security holes that could be fixed with what is referred to as a “patch” (think of those patches they use to fix holes in inflatable rafts). Problem is, Equifax never actually installed that patch. They let us all float out into the middle of the ocean with a huge security leak. The ocean, guys. That’s where the sharks live!
Two, it makes the selling of Equifax stock before the hack seem even more suspicious. The proposed timeline that Equifax releases suggested that the executives accused of insider trading may have had no prior knowledge of the hack; the newly revealed timeline suggests that the initial hacks were in March, making this claim harder to believe.
So Equifax is in trouble, you say. They can’t get away with such things, you think.
Unfortunately, it seems like Equifax itself may have fortuitously fallen on a way to regain some ground from the pummelling it has been taking on the floor of the Stock Exchange. LifeLock, a company that is advertising heavily to the very people who may be victims of the Equifax hack, promising to keep their data safe, has failed to disclose to these people that purchasing their service also means that you are signing up for the monitoring services of – you guessed it – Equifax.
LifeLock signed a 4 year contract with Equifax back in 2015, and is now profiting off of the fear caused by this hack, all while serving information up to the very source of the hack in the first place. Not to mention the fact that LifeLock has settled, for millions of dollars, with the Federal Trade Commission in the USA for their own security issues, as well as failed to comply to the terms set out in the settlement.
So even the solutions to the problem leads back to the problem.
Canadians should find out soon if they were subject to this security breach, or so says the reliable sources over at Equifax <insert sarcasm>. There are already at least 2 proposed class action lawsuits started in Canada, and I bet there will be more. Unfortunately, Canada’s laws are going to make the prosecution of Equifax a little more toothless here than it will be in the States. This might be a time to talk to your representatives about proposing new legislation in Canada to make such breaches subject to more punitive damages. If someone spends more time in prison for doing drugs than for ruining the financial future of millions of people – we may need to look at our priorities.
This story doesn’t seem to want to end. I expect we will see as many iterations as we have seen sequels to the Friday the 13th movies. And I expect it to be much scarier.