17 for ’17: Equifax Security Data Breach Exposed Information, Raised Concerns
WABE News is taking a look at the top 17 news stories in 2017.
Business and technology reporter Tasnim Shamma spoke with “Morning Edition” producer Sam Whitehead about the cyberattack on Atlanta-based credit-monitoring agency Equifax. The company notified the public of the incident on Sept. 7.
The cyberattack was possibly the incident with the biggest impact outside of Atlanta. It potentially exposed information on 145.5 million people – nearly half of all U.S. adults. We still don’t know the full impact yet.
Feeling Of Helplessness
The day after Equifax announced it was hacked, there was a feeling of helplessness. Atlanta is one of the biggest cybersecurity hubs in the world with lots of these firms based here, but even these cyber experts said that to some degree, it was almost inevitable. Everyone is vulnerable these days.
In May 2017, there was the WannaCry ransomware attack that shut down hospitals and costs businesses billions of dollars. And WABE reported that one in 10 Georgians was a victim of a health care data breach over the past year.
Every time you shop online or share your personal information in any way, you lose a bit of control.
But what was different about Equifax was that it wasn’t a big company like Home Depot or Target. There are three major credit bureaus: Equifax, Transunion and Experian. Consumers don’t have a choice on whether we want to do business with them. These bureaus determine credit scores and ultimately whether someone can buy a house or get a good interest rate on a car loan.
Attorney Roy Hadley is co-chair of the privacy and cybersecurity practice at Thompson Hine and chair of the information security society for the Technology Association of Georgia.
Hadley said if there’s one company you should be able to trust, it’s a credit-reporting agency.
“Equifax sells services to keep your credit and your personal information secure and so it’s significant that they can’t keep their own information secure,” Hadley said.
Hackers breached everything from Social Security numbers, credit card numbers, addresses, birthdays and driver’s license numbers.
As a result, a lot of heads started rolling. Starting with the CEO retiring, people stepped down because of this.
And there were dozens of lawsuits filed in the Northern District of Georgia because Equifax is based in Atlanta.
Former Georgia Gov. Roy Barnes filed a lawsuit, as well as small businesses. People are upset that Equifax knew about the breach in July and possibly earlier but waited until September before telling the public. How they handled it was a bit of a public relations nightmare for the company, becoming what, some called, a textbook case for companies of what not to do after a cyberattack.
Experts said the company was slow in its response but did a lot to calm people down.
The company offered free credit-monitoring services and credit freezes to people — though not businesses. And they set up a call center, which saw heavy volume, but they tried to improve response times. They also named an attorney as its new chief transformation officer. The new interim CEO also said that by the end of January, they are launching a free lifetime service that lets customers lock and unlock their personal credit files and control who has access to it. It’s not clear how it’ll work yet.
The company has 10,000 employees globally, at least 2,000 employees are at its headquarters here, so it’s a big part of Atlanta’s financial community.