Credit monitoring giant Equifax confirms it has suffered a mahoosive data breach, but that’s only where things start getting screwed…
In a statement Equifax makes a point of highlighting that there is “no evidence of unauthorized access to core consumer or commercial credit reporting databases,” yet admits that, “criminals exploited a U.S. website application vulnerability to gain access to certain files.” Files that could potentially impact 143 million customers in the US.
But wait, it gets worse. Much worse. It been revealed that three Equifax executives sold nearly $2m of stock just days after the discovery of the breach, but weeks before it was disclosed to the public. Of course, apparently they had no idea about the breach at the time and it was just pure coincidence. Sounds like MRDA to me, truth be told.
That’s not even the worse of the ‘much worse’ bit though. Are you ready for this? If, like many Equifax users, you headed to the site set up by the company to assist users to establish if their data was amongst that compromised, then you will have got more than you expected. Legal language originally used within the terms and conditions disclaimer of that site meant that users would be waiving their right to take class action against the company. Yep, you read that right. Equifax has responded to the emerging category five shitstorm, by removing the clause and insisting that the “arbitration clause and class action waiver… does not apply to this cybersecurity incident.”
All of the above can be summed up as too little too late. As evidence of a major enterprise being totally unprepared in terms of incident response planning.
To be blunt, in reputational terms, Equifax has been welly and truly Equifucked.