Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
picture of a screw

Equifucked: Legal clauses, stock sales and 143 million breached accounts leave Equifax’s reputation in tatters

Posted on September 11, 2017September 11, 2017 By Davey Winder 4 Comments on Equifucked: Legal clauses, stock sales and 143 million breached accounts leave Equifax’s reputation in tatters

Credit monitoring giant Equifax confirms it has suffered a mahoosive data breach, but that’s only where things start getting screwed…

In a statement Equifax makes a point of highlighting that there is “no evidence of unauthorized access to core consumer or commercial credit reporting databases,” yet admits that, “criminals exploited a U.S. website application vulnerability to gain access to certain files.” Files that could potentially impact 143 million customers in the US.

But wait, it gets worse. Much worse. It been revealed that three Equifax executives sold nearly $2m of stock just days after the discovery of the breach, but weeks before it was disclosed to the public. Of course, apparently they had no idea about the breach at the time and it was just pure coincidence. Sounds like MRDA to me, truth be told.

That’s not even the worse of the ‘much worse’ bit though. Are you ready for this? If, like many Equifax users, you headed to the site set up by the company to assist users to establish if their data was amongst that compromised, then you will have got more than you expected. Legal language originally used within the terms and conditions disclaimer of that site meant that users would be waiving their right to take class action against the company. Yep, you read that right. Equifax has responded to the emerging category five shitstorm, by removing the clause and insisting that the “arbitration clause and class action waiver… does not apply to this cybersecurity incident.”

All of the above can be summed up as too little too late. As evidence of a major enterprise being totally unprepared in terms of incident response planning.

To be blunt, in reputational terms, Equifax has been welly and truly Equifucked.

Click here to read complete article

Analysis Tags:breach, Equifax, hack, incident response, Reputation

Post navigation

Previous Post: Can the enterprise trust smartphone verification technology?
Next Post: The hidden danger of cryptocurrency mining in the enterprise

Related Articles

Forget Passwords, This New Tech Is Nearly Hacker-Proof, 1Password Says Analysis
Gmail Hackers Leave Vital Clues Behind—Check These 3 Things Now Analysis
No, 1Password Has Not Just Been Hacked—Your Passwords Are Safe Analysis
New Critical Security Warning For iPhone, iPad, Watch, Mac—Attacks Underway Analysis
New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Analysis
New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It Analysis

Comments (4) on “Equifucked: Legal clauses, stock sales and 143 million breached accounts leave Equifax’s reputation in tatters”

  1. Angie Peterson says:
    September 11, 2017 at 10:43 AM

    Loving the Equifucked description, it’s a perfect fit. Everything that could go wrong has gone wrong here. I teach security hygiene as part of a business consultancy, and will be using Equifax as my example of choice to demonstrate how not to respond to a major incident.

  2. Davey Winder says:
    September 11, 2017 at 10:49 AM

    As I say in my analysis, I think that the apparent lack of a meaningful incident response plan (or maybe a lack of putting it into action properly) is the main story here. If we are to accept that breaches will occur, then how organisations respond to those breaches will be the differentiator between survival and ruin…

  3. Colin Wentland says:
    September 16, 2017 at 10:10 AM

    Good piece, ruined by unnecessary use of foul language!

  4. Davey Winder says:
    September 16, 2017 at 10:17 AM

    Naturally I agree that it is a good piece, but will take issue with your use of the word ‘unnecessary’ in that feedback. What is unnecessary was the bad practice that led to this breach, the poor patch management, the lack of a meaningful incident response policy, the clause in the terms and conditions when users looked to see if their accounts had been hacked. All of that, all of it unnecessary. Words are just words, and strong ones are sometimes appropriate when the screwup being described is so huge.

Comments are closed.

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy