Earlier this month, Equifax reported that it had been hacked and that the names, social security numbers and addresses of 143 million Americans had been revealed. According to the 2010 census, there are 309 million people residing in this country, meaning the attack covered nearly 46 percent of the US population. Additionally, the hackers retrieved 209,000 credit card numbers. Rick Smith, Chairman and CEO of Equifax, said in a statement, “This is clearly a disappointing event that strikes at the heart of who we are and what we do. I deeply regret this incident and I apologize to every affected consumer and all of our partners.” Smith also announced that the company would be offering “free identity theft protection and credit file monitoring at no cost.” And on September 15th, the company announced the retirement of the Chief Information Officer and the Chief Security Officer.
Of course, now, many people are up in arms about the breach. On September 12th, 24 Congressional Democrats sent a letter to Equifax with a variety of concerns. According to the letter, since the announcement, people have been running into a number of problems on Equifax’s website. Additionally, the letter sought answers to a series of questions. Namely, the Congressional leaders wanted to know why and how the breach occurred, requesting information regarding Equifax’s security measures. Finally, the letter asked why the company was so slow to announce the cyber-attack.
The recent debacle will likely make it very hard for Congressional Republicans to pass a deregulation bill that would impede a person’s ability to sue credit bureaus. Even though the legislation would apply to “frivolous claims,” those against the proposed measure argue that customers would face too many obstacles when seeking retribution for financial injuries. Now, with 23 lawsuits already filed against Equifax, it’s unlikely the bill will garner support.
On September 19th, Bloomberg reported that the company knew about the breach much earlier than initially thought. Equifax found out about the intrusion in March. That’s five months earlier than the company originally stated. In a statement, Equifax held that the earlier breach was separate from the one that affected the lives of 143 million Americans. However, one person at the company told Bloomberg that the hackers were the same in both cases. In a statement following the publication of the Bloomberg article, Equifax said there was a security issue in March with payroll services. They claimed the problem was relayed to those affected by the breach.
Possible Criminal Charges
However, the company has some serious explaining to do, as three top executives exhibited strange behavior when they sold $2 million in stocks just days after the discovery of the July 29th breach. The DOJ has opened a criminal investigation into the matter, attempting to determine whether the executives sold the stock because they knew the company would suffer. If so, the executives – Chief Financial Officer, John Gamble, President of US Information Solutions, Joseph Loughran and president of workforce solutions, Rodolfo Ploder – would all be subject to insider trading charges.
Since the announcement, Equifax has indeed suffered greatly in the stock market. The price of stocks has plummeted 35 percent, costing stockholders $6 billion.
The breach came as shock to the country because, as noted in the letter from Congressional Democrats, “American consumers have virtually no choice” but to trust Equifax, one of just three major credit bureaus. With evidence mounting that the company poorly handled the cyber-attack, Americans will likely want some form of retribution and regulative action.