The private data of 143 million Equifax “customers” is now available for download. Have no doubt: This means you will be hacked. This means your SIM card can be spoofed. This means someone will try to get into your email and online accounts. This means someone will try to open a credit card in your name.
Cybersecurity experts said the breach was very serious and criticized Equifax on Thursday for not improving its security practices after those previous thefts, and they noted that thieves were able to get the company’s crown jewels through a simple website vulnerability.
Several security researchers on Twitter have said that the delay took six weeks until the matter was made public. Also, reports on Twitter show that the site used to verify if consumers are affected has been plagued with security certificate issues and has been flagged as a phishing site by OpenDNS, a popular domain name service provider.
“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud.
Equifax said it is working with law enforcement and a cybersecurity firm to review its security measures, but the company waited a full 39 days to tell its customers they were newly susceptible to identity theft and a whole host of financial crimes. Three days after discovering the breach that would affect millions of customers however, while the company didn’t warn the public, three Equifax senior executives did sell $1.8 million in stock, according to Bloomberg.
Equifax said it will alert those whose information has been hacked and has set up a website to aid consumers. But as with all data breaches, it’s best to be proactive—particularly because of the severity of this particular leak. According to the New York Times, thieves stole information including Social Security Numbers, driver’s license numbers, birth dates, addresses, credit card numbers, and other personal information that can be used to access consumers’ medical histories and bank accounts.
The company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.
Equifax has created a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk.
The company declined to comment beyond its statement.