The Better Business Bureau has long been a source that consumers look to in their quest to find honest companies to trade with.
Designed to be an unbiased source that provides data on companies and their practices, the BBB carries a lot of influence in modern commerce. The organization’s main goal is to alert consumers when businesses follow practices that could potentially harm buyers.
This made it a bit odd when Equifax maintained their A rating despite the massive data breach they suffered.
The credit monitoring giant braced for the worst as they announced news of a breach that compromised 143 million people’s private information. As expected, a firestorm of controversy followed. Lawmakers demanded answers, stock prices dipped, and two members of the company’s core management team stepped down.
Howard Schwartz of the BBB described the event as startling. He said that the information stolen includes names, addresses, social security numbers, and other building blocks of identity theft. Some people were unaware Equifax even had their data, as the credit monitoring giant collects information from credit card companies, banks, and retailers.
The catastrophic situation has left many wondering whether Equifax will even continue its operations. But not only is the company still going, they’ve maintained their A rating with the BBB. The reasoning behind this is that the company itself is being viewed as a victim in the attack, just as the people who had their data stolen are victims.
Spokeswoman Katherine Hutt spoke about the issue, saying: “At this point, it hasn’t been shown that there’s been any malfeasance by the company. So at this point, they are a victim in the same way the consumers are a victim until the investigation is complete or until there’s a government action.”
The story got more interesting when it was revealed that a flaw in the Apache Struts Web Framework provided the entry point hackers needed. The curious aspect about such a discovery is that the company may have had time to fix the problem when it was discovered.
An open source organization even reportedly gave Equifax the necessary software patch to correct the vulnerability. Not only did the company fail to act and take corrective action, they waited a substantial amount of time before revealing the leak to the public.
BBB ratings are largely based on the way a company responds to customer complaints. While Equifax has had a firestorm of complaints, accusations, and even lawsuits thrown its way in the wake of the hack, they’ve reportedly been prompt in responding back.
To date, over 57,000 complaints have been filed on Equifax to the Consumer Financial Protection Bureau over the last five years. This averages out to over 30 complaints a day, with some stating that company employees don’t know how to handle common requests such as a credit freeze.
Government officials have already called one Equifax manager in for questioning, and a detailed investigation is expected. One proposal says credit monitoring companies should be required to provide free credit freezing services in the event of a data leak.
Image source: Wikimedia