When Equifax announced a security breach in 2017, there were a lot of questions.
How could such a successful credit monitoring giant allow this to happen? How exactly did data thieves access confidential information? And just how severe was the breach overall?
That last one has been a multi-part series of answers, with new information seeming to reveal the situation was worse than expected on more than one occasion. Several updates were given concerning the breach’s severity, raising questions about just how deep the damage was and how much Equifax really knew about what happened.
News of the breach initially broke back in September, but it was revealed the company knew about the breach for at least a month before they made it public. It was originally believed that 145.5 million users’ data had been compromised, but additional information brought the total to 147.9 million.
Now the situation is even worse, as the company revealed 3,200 passport images were stolen. Equifax originally said passport data wasn’t affected in the breach, but new information reveals a small amount of users’ data was compromised.
This new revelation was revealed thanks in part to Senator Elizabeth Warren’s investigation into the credit monitoring company. When the news of the initial breach broke, she was one of the first to call on the company’s leaders to answer for how individual’s private information could’ve fallen into the hands of hackers. This information includes things like social security numbers, birthdates, and more.
Equifax is the type of company that is a goldmine for data thieves. Any organization that keeps so much sensitive information on file has to have the security credentials to match. But although they haven’t had a history of problems, one security flaw put them in the spotlight and led to a large-scale investigation complete with public backlash.
Despite offering free credit freezing services, the company still endured a media firestorm after the breach. Multiple managers stepped down, including one who had no security or IT credentials on her LinkedIn page. Instead, the former Equifax manager had undergraduate and graduate degrees in music. After the backlash, her profile was changed to private and her last name changed to only an initial.
Though the continued updates and amendments to the story and scope of damage don’t seem to bode well for Equifax, this type of news is somewhat common when it comes to data breaches. As good as cyber thieves are at getting into places they’re not supposed to be, they’re sometimes even better at covering their tracks.
Yahoo famously announced a breach that originally was thought to affect a third of their user base. However, their new owners later did more research and found the entire pool of Yahoo’s users had been affected by the breach. Even sites like Twitter aren’t immune, as they recently announced password worries of their own.
Hopefully, this is the last scare for Equifax, as their 2017 breach just seems to keep getting worse.