Is your information better protected since 2017?

Equifax stated that the embarrassing digital intrusion primarily affected names, social security numbers, birthdays, addresses and, in some cases, driver's license numbers. Richard Smith, former CEO of Equifax, told a House subcommittee in October that the company had known before the attack a software vulnerability requiring patches.

However, the member of the Equifax security team responsible for installing the fix did not take any action, acknowledged Mr. Smith. The electronic scans that should have detected systems running the vulnerable software called Apache Struts also failed to find the problem.

Smith and two Equifax security officials withdrew brutally after the violation.

Consumer impact

During the first few weeks after disclosure of the breach, consumers complained about an Equifax online search tool that, in some cases, was providing inaccurate results to those who used it in hope to determine if their personal data had been compromised.

Consumer advocates also argued that the free security products offered by Equifax after the cyber attack were limited in scope and would only provide alerts after a theft of identity.

The consumer class action suit also indicates that the threat of identity theft has proved far too real for some of the major plaintiffs.

The identity thieves used the personal information of Grace Cho, a California resident, to open unauthorized accounts on her behalf and make fraudulent purchases from a wireless phone provider. a big store.

Thieves allegedly attempted to use Cho's information to open unauthorized credit accounts in a retail club and another department store.

Jennifer Tweeddale not only suffered identity theft, but fraudulent accounts on her credit report reduced her credit score by about 79 points. The decline could make it more difficult for the Florida resident to qualify for a loan.

The personal injury accounts suffered by Tweeddale, Cho and Kleveno come from summaries contained in the collective complaint filed in May. USA TODAY was either unable to reach them and other principal applicants, or they did not return any messages. A senior consumer advocate also did not respond to an email.

The millions of consumers whose personal data have been stolen as part of the "offense" remain exposed to a widespread, substantial and imminent risk of identity theft and fraud, a risk that will continue so much that social security numbers will play a crucial role, says the lawsuit.

TO CLOSE

As a result of the Equifax breach, a consumer group wants Congress to rethink the way we use credit reporting agencies. Consumer Watchdog also wants lawmakers to prescribe two-factor authentication to protect personal information. (September 15)
AP

Impact on businesses

Equifax's disclosure of the cyber attack accelerated the economic crisis that began weeks earlier when the company detected the breach for the first time.

After closing at $ 142.72 on September 7, 2017, Equifax shares fell and closed at $ 89.59, closing a week later, a skid of 37%.

The violation has created unexpected business costs, ranging from providing credit warnings and other services to millions of consumers, mounting legal bills and efforts to strengthen and put in place upgrade the company's cybersecurity systems.

When Equifax Announced Results for the Second Quarter In July 2018, the company reported having accumulated approximately $ 300 million in expenditures to date. According to the report on the results, it is "reasonably possible" that Equifax will suffer losses as a result of the lawsuits and investigations, but added that it was not yet possible to provide an estimate .

Nevertheless, equifax shares, which closed at $ 134.54 on Wednesday, fell and fell by only 5% last year.

In March, Equifax recruited a new general manager, Mark Begor, a business veteran with experience in private equity and at General Electric.

In July, he publicly announced a turnaround of the company, stating that "we were rapidly approaching a way back to normal business discussions with the vast majority of our customers (US Information Services)," an essential element of the business. of the society. Fewer than five customers continued to ask questions about Equifax's security plans, he said.

In part to dispel these lingering concerns, Equifax hired a new security team as part of a cybersecurity review after the breach. The question is how effectively new resources are used, said David Vergara, security manager at OneSpan, a security company that says its customers include half of the world's 100 largest banks.

"Equifax took the appropriate initial steps, after the breach, with some obstacles along the way," Vergara said. "Only time will tell if Equifax can deliver – and if they do it well, none of us will ever know it."

Some Wall Street analysts point to cautious optimism.

In a July 27 note to investors, JPMorgan Chase analyst Andrew Steinerman said, "Equifax is not out of the woods yet. He noted that competitors TransUnion and Experian had exceeded the results of Equifax's US information services.

However, he added, "we feel a return to normal on the horizon".

Timothy McHugh, an analyst at William Blair, maintained an outperformance rating on Equifax shares in a note at the end of July 26 to investors.

"The story of Equifax will continue to feature many moving parts," he said, "but we are optimistic that the company's growth rates, margins and technology will improve over the next year or two. "

Contributor: Elizabeth Weise, Adam Shell