Last week, credit reporting agency Equifax announced that data of 143 million consumers was potentially compromised through a “website vulnerability” that occurred from mid-May through July, 2017. Equifax discovered the breach on July 29th, but waited nearly six weeks to make the announcement, claiming the company’s investigation into the vulnerability is continuing.
There have been other largescale data breaches and at least one even larger – Yahoo’s data breaches between 2013 and 2016 affected over one billion accounts – yet the impact of the Equifax breach could be the farthest reaching to date due to some key differences:
- The majority of the impacted accounts are not traditional consumer accounts; instead Equifax acquired most of the data from third parties (like financial institutions, retailers) not from consumers themselves
- The data includes highly sensitive information, including social security numbers, dates of birth and, in some 200,000 cases, credit card information and drivers license numbers, which could be used to commit identity theft
- Equifax is encouraging consumers to utilize its credit monitoring service, but has met with some criticism for: (a) requiring consumers to enter the last six digits of their social security numbers, only to be given a future date when the consumer can return to the site to sign up for the service, and (b) including an arbitration clause in its online terms. Equifax has since issued a statement that this would not apply to consumers signing up for the service.
For more information about Equifax’s proposed solution and further tips on how consumers can protect themselves from identity theft see the FTC’s press release. Contact us at Ossian Law P. C. contact link regarding any information technology law matter.
© 2017 Ossian Law P.C.