Just a year after its record-breaking fiasco—and arguably one of the biggest data breaches in history—the credit bureau, Equifax, is back in business. But at what cost? After weathering a major storm of legislative and regulatory inquiries, leaders in the company have yet to make any significant business decisions about how to improve their business security or improve its customer-facing exchanges.
In July 2017, Equifax made headlines across the world when their system was compromised by outside hackers who made off with 147 million records of private U.S. citizens, all of whom were customers of the credit giant. Even more disturbing was the fact that Equifax took more than two months to publicly admit the data breach happened, putting violated customers in greater jeopardy. Although the firm has subsequently been grilled about its responsibility in this attack and how malicious third-parties were able to access the sensitive information, Equifax has not received any monetary penalties or fines in connection with their negligence. Fortunately for them, the now-infamous GDPR had not been instituted, otherwise the company would surely have suffered greatly.
At this point, 46 different financial organizations, all of whom lost millions of dollars while trying to recover from the fiasco, have filed claims for damages against Equifax. But the company has admitted no wrong-doing and even plans to launch their own legal fight, asking the court to dismiss all charges. In an effort to right this wrong, Equifax has hired two bigwigs—CEO Mark Begor and Chief Information Security Officer Jamil Farshchi— and instituted data security infrastructure reforms to the tune of $200 million.
Unfortunately, the victims of the breach were not aware they had even lost data until the company finally admitted it two months after the fact. This delay jeopardized Equifax customers further, as their identities and data were being actively used in other cybercrimes and exploits. But Equifax remains in business because their rivals have yet to achieve anything better with regards to security and privacy. The only difference is their competitors have not suffered such a humiliating episode—despite the fact that they have done little to amend their dangerous ways. Opportunities for data breach are still alive and well in this sector. This lapse in judgment likely stems from the fact that these companies service only U.S. customers, which means they are not forced to comply with recent mandates of the EU’s General Data Protection Regulation (GDPR).
An Equifax representative explains further, “It’s important for people to understand the seriousness with which we’re taking our remediation efforts, the investments that we’re making in data security, and the seriousness with which we see our obligation to the data that’s been entrusted with us. We have to continue to deliver, and then when we deliver on what we promise, that’s when we will rebuild the trust.”
New Chief Information Security Officer, Jamil Farshchi, also highlighted Equifax’s drive for increased reform and improvement, “No matter how much you invest, how great your people are, any organization nowadays can be breached.” Farshchi emphasized this point when asked to comment on the company’s future plans to protect user data.