Equifax waited 5 weeks to admit it had doxed 44% of America, did nothing to help us while its execs sold stock





From mid-May to July 2017, Equifax exposed the financial and personal identifying information of 143 million Americans – 44% of the country – to hackers, who made off with credit-card details, Social Security Numbers, sensitive credit history data, driver’s license numbers, birth dates, addresses, and then, in the five weeks between discovering the breach and disclosing it, the company allowed its top execs to sell millions of dollars’ worth of stock in the company, while preparing a risibly defective and ineffective website that provides no useful information to the people whom Equifax has put in grave financial and personal danger through their recklessness.

Equifax is in the business of helping employers and financial institutions punish people for making oversights in their business and financial affairs. Being late with a single payment or missing a single bill can constitute a black mark on your Equifax records that lasts for years or decades, affecting your ability to rent or buy a home or get a job.

By contrast, Equifax expects its stakeholders – whole nations’ worth of people – to overlook its gross misconduct. The website the company has stood up (an unpatched stock WordPress installation with a defective TLS certificate) just tells you to come back in a week to get a coupon good for a year’s worth of Equifax credit monitoring (without specifically disclosing whether your data was breached). Calling the company’s phone hotline connects you to a third-party subcontractor who directs you to the website and provides no details about the breach.

Searching the site for information about your breach subjects you to a clickthrough agreement in which you waive your right to sue the company.

Chief Executive Richard Smith called the breach “disappointing.”


Fwiw, anyone (let me repeat that A N Y O N E) in the US with any credit history is being told to act as if they have been affected by the breach in order to help protect their personal data. Basically a majority of adults in the US are affected.

One such damage control step that’s being suggested is putting long term freezes on your credit, which p much means if a thief tries to take out a line of credit in your name, your credit report can’t be pulled to allow any new lines.

You’ll need to do freezes one by one with all 3 of the big credit reporting companies, including Equifax, iirc. Long term freezes don’t fix your score if there’s an issue, but can keep it from further potential damage until you remove the freeze.

This is very serious and, most unfortunately, Equifax is not going to inform people (except a very small <1% portion) that they have been affected, placing the onus on the victims of the breach.

Cnet has made the best resources and summary I’ve seen yet btw



Using the tool they’ve provided to check if you were effected waives your right to sue them jsyk