I’m sure I don’t need to introduce Equifax Inc., but they are one of the big three credit agencies that collects and aggregates information for a large portion of the population. I’m even more sure that I do not need to update everyone on what happened at Equifax in the last couple of weeks. However, they were breached and like many Canadians; I received a letter stating that the following information of mine was impacted:
- Phone number
- Email address
- Password and secret questions/answers.
As Manager for Governance, Risk and Compliance in Scalar’s Risk Advisory practice, I take many steps to protect myself online. Sometimes that is not enough. The fact is Equifax was breached because of vulnerabilities on their website due to unpatched software, which could have been left unpatched for over 2 months. Unfortunately, if companies do not take basic security practices and ensure they are regularly completed, then everything I do is almost pointless. Malicious individuals will always try to get a “big score” of information rather than attacking one person at a time. The other major point here is that even if I did not use Equifax, they have access to my information anyway.
Now what? I received my letter and they are offering Canadians affected by the breach: daily credit monitoring for 12 months, internet scanning with alerts, identity restoration help, and up to 50k in ID theft insurance. The unfortunate part is, whoever stole my information can just wait 1 year for these assistance options to expire.
I hope Equifax and other companies learn from this and take more steps to protect the information they are entrusted with. In the past week, I’ve had to change the passwords to all my accounts, check my credit daily, and constantly worry I’ll eventually need to go through some sort of paperwork to clear a credit application or inquiry that I did not initiate.
I urge anyone who is affected by this, or other similar breaches, to consider not retaining your confidence in companies that are negligent in protecting your information. A recent survey conducted on Equifax breach victims stated that roughly 90% would still use their service. This is especially troubling as it does not make these companies want to improve their security, just their cybersecurity insurance.