advertisement

The scale of the hack suggests that the credit bureau and data firm may not have been following the financial services industry’s security guidelines.

There’s Simply No Excuse For Equifax’s Catastrophic Breach, Say Experts

[Photo: Flickr user Derek Bridges]

BY Mark Sullivan3 minute read

Equifax just suffered what may be one of the biggest and most potentially damaging data breaches in history, and security experts are saying that the breach was probably preventable.

The credit bureau said Thursday that it learned July 29th that hackers had compromised the personal data–including credit card numbers, social security numbers, and birthdates–of 143 million US consumers and an unspecified number of UK and Canadian customers, in a breach that occurred sometime between mid-May and July. The credit cards of 209,000 U.S. customers were compromised, as well as personally identifiable information on 182,000 people involved in credit disputes.

Equifax chairman and CEO Richard F. Smith called the breach “disappointing.”

“This is a terrible story,” said Cooper Levenson attorney and security expert Peter Fu. “No one entity should ever have all of our personal data in a single breakable point of entry.” The sheer volume of the loss suggests hackers were able to quickly grab huge chunks of data in a “catastrophic” breach, Fu says.


Related: Equifax execs dumped company stock before disclosing data breach


While law enforcement is keeping the technical details of the breach quiet for the moment, the available facts strongly suggest Equifax may not have been following accepted security guidelines.

Fu points out that the Payment Card Industry security guidelines used by banks and credit card companies require that companies keep billing information (names, addresses, social security numbers, etc.), financial information (credit card numbers), and miscellaneous supporting documents in separate secure places.

PluggedIn Newsletter logo
Sign up for our weekly tech digest.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy Policy

ABOUT THE AUTHOR

Mark Sullivan is a senior writer at Fast Company, covering emerging tech, AI, and tech policy. Before coming to Fast Company in January 2016, Sullivan wrote for VentureBeat, Light Reading, CNET, Wired, and PCWorld More


Explore Topics