"Credit monitoring company Equifax is now in the running for the worst handling of a data breach ever.
Not only did it potentially give up ready-made identity theft packages for more than half of all adult Americans, its response has been heartless verging on evil. The company should be prosecuted and severely financially damaged, but it's acting like it's above the law.
The "full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers." This is far worse than your usual name-and-email breach, or even name-email-and-password, because it gives thieves everything they need to open bank accounts, credit cards, and get loans in your name.
The data was accessed via a "US website application vulnerability." Let that sink in. A company with power over the financial destiny of most Americans—you cannot opt out of data collection if you want to participate easily in the modern American economy—let everyone's data be exposed through its public-facing website.
Equifax responded to the breach with supreme arrogance. After hiding it from the public for more than a month (giving the CFO a ), it directs people to a website where they have to enter the last six digits of their Social Security number to see if they've been pwned. Because, of course, right now you want to trust Equifax with your Social Security number. It then responds with a confusing message about signing you up for credit monitoring.
But oh, it only gets more sinister from there. Twitterer Zack Whittaker points out that even by checking to see if your info was stolen, you to sue Equifax for their malfeasance, which has since of regulators.
Equifax Must Be Punished
The government needs to come down on Equifax hard. The problem is that Equifax offers a privatized, quasi-government function. If you want to participate in the modern US economy, you're subject to the company's rating and arbitration. If you want to rent or buy a home, get a car loan or a cell phone plan, Equifax and its two interchangeable quasi-competitors get to decide your financial fate.
("Not so!" says one commenter, looking up from sewing his handmade clothes in his solar-paneled cabin which he paid for with cash. Okay, Mr. Unabomber, moving on.)
The Washington Post says by why Equifax is acting with such a tin ear. I'm not puzzled; the answer is impunity. When you feel like you have nothing to lose, like you're not under threat, you're going to do the absolute minimum in situations like this. That's what Equifax is doing.
Equifax Must Pay | Sascha Segan | PCMag.com