"We will make changes".
And just days after the company learned of the hack, three top Equifax executives, including the chief financial officer, sold shares of the company's stock worth nearly $2 million.
That information included access to Social Security numbers, birth dates, addresses, driver's license numbers and credit-card numbers - a treasure trove of data considered "the crown jewels of personal information", John Ulzheimer, an independent credit consultant who previously worked at Equifax, told the Associated Press.
"We are devoting extraordinary resources to make sure this kind of incident doesn't happen again". Their information is likely now at large, and being bought and sold on the cybercrime underground.
The Center for Information Security Awareness (https://www.cfisa.org) was formed in 2007 by a group of leading security experts and academics to explore more effective ways to increase security awareness among a number of audiences including consumers, employees, small business owners and law enforcement. "Hackers are doing a better job at targeting humans".
Committee members also want to know more about the timing of sales of Equifax shares by three company executives before the breach became public.
We will continue to update our readers as this situation develops. Plaintiffs' lawyers will try to establish that Equifax began deceiving investors long before it found out about the breach so they can include more shareholders in the class action. The company waited until September 7 to reveal the unauthorized access that occurred in mid-May and was discovered on July 29.
Equifax discovered the intrusion on July 29. "At the time, we thought the intrusion was limited".
In fact, taking six weeks to notify victims is common and often warranted. They should be wary of unsolicited calls or email that say they are related to the breach and that ask to confirm or enter personal information.
Last Friday, Equifax shocked the country with news about a data breach of unprecedented scope.
"Equifax's deliberate in-action, turning a blind eye to this massive system failure and then potential insider trading on it, is beyond egregious negligence", said Andrew N. Friedman, Plaintiffs' Counsel and Partner at Cohen Milstein and Co-Chair of the firm's Consumer Protection Practice. Considering the seemingly endless stream of major hacks that have taken place in recent years, proving that data used to, say, illegally take out a loan in your name came specifically from Equifax would be hard if not impossible.
The company said the breach had also affected an unknown number of United Kingdom and Canadian consumers, but did not implement similar websites for people in those countries.
Initial media reports suggested that the breach may have been as a result of an undisclosed flaw in Struts, but Equifax appear to have now admitted that CVE-2017-5638 was the struts vulnerability used in the attack. The question is what happens with your data once Equifax or the other bureaus have it.
Whether these banks put their money where their mouth is, however, remains to be seen. It's your best protection.
The BBB says even before this breach more than 6 billion records have been stolen this year.