The government’s final report on the Equifax data breach was released this week, more than 14 months after one of the worst cybersecurity incidents ever.
The scathing 96-page report by the House Oversight and Government Reform Committee roundly criticizes Equifax for failing “to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable.”
U.S. report says Equifax data breach was ‘entirely preventable’
In September of 2017, Equifax, one of the nation’s three main credit-reporting bureaus, disclosed a massive breach that exposed more than 148 million people to identity fraud and theft.
The hackers, who have never been identified, made off with a treasure trove of personal information, like names, addresses, Social Security numbers and in some cases, credit card numbers.
The congressional report outlined a number of fails on the part of Equifax, including:
- Equifax failed to patch a disclosed vulnerability that was easily fixable.
- The security system that would normally catch hack attempts had been inactive for 19 months. If it was updated, it could have stopped the hack within two days.
- Hackers accessed 48 databases and had basically free rein for more than two months, downloading data on 259 occasions.
- After the data breach, Equifax’s call center sent people to a scam site.
For its part, Equifax countered the critical report with a statement lamenting the fact that the committee didn’t give it a chance to respond to key lapses cited in the document.
“We are deeply disappointed that the Committee chose not to provide us with adequate time to review and respond to a 100-page report consisting of highly technical and important information,” Equifax spokesperson Wyatt Jefferies said, according to TechCrunch. “During the few hours we were given to conduct a preliminary review we identified significant inaccuracies and disagree with many of the factual findings.”
Money expert Clark Howard says that the Equifax data breach is a public failure on many levels.
“This is a company that has suffered no consequences,” he says. “The Congress has looked the other way …. and you know what really stinks? There are no consequences at this point in modern American life if you’re big enough, powerful enough and rich enough, you can be stupid, dumb or steal and get away with it!”
Clark says the main way to keep your information safe in light of the Equifax data breach is to freeze your credit. His Credit Freeze Guide will walk you through the steps for Equifax, Experian and TransUnion.
Take this important step BEFORE you freeze your credit
The #1 security issue online these days is identity theft. That’s why Clark says the one thing you need to do before you freeze your credit is to put in place a way for you to monitor your credit. This is what he wants you to do:
- Sign up for a Credit Karma or Credit Sesame account to get free credit monitoring and be notified when anyone tries to access your personal info. Here’s a step-by-step rundown of how to do it.