Oh, My Equifax.

As we wait to see what Hurricane Jose will choose to do as it spins in the Atlantic, Hurricane Irma and the havoc caused by Harvey in Houston has impacted millions of Americans and reminds us of the strength of Mother Nature, who will always have the last and final word. With the recent Equifax breach, we’ve learned that disasters come in many forms. The company announced a breach affecting an even larger population than the hurricanes that have recently hit. Hackers gained access to a staggering 143 million people whose personal information, including driver’s licenses, mortgage information, and Social Security numbers, is now at risk. Oh, geez. Thankfully, no death and destruction, but the havoc is a nightmare pure and simple.
Yahoo! gets the award for the largest hack. But Equifax gets the award for the most sensitive hack. No other breach has struck gold like the highly sensitive personal information locked up in a now broken into treasure chest of a consumer credit agency. Information is the lifeblood of this company. IT IS what they do. And they botched big time by a) letting the breach happen when it is their core business and b) waiting a couple of months under the guise of giving authorities more time to catch the perpetrators. C’mon. Really?
To their credit they have a website that lets you put in your last name and the last six digits of your social security number to see if you were affected but I tell you I was a little uneasy putting anything into that website after what they just announced. Apparently their 1–800 number is getting too many callers — that would be about 143 million probably — and they can’t deal with the volume so people are even more upset. Their way of apologizing is to leave poor consumers on their own with the proverbial free year’s worth of monitoring services. But when all hell breaks lose and our monitor pops up with flashing red alerts it’s the lowly consumer who has to deal with the fall out. Awful. To make matters worse there are now investigations into the sales of shares by three top executives before they went public with the breach. The optics stink no matter if they knew or not. This is a bungling of major proportions and it’s embarrassment to Equifax, it’s leadership and our industry.
I asked my colleagues yesterday where is the class action suit? Where are the lawyers lining up because it seems unless there is real financial hits to these firms they’re going to pay lip service to trite apologies, provide 1–800 numbers that don’t get picked up and silly monitoring services until the next one hits. Why is it that BP can have a gusher of epic proportions and pay billions in fines and move into communities to clean up their mess or J&J who Tylenol bottles were breached was a poster child for what to do right when consumer trust is lost, but Equifax can have another gusher of epic proportions with no seeming consequence?
Our industry is in the business of data and information. We are dealing with people’s most sensitive information because our system says we have to and when it comes time to deal with breaches, and tsunami’s of stolen information we must do better than CEOs who apologize, and then put little teeth into the fix. The consumer and user has to be at the center of all we do, but once again we’ve got a poor example and not much else to turn to.