The past week brought news that more personal information than previously documented was exposed in the Equifax data breach. While this information may not pose additional risk for the consumer, the news – coupled with a report that the Consumer Financial Protection Bureau has halted its investigation into Equifax and a scathing list of findings from Senator Elizabeth Warren – keeps the corporation in the bad-news headlines.
The Equifax story has been in the news for months, beginning with the breach announcement in early September 2017. The first of the year brought the expiration of the offer to sign up for one year of free credit monitoring, Equifax’s new free “Lock & Alert” service, and warnings to be extra vigilant when filing taxes this year.
More Data Accessed in Breach
Now we learn that Equifax reported to the Senate Banking Committee that additional data such as tax identification numbers and email addresses were accessed. In the words of Monty Python, seems like the Equifax story is ‘not dead yet’.
Security experts, such as Al Pascual at Javelin Strategy & Research, note that “… considering the scale of the breach, this additional information doesn’t move the needle.” And an Equifax spokesperson told Consumer Reports that the “approximately 145.5 million consumers (affected by the data breach) has not changed.”
Top Posts in Data Security
- Cyber Security Predictions for 2018: The Top Experts Speak
- Cyber Security Statistics 2017: Data Breaches and Cyber Attacks
- Information Security Trends 2017 and 2018
- Top Cyber Security Conferences: 2018’s Best Information Security Events
The additional data accessed, however, further highlights the astonishing amount of information collected by credit reporting agencies.
More Government Scrutiny Following Breach
Equifax has been the subject of increased focus from the US government over the past couple of weeks, as well.
Reuters reported that, according to sources, the Consumer Financial Protection Bureau (CFPB) has pulled back from a probe into the Equifax failure to protect consumer data. This report prompted US Senator Mark Warner and many other Senators to demand answers, with the Senators stating “the CFPB has a clear duty to supervise consumer reporting agencies, investigate how this breach has or will harm consumers, and bring enforcement actions as necessary.”
Finally, a scathing report from US Senator Elizabeth Warren alleges that Equifax set up a flawed system to prevent and mitigate data security problems, ignored numerous warnings of risks to sensitive data, and failed to notify the public about the breach in a timely and appropriate fashion. She is calling for federal legislation to help prevent and respond to future data breaches.
In the wake of the Equifax breach, the previously reported advice remains true: if you haven’t yet, consider placing a credit freeze or credit lock on your reports (at all credit bureaus). Another good piece of advice: consider advanced authentication methods, such as two-factor authentication (2FA).