The Financial Times has taken an in-depth look at the Equifax data leak.
The details are as disturbing as the flashy headlines.
Lawmakers and customers have vented their anger at the credit bureau after it was revealed that hackers were able to access an astounding amount of data. Experts estimate the sensitive data, including Social Security numbers, of over 143 million people in the U.S., Canada, and U.K. has been compromised.
Over 200,000 credit card numbers were also stolen.
Attorneys-general and other customer advocates are urging people to carefully monitor their accounts and credit reports.
While last year’s Yahoo leak was larger in terms of sheer numbers of people affected, that leak did not involve sensitive data. Yahoo was also not a business that staked its reputation on securely handling sensitive data. As Equifax CEO Richard F. Smith said, the hack hit “at the heart of who we are and what we do.”
The Equifax leak is a larger and more damaging version of the 2015 Anthem hack that put the sensitive data of 78 million people at risk.
Equifax has lost $3.5 billion in market value since news of the hack was released. Its stock fell by 8 percent on Monday, and by 13 percent last Friday.
Analysts predicted there would be congressional hearings, an investigation by the Consumer Financial Protection Bureau, hearings at the Federal Trade Commission, and numerous lawsuits.
The Securities and Exchange Commission is expected to investigate a number of abnormalities. It took Equifax five weeks to disclose the leak. There have also been allegations that three of the company’s executives engaged in insider trading.
Equifax has not released any details about the hack other than to suggest that it was related to a U.S.-based web app. Many experts have expressed shock that a company like Equifax could allow such a gap in its cyber defenses.
One expert said that a basic examination of the company’s web presence revealed numerous weaknesses, like old programming languages. The company also used the Apache Struts framework, which had proven vulnerable to previous hacks.
Equifax has offered all potentially affected customers a year of its TrustedID credit monitoring service. The irony has not been lost on most people.
Eric Johnson, dean of the Owen Graduate School of Management at Vanderbilt University, said, “This is the great irony: it is like going to the hospital and getting beaten up.”