Equifax Week Two: It Keeps Getting Worse
The drumbeat of bad news continues for credit monitoring agency Equifax Inc., after its disclosure on September 7th of a massive data breach – compromising Social Security numbers, dates of birth and other personally identifiable information – that might affect as many as 143 million Americans. Here’s a recap of the latest:
- Top Information Security Execs Are Out – Equifax announced that its top information security executives, the Chief Information Officer (CIO) and Chief Security Officer (CSO), are “retiring” and that an interim CIO has been named. In a press release issued Friday, the company said the “personnel changes” are “effective immediately.” These moves follow a media uproar earlier in the week that raised concerns over the former CSO’s cybersecurity chops and background including two fine arts degrees in music composition.
- “Apache Struts” Is the Culprit – The company has identified the Apache Struts web application as the “initial attack vector,” which has been “patched.” The Apache Struts is open-source software used to build interactive websites and portals. But the vulnerability isn’t new. Back in early March, Cisco reported the vulnerability and a patch was issued the same day. And two days later, on March 8th, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team sent out a notice concerning the vulnerability, warning that a “remote attacker could exploit this vulnerability to take control of an affected system.”
- Market Meltdown -- The market has continued to punish Equifax shareholders. The company’s market capitalization is down nearly 40% or about $6 billion. Before the massive breach was disclosed, the company’s market capitalization was more than $17 billion. It has since fallen to just north of $11 billon.
- FTC Confirms Probe – In a highly unusual move, the U.S. Federal Trade Commission confirmed that the consumer protection agency is conducting an investigation into the Equifax data breach. The agency rarely comments on ongoing investigations but “in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” FTC spokesman Peter Kaplan said on Thursday.
- Schumer Shames Equifax – The chorus of criticism from lawmakers continued. U.S. Senator Charles E. Schumer (D-NY) took to Twitter on Thursday, calling the Equifax breach “one of the most egregious examples of corporate malfeasance since Enron.”
- Litigation Piles Up – And finally, the putative class actions lawsuits continue. It’s difficult to keep track of all of the cases but early in the week, 23 class actions were docketed. By the week’s close, the Wall Street Journal reported that more than 100 lawsuits had been filed.
Stay tuned. We’ll continue to monitor this evolving story.