One of the largest data breaches ever has been revealed last Thursday as attackers used an exploit on Equifax’s website to access records for 143 million US citizens. The breach was detected from mid-May to July 29th when it was detected. During the time that it was detected up to last Thursday, Equifax senior executives sold $1.8 million in stock according to Bloomberg. In addition, the company waited for a month before releasing news of the breach only last week.
It Gets Worse…
In response to the security breach – which exposed sensitive information like Social Security numbers, birth dates, addresses, credit card numbers, personal identifiable information, and in some cases drivers license numbers – Equifax was providing their customers the ability to freeze their credit files for free. The company began providing 10-digit pins allowing individuals to freeze their credit. The PIN codes, however, were generated based on the date and time that customers setup their freeze. This inherently makes the PIN easy to guess – defeating the entire purpose of a 10-digit “random” pin code. According to Ms. Muller-Landau, a Smithsonian research scientist,
“The whole point of a 10-digit PIN is that it’s supposed to be hard to guess. And then, they have this totally transparent algorithm for assigning them.”
The free credit freeze was a direct response to the credit reporting firms charging fees to freeze the credit files that they (compromised AND) had not asked to be setup in the first place.
If you have been given a PIN to freeze your credit – Change it immediately!