Before we get into their latest batch of incompetence, let’s catch everyone up on what has transpired with the credit monitoring agency this year. From my piece a week ago on the IRS handing them a no-bid contract after Equifax lost all your sensitive information:
1. In early March, Equifax began notifying a small number of outsiders and banking customers that they were bringing in a security firm to help investigate a breach.
2. In late July, Equifax suffered another breach through the same well-known and unpatched hole that hackers found their way through in March, compromising roughly 143 million accounts. They did not announce this hack to the public.
3. Shortly after the hack, in early August, three Equifax executives named John Gamble, Joseph Loughran, and Rodolfo Ploder sold shares worth $1.8 million. The public still had no knowledge of the breach.
4. After announcing the hack in September, Equifax devised a trick that lawyers worried would waive your right to a lawsuit against them. Prior to the webpage showing you if your data had been compromised, they made you agree to some fine print that may have let them off the hook entirely. After a widespread uproar, they removed it. To top it all off, they subsequently left a tweet up for 24 hours directing their concerned customers to a phishing website.
5. Shortly after initial reports that Tom Petty had died on Monday, and while we were still piecing together the horror that occurred in Las Vegas, Equifax tried to slip more bad news past us while we grieved.
To top off this shitstorm of rank incompetence and greed, Equifax didn’t even encrypt your data. Online t-shirt sellers encrypt credit card information but a giant company whose entire fucking business model centers around storing sensitive data didn’t even bother to take this step that’s as necessary in the digital age as breathing air. Leaving sensitive information stored in plain text as opposed to encrypting it is like storing your gold in a file cabinet on the side of the road instead of inside Fort Knox.
Now, it looks like Equifax got hacked again, and they weren’t even the ones who discovered it. Per CNBC:
Equifax said on Thursday it has taken one of its customer help web pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of 145.5 million people.
The move came after an independent security analyst on Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.
If capitalism as we describe it existed in America, Equifax wouldn’t.
Jacob Weindling is a staff writer for Paste politics. Follow him on Twitter at @Jakeweindling.