The Equifax Data Breach Scandal

The credit rating business in America is largely an oligopoly. It is run by three major companies, Equifax, TransUnion, and Experian. Each of these corporations contains a massive amount of data regarding sensitive financial information about millions of people. They need to have systems in place to protect this data and ensure that it does not fall into the wrong hands. This is precisely what one of these giants, i.e., Equifax failed to do. This is the reason why this major corporation is in hot water and on the receiving end of public ire.

Equifax recently states that hackers have stolen data about 143 million people from their servers. 143 million is a massive number. It is about 50% of the population of the United States. To add to this problem some of this stolen information is permanent, i.e., date of birth, social security number, addresses, etc. This incident reported by Equifax is the worst data breach that the world has seen to date!

The following are some of the reasons why Equifax data breach incident is nothing less than a scandal.

Delay in Releasing Information: The Equifax data breach is the worst in the history of breaches not because of its scale but because of the completeness of data that the hackers were able to procure. With the information that the hackers have at hand, it is possible for them to steal someone’s identity easily. This means that they can take out credit cards and loans in their name without the person even knowing. Obviously, there is a risk that the victim may face grave financial danger.

However, Equifax does not seem too concerned. They knew about the data breach since July. They also knew that the data breach has been going on since May. However, they waited full six weeks until September before they released this information.

During this period several people may have faced identity theft. However, Equifax did not give them a chance to be prepared or prevent their loss. This raises questions regarding whether the management of this crisis was done ethically by Equifax.

Insider Trading: Equifax executives took advantage of the information that they had about the data breach. John Gamble, the Chief Financial Officer of Equifax, sold a massive amount of shares on Aug 2nd and 3rd (2017), i.e., within the first week after Equifax found about this catastrophic incident. This is where the issue changes from mismanagement to criminal intent.

The spokesperson of Equifax has stated that Mr. Gamble was not aware of the data breach. This then raises two very pertinent questions. Why is it that someone of the stature of CFO of a major corporation was not aware of an incident of this magnitude? Also, why was Mr. Gamble selling out shares in such huge magnitude if it was not part of some pre-determined option exercising program? The question of unethical conduct on the part of Equifax becomes even stronger when these facts are considered.

Equifax Takes Advantage: Equifax stands to make money off people’s misery. It will charge money to the victims of their own breach in order to protect their credit. Equifax had started a service wherein users can enter their information and check whether their data has been compromised during the breach. If the data has been compromised, Equifax offers an option called credit freeze. If the users select this option, their credit check will not give any result and nobody can take a loan or credit card in their name.

However, Equifax is offering this service for a fee. This is outrageous given the fact that it is Equifax’s negligence that is now compelling the customers to buy this product in the first place. Equifax is now offering this service for free for the first year. After that, the customers will be billed at $20 per month. In fact, users have to provide a credit card that Equifax can charge after the free trial is over!

Equifax has continued with its unethical business practices and has included text which takes away the right to sue Equifax from customers who sign up for this service. Almost nobody reads the online terms and conditions before they sign up for it. Equifax seems to be aware of this fact and is looking to exploit it.

Equifax’s unethical behavior and careless attitude are because the people whose information they have lost are not their customers. They are merely the product. Hence, whatever they think of the firm has zero impact on its business. The customers of Equifax are banks, credit card firms and such other companies who use this data that Equifax sells. Until they start behaving sternly, it is highly unlikely that Equifax will change any of its policies.

To sum it up, Equifax has just been the victim of a scandalous data breach. However, their attitude towards people whose data was lost is repugnant. They don’t seem to care and are in fact indulging in even more unethical activities.