We reported on Friday how Equifax had been hit by possibly the world’s biggest cyber-theft. They notified their customers, but – astoundingly – they did so in such an insecure manner that it raises serious questions about the safety of people’s data. The Information Commissioner’s Office (ICO) is investigating how many UK citizens were affected by the Equifax hack and it acts as a timely reminder to take security seriously – for all businesses.
Equifax Hack – World’s biggest ever Cyber Theft?
After having 142 million peoples’ personal details and credit card numbers stolen, the global company launched a basic, insecure, WordPress site to notify them. It took them 40 days to disclose that the hack had taken place, and they said: ““The information accessed includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.”
It also says “credit card numbers for approximately 209,000 US consumers” have been accessed along with “certain dispute documents with personal identifying information for approximately 182,000 US consumers.”
Equifax Website Security Flaws
Equifax’s website for notifications – https://www.equifaxsecurity2017.com – invites customers to enrol in a complimentary (for one year only) identity theft protection & credit file monitoring product: TrustedID Premier.
This raises questions about how much they really care about their customers’ personal data: the free WordPress template they have used also has a free SSL certificate – none of which suggests that the security of this website is important to them – despite it being used to harvest yet more personal data from the customers it has already let down.
In the same week, the BBC reports that the taxman is also playing fast and loose with our data. They say that a security researcher found loopholes in the HMRC website, but struggled to notify them so they could be fixed. He eventually managed to report the bug after 57 days of trying.
This is not good enough – security cannot be taken for granted and criminals could do no end of harm with all of this personal data. It may initially seem like a victimless crime as the banks reimburse stolen money but, in the end, someone has to pay for it. The reputational damage of losing customer data would sink most smaller companies, and larger companies face huge fines if they have not taken security seriously.
Digitalquill – Experts in IT Security
At Digitalquill we help businesses across the Hull area to keep customer data safe. Whether it’s securing a router, protecting backups or making sure you’re compliant with credit card processing rules – we can help. For more information simply call us on 01482 424402 or email firstname.lastname@example.org.