Equifax, the credit monitoring company, can’t seem to stay out of trouble.
Only a few days after revealing that hackers compromised it’s personal and financial data stores — which affected nearly all of the company’s 143 million customers (40% of Americans) — Equifax set up a site where potential victims could use several digits of their social security number and their birth date to find out whether they were one of the affected individuals, EquifaxSecurity2017.com.
However, that site wasn’t part of Equifax’s corporate website, and users risked giving information to a third party just by visiting the “safety check” page.
From The Daily Wire:
Matters became more complicated on Monday, when Equifax’s Twitter account Tweeted out the wrong safety page link, sending customers to SecurityEquifax2017.com, a faux version of the Equifax site that looks identical, in every way, to the original site, except that it has no authority to collect any sensitive customer information.
Programmer Nick Sweetling created SecurityEquifax2017.com as a test, to see if users leaving Equifax’s site would give their information to an untrusted third-party site, and to prove how reckless Equifax was being in response to the hacking incident.
Sweetling didn’t anticipate that Equifax itself would Tweet out the site. But they did. Three times. Each time sending customers to a site that had no official connection to Equifax’s security protocol.
Once they figured out their mistake, Equifax deleted their Tweets, but not before the fake site’s URL went out to thousands of Equifax’s followers, and three people who Tweeted questions at Equifax, specifically.
This is the third time, in the wake of Equifax’s hacking scandal, that the company has been forced to defend it’s “clean up.” Besides the error Tweets, customers have complained of unfriendly service agents who direct them back to the EquifaxSecurity2017 website only, and immediately following the attack, lawyers became concerned that users who failed to read the fine print on Equifax’s security check sites were signing away their right to sue the company later.
While most Americans are worried about the Equifax cybersecurity breach, not many have taken steps to protect themselves.
From CNN Money:
A poll conducted by research firm SSRS asked American consumers if they’d heard about the breach and how concerned they were that their sensitive information might have been stolen.
Two-thirds said they were “very” or “somewhat” concerned that their information was affected by the Equifax breach in which hackers were able to access the personal information of as many as 143 million people.
But just 19% of respondents said they had taken any steps to find out if their personal information had been compromised.
Of those who did take action, 36% said they’ve placed a fraud alert on their credit. Just 28% enrolled in the free credit-monitoring service offered by Equifax. About 20% said they purchased another credit-monitoring service, and 21% said they’ve frozen their credit.
Among all Americans, 31% said they were “not too concerned” or “not at all concerned” about the breach, which exposed names, Social Security numbers, birth dates, addresses and driver’s license numbers. It’s still not clear who perpetrated the attack.
Nearly 8 in 10 respondents said companies that do a bad job protecting customer data should face more severe legal penalties. That view cuts across party lines: 81% of Democrats and independents and 79% of Republicans agreed.
Equifax is leaving victims to do most of the heavy lifting when it comes to protecting their identities. Though the company is offering a free credit-monitoring service, it’s not reaching out to those affected — people have to go to the Equifax website to find out if their details may have been exposed in the hack.
The breach hasn’t scared people away from credit, either. Of those surveyed, 81% said the incident hasn’t affected their decision to sign up for any type of credit card in the future.
What do you think of this? Sound off in the comments below!