Hurricane Irma has been hailed as one of the strongest Atlantic storms in history. Not to be outdone, Equifax announced their own new record for one of the largest information breaches ever. That’s right, one of the three nationwide consumer credit reporting agencies, Equifax was attacked yesterday through an application on their website which allowed hackers to further breach their corporate servers. This resulted in exposing the sensitive information of just 143 million out of 323 million Americans, Yeah, half of the U.S. Oh wait, they weren’t attacked yesterday? They were attacked sometime back in May? And they are only telling us about it now? Awesome.
Probably today's headlines.
Equifax has apparently hired a "leading cyber security firm" probably called Too Little, Too Late LLC., to conduct a forensic investigation. In his video statement, Chairman and CEO of Equifax Inc. Rich Smith, stated that, "the unauthorized access occurred between mid-May and July." That statement should have more accurately been: the unauthorized access began in mid-May and did not cease until July 29th, a slight difference. They also discovered that over 209,000 credit card numbers were compromised along with 180,000 financial dispute documents. The breach also affected Canadian and European citizens as well. Unfortunately, the authors of the attack have not been identified, but we think we have a pretty good idea who was behind it.
Or Russia, whatever helps the national narrative.
Seemingly attempting to prove that companies are more important than individuals, devoid of all ethics, and completely invincible, Smith apologized for the breach and then stated he was going to give the people affected a “comprehensive package of identity theft protection and credit file monitoring at no cost,” which would be great if it weren’t exactly like if a bank that had just been robbed offered to open new checking accounts for you to put more money into. Only it’s actually worse than that because the package they are offering you doesn’t help fix any problems caused by the breach, as explained in their 7200-word terms and conditions:
“We do not offer, provide, or furnish any products, or any advice, counseling, or assistance, for the express or implied purpose of improving your credit record, credit history, or credit rating… By this we mean that we do not claim we can 'clean up' or 'improve' your credit record, credit history, or credit rating."
Also, if you count the six weeks it took for them to report the issue on top of the additional week it will take for them to allow you to sign up for the service, that will be nearly two months your partner has been sleeping with you without telling you they picked up a disease on the side. Haha, don’t be mad. Oh and one last thing, if you accept this unprecedented gift of credit monitoring, you forfeit your rights to arbitration on the matter and therefore cannot sue independently or participate in any class action suit.
This is an abusive domestic violence relationship. You’ve been forced into bed with a conglomerate, they’ve heavily wounded you, and if they call an ambulance for you, you have to promise not to press charges.
You better not make a fucking scene, Marie, I swear to God.
And that was pretty much the response Equifax had. In his solemn summary, holder of the whitest and most privileged name you can imagine, Rich Smith stated that Equifax won’t be defined by this incident and instead promised to build, “a stronger company, with many great days ahead.” Which must be so nice to not have to worry about performance or consequence. Literally not even a shred of concern. We will be here tomorrow, and the next day, and the day after that, no matter what, because we are too important to fail.
To pour salt in the wound, a few employees sold their stock in the company in the ample amount of time between when the breach occurred and its public announcement. Chief Financial Officer John Gamble, President of U.S. Information Solutions Joseph Loughran, and President of Workforce Solutions Rodolfo Ploder, off loaded shares totaling to nearly $2,000,000. Equifax stated that the three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, “had no knowledge that an intrusion had occurred at the time they sold their shares,” implying they either believe the American public are a bunch of absolute fucking morons, or all Equifax executives as terms of their employment are required to have incredible blind luck, if only they could have used it to predict the breach.
Equifax was somehow founded by timelords 118 years ago in 1899. It currently has 9,500 employees and a reported net income of approximately $488,800,000 in 2016 while defying the 927 reviews that result in a single star rating through Consumer Affairs. Their executives reported the following total earnings last year:
Richard F. Smith
Chairman and Chief Executive Officer
Coretha M. Rushing
Corporate Vice President and Chief Human Resources Officer
John J. Kelley III
Corporate Vice President, Chief Legal Officer and Corporate Secretary
John W. Gamble Jr.
Corporate Vice President and Chief Financial Officer
Rodolfo O. Ploder
President, Workforce Solutions
In terms of volume of individuals affected, this is not the largest breach in history, as Yahoo takes the cake with the billion user accounts compromised in 2013. In second is AdultFriendFinder spilling the account information of 419 million users in 2016 and third is eBay's breach of 145 million users in 2014. However, those breaches, while serious, compromised things like email accounts, passwords, and user information. The information lost in the Equifax breach includes birthdates, full names, social security numbers, properties, accounts, financial documents, etc. Kind of big deal.
Some of you may be wondering, how could such an incredibly powerful company, who's reports are the deciding factors in so many people's lives, be compromised by such a glaring flaw? Well we might have an idea...!
I see you've been a professional at your last 3 jobs, excellent.
As you can see, Miss Susan Mauldin, the Chief Security Officer for Equifax, is a master at music composition, a skill that was undoubtedly invaluable when it came to protecting our information. Maybe she was the perfect person for the job, or maybe Equifax should have been a bit more responsible and hired a subject matter expert over a musical chair's enthusiast, who am I to judge? In a not at all suspicious development, Mauldin's LinkedIn profile has since been set to private and screen captures of her glaring underqualifications are being purged from the internet at breakneck speeds. Now, we know that there are likely hundreds of other Internet Security employees who do the actual protecting, but given their leadership and the current state of affairs, they might not be the best in their chosen field. I'm not just referring to the breach, but the response as well.
Equifax created www.equifaxsecurity2017.com, which according to Arstechnica runs on a stock installation WordPress, a content management system which lacks the necessary security for a site requesting last names and the last six digits of your social security number. Additionally, they found that the TLS certificate doesn't perform proper revocation checks. They also report that a username for administering the site had been left in a page.
It's a sad day when the company responsible for one third of America's credit reporting drops enough balls to make George Michael blush, but based on past events, they won't likely realistically suffer. When Target failed to protect the consumer information of 41 million customers back in 2013, they were forced to pay only a laughable $18.5 million in response to lawsuits, which is nearly just one year of Ole' Dicky Smith's salary Considering in 2016 Equifax reported their revenue stream was in excess of $3,144,000,000, I don't think they would feel a judgement even 10 times larger. Yahoo and eBay are still deadlocked in litigation with each of their class-action suits years ago. How does bullshit like this take place? Corporate Personhood removes much of the responisbility that incompetent leaders might otherwise face when they do stupid shit that results in events like this. That coupled with the power that Citizens United v. Federal Election Commission 558 U.S. 310 provides, we now allow corporations to allocate nearly limitless funding to political candidates of their choosing which means that large entities can gain power and protection from the government by literally shaping it with the people they want in office. When companies start generating enough cash, they don't have to worry about their reputation. Which means at the end of the day, your interests are far less important than corporate interests. You really can't even control which hole gets violated first.
Subscribe to What Could It Meme?
Get the latest posts delivered right to your inbox