Pressure grows on Equifax over shoddy breach handling

DataIQ News

Equifax is facing mounting pressure to provide exact details of last week's US data breach, which has also affected customers in the UK and Canada, amid growing criticism of its response to the incident.

The company admitted hackers had exposed the personal data of 143 million customers in the US late last week, but has so far refused to say how many Brits have been caught up in the breach.

The UK Information Commissioner's Office has already urged the company to contact those affected in this country and says it is closely monitoring the situation.

But security experts have slammed the business for its shoddy handling of the situation.

Forrester security analyst Jeff Pollard called for more clarity on what data has been compromised in the breach, given how sensitive it could be.

He said: “When retailers get hit by a breach like this, it’s a single credit card that might get stolen, when Equifax it could be everything about the affected parties, and presumably linked to other things. We need more information from Equifax other than your information was or possibly was accessed."

Meanwhile, Richard Parris, CEO and chairman of Intercede, added: "Companies like Equifax are supposed to be the bastions of customer data. Yet, as has worryingly become commonplace today, businesses are continuing to neglect how they protect customer data – and even their own data.

"The right security methods are out there – strong authentication that incorporates multiple levels of authentication such as PIN numbers, devices and biometrics. This makes it much more difficult for cybercriminals to hack into systems. But it appears businesses are getting lazy and lack the volition to make change.

"Equifax’s data breach is an example of the type of breach we should not be seeing today, and it’s worrying that calls for change are falling on deaf ears. Businesses will have no choice but to sit up and listen as GDPR comes into effect next year, but it’s reproachable to see businesses continuing to play fast and loose with our personal information until something bad happens to them."

Two US law firms, OlsenDaines and Geragos & Geragos, have already started a class action against the company. The complaint alleges Equifax was negligent in failing to provide adequate technological safeguards to protect consumer information and that it should have spent more to prevent cyber-attacks, but chose not to.

One of the attorneys with Geragos & Geragos said on Twitter the lawsuit could be the largest “class action in US history” and told Fox Business his firm would seek as much as $70bn (£53bn) in damages on behalf of consumers across the nation.

See also: News Analysis: Equifax faces tough questions and class actions