Equifax Data Breach

Equifax, a service that maintains credit histories and credit scores for businesses, organizations and individuals, was hacked "between mid-May and July 29, 2017". It wasn't until July 29, 2017 that the breach was found and was stopped. But by that date, the data of 143 million U.S. citizens were compromised. This data included their "names, addresses, birth dates, social security numbers, and in some cases, their driver's license numbers. In addition, for some 209,000 U.S. Citizens, their credit card information was also stolen.

Significance of the Equifax Breach
Because Equifax stores and manages credit histories and credit scores, financial institutions use their services to grant or deny loans and/or mortgages to individuals and businesses. In other cases, credit histories are used to determine if an individual qualifies to purchase a car or rent an apartment.

The ‘Big Four’
Your name, address, birth date, and security number are considered the 'big four' security identifiers. The fact that the 'big four' were stolen from so many individuals makes this data breach different from other notable data breaches such as Yahoo! and Target.

Why This Matters
Once the 'Big Four' is in the possession of others, identity thieves may use the information to do either or both of the following : Either type of fraud can cause tremendous amounts of stress due to the time and costs spent on repairing one's credit and regaining ownership of one's identity.
 * 1) New account fraud
 * 2) Account takeover

Causes of the Equifax Breach
According to Wayne Rash, a freelance writer and editor with a 35 year history covering technology, the Equifax breach was "a major failure of computer systems’ internal control, with both underlying causes and Equifax-specific factors".

The underlying causes include: The specific cause of the Equifax breach is attributed to the failure to install a security patch to an "Apache Struts" vulnerability which had first been identified by US-CERT, in March (2017). Equifax claims they took actions to identify and patch the vulnerability, yet attackers still exploited the flaw.
 * The evolution from a centralized information technology infrastructure with no public links to a decentralized, "globally-outsourced" infrastructure with many connected devices worldwide.
 * A shift on IT culture resulting in movement away from internal control and significant testing to a "culture of innovation" and "fixing bugs later".
 * The lack of security of the internet which was originally designed to be a way for academics, corporate and government researchers to share information but has evolved into adding frequent security patches to address the inherent lack of security.

Lawsuits Against Equifax
As of April 2018, West Virginia joined many other states such as Georgia and Oregon in bringing a lawsuit against Equifax. As of September 2017, more than 30 lawsuits have been filed, including a lawsuit concerning securities fraud.