Equifax: A Lesson In Password Security

...And It Was A Lesson Learned The Hard Way.

Equifax Inc. is the oldest of the three largest American Credit Agencies and is one of the most well-renowned consumer credit reporting agency across the globe. They collect information on over 800 million individual consumers and more than 88 million businesses worldwide.

So, between May and July this year, they were the victim of a cybersecurity breach. Or more accurately, their customers were victims of a cybersecurity breach. Around 143 million American customers to be exact. That’s almost half of the entire population of the US. Then there is the 400,000 to 44 million British and Canadian information that was also compromised. Not good.


“The Equifax breach] very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be.”

— Dan Goodin, Why the Equifax breach is very possibly the worst leak of personal info ever. (Ars Technica, 2017)

How Was The Oldest Credit Agency In America Subject To A Data Breach?

By not taking simple steps to ensure that proper regulations were put in place; Equifax is now in an embarrassing position in which they’re having to apologize to A LOT of people.

Equifax now has to deal with the fact that thousands of customers’ personal details were made easily accessible. As well as that, they have had 36 US Senators call upon the federal agency to investigate into why 3 of the company executives came to sell almost £1.5 million worth of shares in the 6 weeks interim between the actual breach and the announcement of the breach. Yes, you read that right. It took Equifax 6 weeks to tell the public that their personal details had been accessed. AND the pièce de résistance for Equifax is that they are now potentially being sued for $70 billion – making it the largest class-action lawsuit in US History. All because they used ‘admin’ as their username. And the password? Well, that was ‘admin’ too.

To make matters worse, after the breach, they employed a cybersecurity team to investigate and to help stop this from happening again, and the team found that throughout the company, most workers login’s and passwords, given to them by Equifax, was simply their last name. For both the username and password. Both. Occasionally, their first initial was put into the mix too.

How They're Fixing Their Mess

They’re taking steps now to clear up the mess they’ve made, but that doesn’t change the fact that almost a quarter of a million people’s details were made accessible due to negligence. As a result, Equifax created the website for U.S. consumers to “see if your personal information is potentially impacted.” Let’s be honest: It looks like a fraud site. It’s frighteningly bare-bones and the URL differs from Equifax’s main site. Some peoples browsers are throwing up phishing warnings due to back-end configuration issues, and Equifax even asks for your social security number to confirm whether it leaked your social security number. What?! How have they still not learned?!

Finally, if you would rather read about how you can prevent being hacked, how to create a much better password than ‘admin’ and how to spot a website that you really shouldn’t be visiting signup to receive our 4 part article on hacking before anyone else by completing our registration form..