The recent Equifax data breach has prompted a congressional review of the company’s security practices. This follows the announcement that the Federal Trade Commission (FTC) is also investigating the company.
What, at first, appeared to be a situation where Equifax was as much the victim as more than 140 million people whose data was potentially leaked, it now seems like the company didn’t take the most basic of precautions to safeguard our data.
So far the inquiry has made the company look buffoonish. In one particularly jarring revelation it’s been reported that a server in Argentina, by which attackers could gain access to the financial data of millions of people, was found to be protected by a username and password combo of admin/admin.
The US breach was caused by a failure to keep software up-to-date, according to Apache Software Foundation, who told CNBC “The Equifax data compromise was due to their failure to install the security updates in a timely manner.”
Equifax didn’t install a patch, leaving a vulnerability in place for hackers to exploit.
What’s worse: it turns out Equifax started selling off shares of its stock, to the tune of about $2 million, once they discovered the breach in July – which was lucky for them, because when they announced the breach in September stocks lost about one-third of their value.
It’s no wonder the FTC is investigating them while Congress has also decided to raise an eyebrow. Someone needs to figure out what to do when a company fails to provide the most basic of protections for sensitive and personal information.
Representative Greg Walden head of the House Energy and Commerce Committee probably said it best when he told CNBC, “You can’t stop stupidity. You can’t legislate against it, but you can hold people accountable for it.”
We reached out to Equifax for comment and will update as necessary.