Equifax Had Patch, Didn't Install It, according to USA Today/
Chicago Sun-Times, 09/15/2017. The fix was available
MONTHS before hackers stole info from the credit-reporting
agency. An industry group discovered the vulnerability, shared
a fix for it, but Equifax never installed it. For four months or more
Equifax neglected to inform authorities and the public about the
biggest hack in U.S. history--to their account holders. Why did
they wait and what sort of safeguards had they employed? The
usual technique is encryption, which is often very effective
but not always impregnable.
The policies of the three main credit reporting agencies and
the banks bear heightened scrutiny, holding our most sensitive
and important information. Some banks have contacted
customers in the wake of the Equifax fracas, others are
staying silent. Lawsuits are in the offing, senators also
threatening official congressional consequences.
Equifax and the other two agencies boast very unfriendly
customer practices and restrictions. Why shouldn't we
check our credit every day if we want to? Try that and
see what happens to your rating. No penalty should
attach to a customer account simply because the account
holder, whose information IT IS, wishes to check it.
Perhaps some good will eventually result from this dangerous
chaos--policy corrections customers can benefit from, and
Until then, we can all see that Equifax was lax.