Equifax CEO Still Not Sure if the Company is Encrypting Your Data
In case you missed the news, it's more likely than not that Equifax lost your data to unknown hackers between May and July of this year. As of the last count, over 145 million Americans had their most sensitive financial data compromised. As confirmed by the company, this was in part to this information not being encrypted on the Equifax servers.
With the extensive data breach, banks and credit card companies are now looking into how else they can verify identities. With so many social security numbers, dates of birth and addresses compromised, your next credit card application could require a selfie to verify your identity.
Within weeks of the public revealing, long-time Equifax CEO Richard Smith — the CEO at the helm of the credit bureau at the time of the hack — suddenly retired. Now, both he and the interim CEO Paulino do Rego Barros Jr. are facing congressional hearings about the massive breach.
At a session last week, Mr. Barros tried to reassure the Senate Commerce Committee that the company is doing all that it can to make sure that a breach doesn't happen again. Equifax has "quadrupled spending on security, updated its security tools and changed its corporate structure since the breach" according to the report by the Wall Street Journal on the session.
But, on the key question of whether or not our sensitive personal data is encrypted, Mr. Barros could only respond "I don’t know at this stage."
Considering the importance of encrypting data as a basic step to preventing further breaches, there are two likely possibilities behind this statement. Either the interim CEO isn't aware of the critical need for encryption. Or, more likely, the CEO doesn't want to admit that Equifax still hasn't taken this basic security step to protect our data more than two months after the breach was revealed.
Equifax has gone into public relations damage control mode since. In an emailed statement to the Wall Street Journal, an Equifax spokesperson said that the company is in the process of "either encrypting or deleting" data stored on its systems and that "Equifax has deployed multiple methodologies to strengthen security and protect data."
Here's the interaction from the Senate Commerce Committee related to encryption:
For more about the Equifax breach, see the posts below: