It was revealed this week that Equifax, one of the biggest consumer credit reporting bureaus in the world, had allowed hackers to steal Social Security numbers and other data on as many as 143 million Americans.
Equifax:You missed a payment on your credit card? Forget about buying a house.
Also Equifax:We lost personal information belonging to 90% of employed Americans? No biggie.
The fact that Equifax of all companies should be so lax – apparently one of their online databases was protected by the user name/password combination of “admin/admin” – is ridiculous, but the potential impact on ecommerce companies is serious.

I have written several times about the increasing need for ecommerce and affiliate marketing companies to pay attention to data security. In Europe implementation of the GDPR data privacy legislation is fast approaching, with appropriate board room freakout sessions across the world as a result, and the impact of the Equifax breach will be that US legislators are compelled to look seriously at introducing something similar.

As so often, Brian Krebs is the go-to guy to understand the nuts and bolts of the leak:

The data at risk includes Social Security numbers, birth dates, addresses on 143 million Americans. Equifax also said the breach involved some driver’s license numbers (although it didn’t say how many or which states might be impacted), credit card numbers for roughly 209,000 U.S. consumers, and ‘certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.’

But that doesn’t include all those countries outside the USA that might be affected. Already concerns have been expressed that the data for 44 million Brits may have been lost. This is already a dumpster fire, and I would bet good money that there is more to be revealed. Essentially, the personal data for every money-earning citizen of two of the world’s leading powers have been stolen, including politicians, members of the armed forces and security services. Increased legislation and regulation will inevitably follow.

This all reinforces what we already know but so often forget to actually follow through on: absolutely any company that stores customer information needs to have rock solid privacy, security and encryption protocols in place. If not, then a single disgruntled employee or determined teenage hacker might result in a potentially business-destroying data breach. If it can happen to Equifax, it can happen to you.

The very first thing to do is to get your systems audited. Here at mThinkDigital we use and recommend EuroCal – they know security inside out and their initial audits – which will pick up on 95% of problems – are free.
And on a personal level, remember to follow Equifax’s advice and change your full name, date of birth, Social Security number and home address on a regular basis.
(This is what is known in the business as a joke. Please do not try this at home.)