freeze your damn credit

That Equifax Hack Was ‘Entirely Preventable’

Richard Smith, former CEO of Equifax Inc. testifies before the Senate on November 8, 2017. Photo: Olivier Douliery/Bloomberg via Getty Images

The great Equifax Hack of 2017 was a nightmare that only got, well, more nightmarish the more people looked into it. What was initially reported as 143 million victims later grew to a tally of 147.9 million. (The final 2.4 million weren’t added until March of this year, a fun surprise if you thought you were free and clear.) Now, after months of investigation into the hack by House Republicans, it turns out the entire thing didn’t have to go down the way it did. The lengthy investigation report found the hack “entirely preventable.” “Equifax, however, failed to implement an adequate security program to protect this sensitive data,” reads the report, released earlier this month. “As a result, Equifax allowed one of the largest data breaches in U.S. history.”

The 96-page investigation report doesn’t do much by way of, uh, offering suggestions to keep this from happening again. Which is great because who doesn’t want their birth dates, addresses, names, driver’s-license numbers, Social Security numbers, and/or credit-card numbers stolen? It does, however, spell out how Equifax knew about the vulnerability that led to the breach and still did not fully patch it. “Equifax should have addressed at least two points of failure to mitigate, or even prevent, this data breach. First, a lack of accountability and no clear lines of authority in Equifax’s IT management structure existed, leading to an execution gap between IT policy development and operation,” the report explains. The second point of failure is that Equifax grew too large to be supported by the company’s “antiquated … IT systems.”

What say you, Monopoly Man?

That Equifax Hack Was ‘Entirely Preventable’