In May Equifax was hit with a massive data breach that compromised the personal information of 143 million people, and apparently this is not the first time that this has happened. We are now starting to learn per the Wall Street Journal that back in March the company had been hit with another cybersecurity episode that according to the company was “unrelated” to the major breach that we are currently dealing with.
In response to this attack, the company hired another investigative team, FireEye, which looked into the breach. An Equifax spokesperson stated that “Equifax complied fully with all consumer notification requirements related to the incident,” however it is only just being reported in major papers now.
This brings up several questions, some of which had troubling answers. If the company had notified people at the time why is it only getting attention now? Did they really do all that they could have done in responsibly reporting the breach to their consumers? More troubling, if the company had been more open and urgent in their communication at the time, would public opinion have been compelling enough for them to change their system and possibly prevent the larger breach in May?
When corporations are entrusted to safeguard sensitive information for their consumers, such as credit cards, social security numbers, and other pieces of data like that, they have an ethical responsibility to be forward and upfront about any threats that they are dealing with. If they are not, and do not properly inform consumers for the sake of keeping them as paying customers, then it opens the door for more serious threats down the line, as Equifax has recently discovered.