What is going on with Equifax?


If you have a credit report, the Federal Trade Commission (FTC) says there’s a good chance that you were one of the 143 million consumers whose sensitive personal information was exposed in a data breach at Equifax.

While much is still unknown about how the breach happened, international news outlets like CNN and Bloomberg are reporting that there was a flaw in a tool designed to build web applications, and the company was aware of the security flaw at least two months before the hackers first gained access to its data.

The tool is called Apache Struts, and CNN says Equifax used it to support its online portal where customers go to log issues with credit reports. The flaw allowed hackers to control the entire website. According to CNN, the Department of Homeland Security identified and disclosed the flaw to Equifax; however, there appears to have been a delay in the company’s response, leaving the birthdates, social security numbers and driver’s license information exposed.

Even when Equifax finally informed consumers about the breach, the company directed consumers to a fake phishing site that shared a similar address to the one it set up to help victims.  As if this wasn’t enough, Bloomberg reported that the Justice Department is now investigating whether executives broke insider trading laws when they sold off nearly $2 million in stocks before even disclosing the breach to the public.

Implicated in the investigation, according to Bloomberg, are the company’s chief financial officer, the president of U.S. information solutions and president of workforce solutions, who all sold off their stocks. Equifax has denied that the company’s executives were aware of the breach at the time of the stock sale, but there are a slew of probes and investigations into the hack, and class action lawsuits are being filed by consumers.

So, what should you do if you think you’ve been hacked?  First, the FTC recommends you check your credit reports from Equifax, Experian and TransUnion by visiting annualcreditreport.com. If you find accounts or activity that you don’t recognize, that may mean that your identity has been stolen, said FTC officials, and the government has a website that tells you what to do if that is the case (IdentityTheft.gov). Then, the FTC recommends setting up a fraud alert and continuing to watch your credit cards and bank accounts. You can freeze your credit accounts to prevent anyone from fraudulently applying for credit in your name, although it won’t keep a thief from making charges to your existing accounts. And you may want to set up two-factor authentication on your most important financial accounts. Lastly, the FTC says you may want to file your taxes early, as soon as you have the tax information you need, before a scammer can.


Janet Johnson is a criminal defense attorney in Jacksonville who practices in state and federal courts. White collar crimes, including fraud, embezzlement and tax evasion, are among her areas of expertise. She is rated AV Preeminent on attorney rating website Martindale-Hubbell and has been named to the American Institute of Criminal Law Attorneys’ Top 10 Best Attorneys list. Johnson is also a legal analyst for CNN and HLN.