I don't think it will be long until the data is sold, then some group figures out you can program with the data + curl + facebook and automate applying for loans and tax refunds in mass. There could be millions of erroneous loan applications, tax refunds, business filings, car applications. Then! Law suites, government inquiries, etc. They don't sell oil - money will run out.
Our understanding is data retained by EFX primarily generated through consumer interactions was breached via the Apache Struts flaw (i.e., core databases not believed to have been
breached).
This is complete and utter garbage. There is no solid evidence to back this theory of the breach. It is still too early to tell exactly what data was leaked and how. We simply won't know until the security consultants auditing Equifax's systems publish a report (or otherwise publicize their results).
I also find it pretty hard to believe that a company like Equifax didn't just have everything hooked up to one big database, but I still don't think it's likely the breach is going to take the whole company down.
Most people aren't going to be tuned into the leak the same way that we are on HN, they've still got their special place in a government-sponsored near-monopoly, and big companies have the resources to deflect blame and hunker down to weather the storm.
Remember the Deepwater Horizon spill and how angry people were at the time? These days, a large majority probably don't remember the details or even the name of the bigco responsible.
Where do you think the analyst got their information? Companies routinely share such things so that the analysts can get updated guidance out and prevent excessive panic from investors.
The management of the firm has already been selling shares while keeping the data breach covered up, so let's assume for now that any information coming out of their without a subpoena is a pack of lies. They've blown any claim they had to the benefit of the doubt.
A silly and baseless claim. The executives didn't know about the breach at the time of sale, and it wasn't "covered up". It's standard industry procedure to first stop an intrusion, investigate the scope, contact law enforcement and regulatory agencies, and prepare a consumer response, before publishing a breach. This wasn't something that was dug up by an investigation, so calling it a cover-up is simply wrong.
Sure, I always dump stock in companies I manage while sticking to standard industry procedure after not sticking to any industry procedures until I had a massive failure. Sorry, I am not into business people the benefit of the doubt when all the facts point the other way.
Could it be that the executives will get in more trouble for selling the shares - i.e. insider trading - than for managing the company with such a massive data breach?
