Enter your email to read this article
Read news on any topic, in one place, from publishers like The Economist, FT, Bloomberg and more.

Thank God, Equifax is here to help Optus data victims. Wait, where have I heard that name before?

In the aftermath of possibly Australia’s biggest data breach, Optus offered customers “most affected” a free subscription to an identity-protection service, provided by credit-monitoring company Equifax Protect. Presumably, this offer still stands for the people whose details were leaked before the hacker apparently deleted all their posts this morning.

Now, where have we heard the name Equifax before? Turns out, if you google “Equifax data breach”, Optus’ offer isn’t the only news story that comes up. For example, there’s this from The Washington Post, September 7, 2017:

The credit reporting agency Equifax said Thursday that hackers gained access to sensitive personal data — Social Security numbers, birth dates and home addresses — for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for Americans’ credit histories.

Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a ‘website application vulnerability’ and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates are particularly sensitive data, giving those who possess them the ingredients for identity fraud and other crimes.

Equifax also lost control of an unspecified number of driver’s licences, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its ‘core consumer or commercial credit reporting databases’.

Oh, cool.

Of course, it’s the right thing that Optus are being more hands-on than it previously has been regarding the breach, and we’re sure Equifax has done some serious work on its security in the intervening five years — if for no other reason than to avoid another fine of more than half a billion dollars.

But it points to a problem with most solutions offered after a massive data breach. Like the proposal floated by Home Affairs Minister Clare O’Neil that companies provide banks with details of stolen data after a breach — they always seem to involve handing one’s data to yet another company which could in turn be compromised.

Related Stories
What's happening with the Optus data breach? What we know about the alleged hacker's ransom, data release and apology
What we know after a forum user claiming to have the details of Optus customers threatened to release 10,000 records unless a ransom is paid, only to then claim "we don't care anymore".
From analysis to the latest developments in health, read the most diverse news in one place.
What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide
With details of current and former customers stolen from the Optus database, plenty of questions remain. What can you do to protect against the threats caused by this data breach?
What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide
Optus, Australia’s second largest telecommunications company, announced on September 22 that identifying details of up to 9.8 million customers were stolen from their customer database.
Optus customers exasperated by chatbots and ‘rubbish’ communication after data breach
Some customers look to switch providers after puzzling responses and ‘less than helpful’ service
Australia mulls tougher cybersecurity laws after data breach
The Australian government says it's considering tougher cybersecurity rules for telecommunications companies after Optus the nation’s second-largest wireless carrier reported personal data of 9.8 million customers had been breached
One place to find news on any topic, from hundreds of sites.
Privacy help for victims of Optus hack
Australians who have had their data stolen in the Optus breach might be able to change their driver's licence numbers.