Equifax have faced heavy criticism for a series of failings around the data breach that exposed over 145 million people’s personal data records, with almost 700,000 Brits caught up in the scandal. It was bad enough that a company responsible for credit referencing was easily hacked, especially given that the hack was down to Equifax failing to patch a known security vulnerability.
Their handling of the breach has been heavily criticised by authorities, experts and regulators. There are allegations of delays and failures to report the breach; an arguably dangerous website set up for people to check whether they were affected (which fraudsters can copy to lure people to give away information); and now an app, which is arguably one of worst offenders in terms of breaches and leaks of information.
Why are we concerned about an app?
We’re not saying that any app they produce will not be secure, but given apps are notorious for breaches, and given that the whole mess started in the first place because of a failure to patch a known security vulnerability, it’s understandable to have concerns. Only a few days ago, cybersecurity firm Appthority warned that a simple coding error in at least 685 apps means hackers can intercept the mobile device’s calls and messages. This shows how easy it is for things to go wrong and even companies with strong cybersecurity are not safe; so, where does that leave Equifax?
About the new Equifax app
Equifax has produced a new app for customers to apparently “protect the power of your credit.” Coming from a firm that failed to protect the information of 145 million people in the U.S, Canada and the U.K., Equifax may have to forgive customers who are less than enthusiastic about downloading the app…
When a company’s website says “think your business is safe from a data breach? Think again!” You can see why the irony of this serious breach is somewhat remarkable, and the creation of an app may lead to further worry.
Of course, we know no one is 100% safe from a breach, but there is plenty that can be done. It’s fair to say that data breaches can happen to anyone and that no security system is completely impenetrable. However, this is exactly why steps need to be taken to reduce the risk of a breach and to mitigate any damage done, and one of the key steps is to minimise exposure. Patching known vulnerabilities is the bread and butter of cybersecurity, as is lessening the ways you can be breached.
Why creating the app may not be a smart move right now
An app can arguably increase your data risks, and given they’re notorious for breaches, it’s fair to question whether this is a smart move by Equifax given the huge breach they’ve just suffered.
Fraudsters could also create their own app and try and pass it off as the Equifax one and lure people to inadvertently give away their information. As we said at the start of the blog, Equifax created a website for people to check if they were affected by the breach, which was met with huge criticism from cybersecurity experts because fraudsters could create their own similarly-named websites and try and pass off as the legitimate one. In fact, a security researcher did just that to prove a point, and the official Equifax twitter feed started accidentally linking people to the dummy site set up by the researcher.
His point was well and truly proven!
So, the creation of the app – especially just after a breach – has raised eyebrows.
Mobile app vulnerabilities
Mobile applications are vulnerable for a variety of reasons, including:
- Security flaws in the coding which hackers can identify and exploit to gain access to protected information
- Insufficient data handling can mean encrypted files aren’t protected properly from malware attacks
- Lack of transport layer protection can lead to the connection between the device and the information not being secure, and easily lead to it being compromised
A study by top cybersecurity firm IOActive revealed that security standards for mobile apps are reportedly decreasing. Equifax will have to make a stellar job of creating a robust app that’s correctly programmed to withstand attacks or leaks. Given how this recent hack happened in the first place, we think concerns about their new app are understandable.
Our team has received a number of enquiries from people affected by the Equifax Data Breach. We’ve already taken cases on, and if you’ve been affected by the Equifax hack, contact us today for help and advice. You may be entitled to financial compensation as a victim of the Equifax breach.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.