Inside the Security Breach at Equifax
If you monitor your credit and receive yearly credit reports, you’ll likely recall the Equifax data breach last September. The breach rocked the company and the hundreds of thousands of consumers whose information was accessed. Since then, Equifax has remained relatively quiet, as it worked to figure out how the breach occurred, notified affected customers and ensured other business units weren’t impacted.
Members of the Equifax Workforce Solutions team recently visited HRE’s office to discuss what happened, what their unit has done to improve its cybersecurity efforts and discuss the products they’ve been working on behind the scenes.
One of the first things the Workforce Solutions team stressed was that none of its data were compromised in the breach. (The affected data came from the web app of the online dispute portal through which customers could challenge findings on their credit reports.) Equifax realized it needed to transform the entire organization to focus on remediation and tougher security to ensure such a breach didn’t happen again.
Equifax Workforce Solutions hired cybersecurity veteran Ken Anderson as vice president and business information security officer to lead its security transformation. Anderson, who worked at Microsoft in various cybersecurity leadership roles for 16 years and attended the briefing, reported that he was impressed with some of the protections Workforce Solutions already had in place, but also wasted no time in determining what could be improved.
Anderson said he sought to implement a “mindset shift,” wherein all Equifax employees followed a zero-trust model, which requires everyone to assume “the bad guys are already in your store.”
From there, Anderson also suggested that the security team report directly to the CEO rather than to legal, which was how things worked before the breach. Under Anderson, the security team is now closely aligned with business leaders across the company, and these leaders are kept in the loop regarding new cybersecurity protocols, changes to policies and other pertinent information.
Equifax also formed a client advisory board and invested nearly $200 million in new cybersecurity measures, from hiring security professionals to upgrading protocols and platforms.
As Equifax battled negative press and the loss of customers and employees, the Workforce Solutions team sought to not only improve security but also scale its business. According to Workforce Solutions’ Vice President of Product Management Angela Lockman, the company purchased I-9 Advantage to grow its I-9 Management Suite, which provides tools such as direct connection to E-Verify, I-9 Audit and Remediation and I-9 Anywhere. Its I-9 suite digitizes I-9 forms and also highlights any errors for employers, offering suggestions for resolving them. (Lockman noted that 60 to 80 percent of paper I-9s are missing, incomplete or contain errors–a stat shared from an industry attorney at Jackson Lewis P.C.)
Lockman added that the suite now allows for “bulk remediation, so an employer can send multiple notifications to any employees who need to fix issues within their I-9 forms.”
She also highlighted a few other products, including the Unemployment Cost Management tool and Compliance Center Solution. The latter links to a company’s applicant-tracking system and helps employers adhere to state and federal regulations during onboarding a new hire. It also screens for work opportunity tax credits, identifying employees who make the company eligible for tax credits and triggers tax savings for both the company and the employee.