Equifax Scandal: Massive Personal Data Breach From A Massive Government Contractor

The people who gave your PII to hackers and kept it secret for over a month have a $4.2 million contract with the Social Security Administration for their e-verification program right now.

6 min readSep 9, 2017

The Equifax data breach is being treated as a huge scandal for American consumers. The Atlanta-based credit bureau’s web-based data management system was hacked by cybercriminals between May and July, 2017. Over 143 million consumers had their personally-identifying information exposed to hackers in the incident.

Equifax learned of the breach July 29, and waited over one month to announce the incident via a press release on September 7. Numerous news agencies have reported that three Equifax executives, including the Chief Financial Officer, sold nearly $2 million in company stock August 1 and 2, making the ongoing incident a one-two thumb in the eye to American consumers.

So far, Equifax’s only response to the two-thirds of American adults whose personal identification was revealed has been to launch a website, www.equifaxsecurity2017.com. The site invites members of the public to put in more personal identification and a credit card number for “one year of complimentary ID theft monitoring.”

Boing-Boing’s Cory Doctorow, Slate, Alex Kotch and David Sirota at the International Business Times and nearly every other tech and financial industry publication are justifiably dragging Equifax for its horrendous response.

Just another blood-sucking financial vampire … thanks Cory!

Equifax’s emergency customer help website looks almost as great as Verrit.

BuzzFeed’s Ryan Mac has been on top of the story.

So when I wrote a consumer-geared article about it earlier today, I noticed a difference in coverage between most news outlets and reporters and media mainstays Washington Post and New York Times. Even a WaPo article mildly chiding Equifax’s appalling request for more personal information to “help” those affected by the breach contained reporting favorable to the company.

The New York Times’ coverage could be described as “muted,” though they are now featuring a mildly outraged editorial. The Times’ financial columnist advises that consumers freeze their credit, a move that costs money and is inadvisable for people with kids in college, as well as those who lack personal money managers to freeze and unfreeze on command/demand (also not free).

Could there be something else other than pro-corporate editorial policies, I wondered? WaPo and NYT were almost treating Equifax like Hillary Clinton, Debbie Wassermann-Schultz, an Awan brother, George W. Bush (2016-present), or …

Of Course Equifax Has Huge Government Contracts

I noticed a “Government” tab at the top of Equifax’s web site announcing the data breach. Sirota and Kotch at the IBT already covered the company’s ties to Republican lawmakers.

Equifax provides many services to the Federal government, state, and local agencies.

The company has received over $100 million in Federal contracts since 2007.

In addition to $20 and $30 million-plus contracts with the Office of Personnel Management for employment-related credit checks, Equifax received a $4.2 million contract for “Other Computer Related Services” to develop and maintain the Social Security Administration’s e-authentication program — this contract began February 27, 2017 and is expected to continue to 2018.

Yes, it’s true. Equifax proudly announced it last February.

In 2010, Equifax was receiving $50 million in government contracts and looking to build its business further. The program was launched in 2009 by Frank Blaul, currently an SVP with Oracle specializing in cloud computing client acquisition. Blaul’s LinkedIn profile shows he left the company in 2013. The company’s management team no longer features an SVP with a specialty in government relations, but two of the individuals who sold stock after the data break was revealed, Rodolfo Ploder and Joseph Loughran III, would likely have some involvement in government-related data information and verification services.

The company is currently actively recruiting a northeastern regional executive for state government relations in New York, New Jersey, Massachusetts, Connecticut, Rhode Island, Vermont, New Hampshire and Maine.

There is much more to the Equifax scandal than the consumer data breach. All three credit monitoring bureaus have federal, state, and local government contracts, but initial review indicates that Equifax has larger, and more specialized contracts than Chicago-based TransUnion and Dublin, Ireland-based Experian.

And in other news, did you know the General Services Administration (GSA) and Office of Personnel Management (OPM) were paying hundreds of millions (you read that right) to a Portland-based identity theft firm, Identity Theft Guard Solutions, Inc.? The funds are being paid on behalf of approximately 4 million current or former federal employees, or another 16 million job applicants whose data was stolen in two separate hacking incidents in 2015.

Another company, Washington, DC-based Winvale, received more than $28 million to provide identity theft monitoring services as a result of the 2015 federal employee record data breach.

Chinese National Arrested in Connection With 2015 OPM Data Breach

Shanghai resident Yu Pingan was arrested August 24 at Los Angeles International Airport on suspicion of providing the malware that led to the 2015 federal data breach of personnel records. The program used is called ‘Sakula’ and was used in hacking attempts on the federal government and contractors between 2010 and 2015.

A former student of mine was a valued employee of Homeland Security, due to the fact he was from Afghanistan and was fluent in six or seven Middle Eastern and European languages. When I asked him during the 2016 primary campaign if Russians might have Hillary’s emails, he responded, “Who knows?”

The Chinese certainly did, he said. “And they can stop your car while you’re driving,” he added.

Muh, Russia!

We need to start listening to ourselves and talking to each other and using our strengths. I saw that WaPo has 1.5 billion monthly pageviews today. For the love of all that’s holy: can we cut this down a little?

Update 09.09.17 16:30 PDT: As reported on Reddit, Equifax does appear to have a Chief Security Officer with a BA and MFA in Music Composition who lists only her first name and last initial on LinkedIn. This seems to be an authentic person and profile, because she has endorsements from others over time, over 500 connections, and employee reports with full names that link to her with complete LinkedIn profiles.