All the Ways Equifax Epically Bungled Its Breach Response

The breach of the credit monitoring firm Equifax, which exposed extensive personal data for 143 million people, is the worst corporate data breach to date. But, incredibly, the mistakes and the superlatives don’t end there. Three weeks since the company first publicly disclosed the situation, a steady stream of gaffes and revelations paint a picture of Equifax's deeply lacking response to catastrophe.

Equifax's bungles kicked off quite literally on day one, when the company directed potential victims to a separate domain—equifaxsecurity2017.com—instead of simply building pages to handle the breach off of its main, trusted website, equifax.com. Observers quickly found bugs, some of them serious, in that breach-response site. All the while, Equifax asked people to trust the security of the site, and to submit the last six digits of their Social Security number as a way of checking whether their information had been potentially compromised in the breach.

The site also seemed slapdash, even though Equifax says it learned about the mega-breach at the end of July, and took roughly six weeks to disclose it. During that time, the company could have conceivably planned and executed a much more robust and reassuring resource for wary consumers.