In an interesting twist of fate, Equifax, one of the three major national credit bureaus, acknowledged this week that they experienced a data breach last month when they:
“sent out IRS W-2 statements to most if their current employees and some former employees, they discovered that some of the employees’ control ID numbers were partially or completely viewable in the return address window of the envelope used by the payroll vendor. In an unspecified number of cases for US employees, the control number was the employees’ social security number instead of the intended unique 9-digit number” Source: Databreaches.net
In a letter addressed to the New Hampshire Attorney General, they described the incident and noted that they offered a year of Equifax credit monitoring to the affected individuals.
Now it is hard to escape the irony here. A company that promotes themselves as “the leading provider of data breach services” noting that:
“Data breaches are on the rise. Be prepared. You’ll feel safer with Equifax”
has failed to protect the privacy of their employees and in this situation are offering them a credit monitoring solution as protection from the same company that compromised their identities in the first place, and on a regular basis sells their credit information to other organizations.
Now maybe its just me, but if I had a data breach, I’d probably feel safer working with an organization that isn’t in the business of monetizing my credit history.