18 September 2017

So, the chief information officer and chief security officer are to ‘retire’ from Equifax, leaving a trail of devastation behind them in terms of one of the worst ever data breach incidents.

The US-based firm has produced limited information on what happened, but the headline figures are alarming – some 143 million Americans impacted and in the UK, it is believed around 400,000 could be affected.

Equifax has said it is unlikely people would be hit by “identity takeover” and is offering ‘free’ protection for those impacted to their data monitored – surely the least it could do?

Meanwhile, the arrival of the General Data Protection Regulation, which comes into force in May 2018, puts even more pressure on all firms to tighten up their security.

And what should auto retailers take from this breach to avoid being caught up in punitive fines and reputational damage?

Owen O’Rorke, an associate with lawyers Farrer & Co, comments: “All organisations are vulnerable to data breach – whether by error or malice, hacker or employee. But what matters under the law is how the organisation prepares itself against the inevitable. This does not stop at software, but draws in everything from staff training to board awareness.”

He adds that claims Equifax had lazy passwords and no crisis plan must act as a wake-up call.

What is more, the departing chief security officer was a music graduate, rather than an IT expert. Those running dealerships know their business inside out, and when it comes to employing those used to counter hacker, they too must be specialists. Clearly, this breach provides plenty of takeaways.

Rachel Gordon

Editor

Auto Retail Network

Tags: Blog