Sometimes the real headlines are more bizarre and ridiculous than those found in parody news websites, such as the Onion. The recent announcement that Equifax, the company responsible for 145 million Americans becoming in serious danger of identity theft for the rest of their lives due to the negligence of Equifax, was awarded a 7.25 million dollar contract to provide security services and fraud detection services to the IRS boggles the mind. Making the problem even worse is that the contract, which was publicly released by the Department of the Treasury on September 30th was finalized after Equifax had notified the world of its incompetence in early September. And if that is not bad enough for you, the contract was a no-bid contract
Former Equifax CEO Richard Smith testifying before Congress this past week explained the failure of Equifax to install security patches for vulnerabilities with Apache software which vulnerabilities were exploited by the hackers was because one person did not properly do his or her job. The patches had been available for months prior to the data breach. The failure to install the patches in a timely manner is frankly inexcusable. For a company of the size and complexity of Equifax, which has the obligation to protect the sensitive personal information of millions of people, to have protocols that permit one person without any oversight or backup to make such a disastrous mistake is frightening.
Here is a link to the Department of the Treasury notice of the IRS contract.
If ever there was evidence that if you are looking for a helping hand, you can find it best at the end of your own arm, this is it. There are numerous simple steps we should all take in order to protect our identities. I provide them in great detail in my book “Identity Theft Alert.” However, here are a few of the things we all should do: Freeze your credit, monitor your credit reports and all of your accounts, use complex passwords, use nonsensical security questions, use dual factor authentication, use security software on all of your devices and keep the software updated with the latest security patches, never click on links or download attachments unless you have verified that they are legitimate and limit the places you provide your Social Security number as much as possible. Your doctor may ask for it, but he or she doesn’t need it.