A year after the worst data breach in U.S. history to date, Atlanta-based Equifax has been chastened, but its business model is unchanged and the company churns on, virtually undamaged by legislative, regulatory or prosecutorial penalties.
It was a year ago that the company noticed the first signs of historic trouble – hackers had slipped through the Atlanta company's cyber defenses into the heart of the company's data. The information accessed was more personal information about more Americans than in virtually any previous major data breach; information on more than 147 million Americans was accessed, although the scope of the theft was not clear at first.
Equifax did agree to a consent order with regulators from eight states that required the company to report on how it is improving security and to submit to reviews of its practices. But thus far, no financial punishment has been imposed on Equifax itself.
Despite contentious hearings, no Congressional action has been taken. A few months later, the Consumer Financial Protection Bureau tabled action against the company.
And while the Federal Trade Commission said it opened an investigation into the Equifax breach in September, the agency has since named as chief of its consumer protection division a lawyer who has represented Equifax.
Earlier this month, Equifax asked a federal judge to reject the claims from 46 banks and credit unions for payment of damages because of the massive data breach.
Read more in the Wisconsin State Journal.