Send us a text

It starts with a strange letter in the mail. A car loan you never applied for. A credit card you don't own. A digital ghost is quietly living your life, and you have no idea how it got the keys. When you turn to one of the silent guardians of your financial identity for help, you find only chaos, confusion, and a company that seems to be a danger to itself.

This week on Digital Fallout, we tell the true story of one of history's most catastrophic data breaches. It's a tale of staggering corporate negligence, a botched public response that became a dark comedy, and a 76-day silent heist where the identities of 147 million people were stolen.

What happens when the keepers of our most valuable secrets simply forget to lock the door?

Show Notes: Sources

This story was pieced together from numerous public records, government reports, and in-depth investigative journalism. For those who want to learn more about the 2017 Equifax breach, these are the key sources we consulted:

• The official report from the U.S. Government Accountability Office (GAO) titled "Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach," which provides a definitive timeline and analysis of the failures.
• Federal Trade Commission (FTC) public statements and court filings related to the landmark global settlement with Equifax.
• In-depth reporting from security journalist Brian Krebs (KrebsOnSecurity), who meticulously covered the botched response, including the fake phishing sites promoted by Equifax's own Twitter account.
• Technical explainers from outlets like WIRED magazine that broke down the Apache Struts vulnerability and how it was exploited.
• Ongoing coverage of the corporate and financial fallout from The New York Times and The Wall Street Journal during September and October 2017.
• The public testimony of former Equifax CEO Richard Smith before the U.S. House Committee on Energy and Commerce, where many of the internal failures were brought to light.

Support the show