On September 07, 2017, Equifax—one of the “big three” credit reporting agencies—shared a quiet investor relations document with information about a security breach that began in May, 2017 and was not discovered until late July:
[Criminals accessed] names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. [They] also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.
It took Equifax another 40 days to let people know outside the company.
The response from Equifax has been “corporately cautious” with little consideration for the effect on people.