* The executives selling stock before telling the public about the breach[1] — but "Equifax responded to TechCrunch’s questions about the timing of the transactions, particularly those of CFO John Gamble, with the following statement claiming that the executives in question were not aware of the hack which the company was made aware of on July 29"
* entering in phony name into the "Have I been breached?" site resulted in random answers; "Others have tweeted they received different answers after entering the same information."[2]
* Equifax hosted said "Have I been breached?" site, and services related to protecting oneself from the breach, on a domain that looked for all the world like a phishing site, and further, "What’s more, there is nothing tying the domain registration records for trustedidpremier.com to Equifax: The domain is registered to a WHOIS privacy service, which masks information about who really owns the domain (again, not exactly something you might expect from an identity monitoring site)." [4]
* Equifax wanted people to agree to a forced arbitration clause. [3]
* Equifax directed people to a fake phishing site [5]
* The executives selling stock before telling the public about the breach[1] — but "Equifax responded to TechCrunch’s questions about the timing of the transactions, particularly those of CFO John Gamble, with the following statement claiming that the executives in question were not aware of the hack which the company was made aware of on July 29"
* entering in phony name into the "Have I been breached?" site resulted in random answers; "Others have tweeted they received different answers after entering the same information."[2]
* Equifax hosted said "Have I been breached?" site, and services related to protecting oneself from the breach, on a domain that looked for all the world like a phishing site, and further, "What’s more, there is nothing tying the domain registration records for trustedidpremier.com to Equifax: The domain is registered to a WHOIS privacy service, which masks information about who really owns the domain (again, not exactly something you might expect from an identity monitoring site)." [4]
* Equifax wanted people to agree to a forced arbitration clause. [3]
* Equifax directed people to a fake phishing site [5]
…that it became a moral failing.
[1]: https://techcrunch.com/2017/09/07/equifax-managers-dumped-st...
[2]: https://techcrunch.com/2017/09/08/psa-no-matter-what-you-wri...
[3]: https://theintercept.com/2017/09/08/equifax-is-proving-why-f...
[4]: https://krebsonsecurity.com/2017/09/equifax-or-equiphish/
[5]: https://www.theverge.com/2017/9/20/16339612/equifax-tweet-wr...