We are almost all universally guilty of it. Whether it’s that iOS update on your iPhone, or the Windows Updates you have been sitting on for two months, we are all guilty of not updating our computers and devices when we should. The problem is that we are every-increasingly becoming targets of cyber attacks and cyber fraud, and by not staying on top of our updates, we are unnecessarily exposing ourselves to increased risk from these attacks. But when you are responsible for safeguarding the credit history and personal information for a substantial percentage of your country’s population, keeping up with updates isn’t an option, it’s mandatory. And that was precisely the case with Experian.
When you are a company the size of Experian, applying a security update such as the article describes might not be as easy as running Windows Update, but when you are the company the size of Experian, it doesn’t matter. You know you are going to be on the front-lines of cyber warfare, and applying your security updates in a timely manner is one of your first lines of defense. When leaving unpatched security vulnerabilities, the question becomes not if it will be exploited, but when. And in this case, Experian’s negligence has put the over 143 million people at risk of fraud, identity theft - or worse.
Anyone responsible for ignoring this problem should be immediately sacked, and should forever be unwelcome in any IT department under any circumstance. Is there a Scarlet Letter, dunce cap, or something similar we can brand these bozos with? Both Experian and the managers responsible should be financially liable for any damages incurred by those who have had their information stolen.
While you personally may not be a highly-sought after target like Experian was, the same lesson applies to us all: do not ignore your security updates. You make yourself safer, and you make us all safer.