Sunday, September 24, 2017

Parking Chatbot Could Help You Sue Equifax

In the wake of the recent, massive Equifax hack, a well-known chatbot developed to overturn parking fines has been modified to help victims file legal claims against Equifax.

What Happened?


A vulnerability in the Equifax website was reportedly exploited by unknown hackers, leading to the theft of 143 million customer details stolen, 44 million of which may have come from UK customers.

What many found most shocking about the hack is that not only was Equifax reported to have known about the attack some 40 days before informing the public that it had happened, but that three senior executives at the company are believed to have sold-off shares worth almost £1.4m before the breach was publicly announced.

Also, subsequent revelations include reports (based on a statement from the company) that Equifax’s Security organization was aware of the vulnerability at that time, and that although it took efforts to identify and to patch any vulnerable systems, it clearly wasn’t successful. To add insult to injury for those affected by the hack, news has also now emerged that Equifax's chief information officer and chief security officer are “retiring”.

DoNotPay To The Rescue

The chatbot, called 'DoNotPay' (originally launched in March 2016 by British student, Joshua Browder), is famous for providing legal advice that has led to a reported 375,000 claims against parking tickets. The fact that the Equifax hack included social security numbers and personal details of an estimated 143 million Americans, has prompted the modification of the DoNotPay chatbot so that it can automatically sue Equifax for $15,000 per claim.

No Need For A Lawyer


Personal legal help is notoriously expensive, and is often seen as a barrier to claims, but one advantage of the modified DoNotPay bot is that it essentially helps users to fill out the PDF form that can be used to file a suit in small claims court, thereby removing the need to hire a lawyer from the equation.

Worked For Refugees

Back in March this year the same DoNotPay bot was modified to provide refugees with legal advice and help, via the Facebook Messenger app. The bot was re-configured to help refugees to the UK and the US complete their immigration applications, and was developed using the help of lawyers in both countries.

Also, back in August 2016, a modified version of the same bot was released to help those in need of emergency housing.

What Does This Mean For Your Business?

The full extent of the Equifax hack (believed to be is the largest in US history) is not yet known, but the Credit Rating Company is believed to hold the data of 820 million consumers and 91 million businesses. Many businesses are direct customers of Equifax. Given the fact that many businesses are likely to have been affected, and given the apparent conduct of a company trusted to safeguard identities finances (sitting on the hack for 40 days, executives selling shares before telling the public, and apparently failing to plug a known vulnerability), there is likely to be an appetite to seek compensation / redress from Equifax.

An easy, fast, and low-cost way to do so (no need to pay for a lawyer), such as the modified DoNotPay chatbot is, therefore, likely to be popular with businesses and consumers alike.

The Equifax hack is also a reminder to all businesses of how vital it is to keep security systems up to date and to maintain cyber resilience on all levels. This could involve keeping up to date with patching (9 out of 10 hacked businesses were compromised via un-patched vulnerabilities), and should extend to training employees in cyber security practices, and adopting multi-layered defences that go beyond the traditional anti-virus and firewall perimeter. Companies need to conduct security audits to make sure that no old, isolated data is stored on any old systems or platforms, and may now need to use tools that allow security devices to collect and share data and co-ordinate a unified response across the entire distributed network.

No comments: