Jane Lytvynenko went digging through the Equifax class-action suit and uncovered some absolute gems:

Furthermore, Equifax employed the username “admin” and the password “admin” to protect a portal used to manage credit disputes, a password that “is a surefire way to get hacked.” This portal contained a vast trove of personal information.

Hanlon’s razor often applies in security breaches like these, but I can’t see this as anything but pure negligence by Equifax’s technical teams. There’s more:

Equifax also failed to encrypt sensitive data in its custody… admitted that sensitive personal information relating to hundreds of millions of Americans was not encrypted… Not only was this information unencrypted, but it was also accessible through a public-facing, widely used website.

Filed under you-gotta-be-freakin-kiddin-me