Equifax data breach: What you need to know
An estimated 146 million consumers, that’s almost half of the U.S. population may have had their personal information stolen due to a data breach at Equifax, one of nation’s major consumer credit monitoring agencies . Here’s what you need to know
Credit monitoring company Equifax is now in the running for the worst handling of a data breach ever.
Not only did it potentially give up ready-made identity theft packages for more than half of all adult Americans, its response has been heartless verging on evil. The company should be prosecuted and severely financially damaged, but it's acting like it's above the law.
The Equifax breach involves "full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers." This is far worse than your usual name-and-email breach, or even name-email-and-password, because it gives thieves everything they need to open bank accounts, credit cards, and get loans in your name.
The data was accessed via a "US website application vulnerability." Let that sink in. A company with power over the financial destiny of most Americans—you cannot opt out of data collection if you want to participate easily in the modern American economy—let everyone's data be exposed through its public-facing website.
Equifax responded to the breach with supreme arrogance. After hiding it from the public for more than a month (giving the CFO a chance to sell stock), it directs people to a website where they have to enter the last six digits of their Social Security number to see if they've been pwned. Because, of course, right now you want to trust Equifax with your Social Security number. It then responds with a confusing message about signing you up for credit monitoring.
But oh, it only gets more sinister from there. Twitterer Zack Whittaker points out that even by checking to see if your info was stolen, you waive your rights to sue Equifax for their malfeasance, which has since caught the eye of regulators.
Equifax Must Be Punished
The government needs to come down on Equifax hard. The problem is that Equifax offers a privatized, quasi-government function. If you want to participate in the modern US economy, you're subject to the company's rating and arbitration. If you want to rent or buy a home, get a car loan or a cell phone plan, Equifax and its two interchangeable quasi-competitors get to decide your financial fate.
("Not so!" says one commenter, looking up from sewing his handmade clothes in his solar-paneled cabin which he paid for with cash. Okay, Mr. Unabomber, moving on.)
The Washington Post says analysts are "puzzled" by why Equifax is acting with such a tin ear. I'm not puzzled; the answer is impunity. When you feel like you have nothing to lose, like you're not under threat, you're going to do the absolute minimum in situations like this. That's what Equifax is doing.
We've seen these data breaches before, and we're going to see them again and again until companies are held accountable for their cyber-security practices. So far, no company has been prosecuted or fined for a data breach in any way that would actually hurt it. When Target settled for $18.7 million for a 2013 breach, well, that's about one hour of revenue for the company, given a 10-hour store day over a 365-day year. Adobe paid just $1 million for exposing 38 million people's records.
The four-year gap between Target's breach and its settlement shows another problem: justice must be swift here. We don't want four more years of identity theft before companies get around to taking data security seriously.
The Equifax breach is the worst ever, because it's a company we can't really choose not to use, and it's a company whose whole job is to hold our personal data for the financial system. If the government cracks down here, it'll send a message that corporations need to take cyber-security more seriously. If not, well, we just all better get used to having our identities regularly stolen.
This article originally appeared on PCMag.com.
Get a daily look at what’s developing in science and technology throughout the world.