One of Equifax’s most significant cyber attacks occurred in September 2017, in which the company lost sensitive data belonging to 147 million people. This breach revealed personal data such as the patient’s name, Social Security number, date of birth, address, and driver’s license number. There is no doubt that it ranks as one of the biggest and most analytically destructive security violations in history.
This breach and how Equifax reacted to it showcased some of the enormous risks that a firm such as Equifax poses to common consumers. Here is information about why the Equifax breach was concerning and some of the threats it introduced.
The extent of Identity Theft
In particular, the Equifax breach was potentially dangerous because of the scale – of the firm and the type of data leaked. Rates of infection were high with 147 million individuals infected, it impacted almost half of the US population. The information that was released as a result of the breach also gave what security personnel refer to as the “keys to the kingdom” which are avenues that were opened for identity theft and other fraudulent activities.
If SSN, birth dates, addresses, and driver's licenses are stolen, the identity thieves have everything they need to open credit cards and other accounts in your name, apply for loans, and even file tax returns to claim refunds and many others. Even consumers themselves could do little to stop this once the information was in circulation across the cybercriminal underground economy of stolen data, this information alone could fuel years of identity theft.
The Leakage of All Personal Information into One Place
The second major concern that Equifax raises is that there is a tendency among some companies to gather too much personal and sensitive information in one database. There is no doubt that Equifax, as a credit bureau, gathers massive amounts of information about people’s credit history, such as loans, credit card accounts, payments, bankruptcies, foreclosures, and much more. Although some information is needed to analyze credit and lending risks, credit bureaus collect large amounts of information that can be worrisome for consumers.
The greater the concentration of data in a particular location, the more appealing that location is to data pilferers, hackers, cybercriminals, etc. Of course, even if Equifax had extremely high levels of cybersecurity in place, the data pool was large enough to merit the effort hackers put into stealing such sensitive personal details of millions of individuals. It poses the query of whether or not any other institution apart from governmental establishments requires as many details regarding people as Equifax has in its database.
Weak Security Infrastructure
Regarding the risks relating to mass information collection by Equifax, there is the problem that their security measures were not well put in place even though they had data on more than half of the US population. For instance, the US Government Accountability Office revealed that Equifax did not follow implemented proper security standards as advised before the attack. They were becoming an attractive target considering their systems and this made them more vulnerable.
The breach happened because the company was using open-source tools and had not applied a security fix that was issued months before the hacking incident. The flaw provided compromise of confidential information without the probability of spectacular stunts as in other cyber breaches. If the parties responsible for maintaining these systems had been more vigilant and competent in patching these systems, the attack could have been prevented. Nevertheless, Equifax failed to fix the vulnerability for a very long time suggesting they have fundamental problems with risk assessment and protection of personal data when people rely on them and share so much information.
Botched Response Increased Dangers
This was exacerbated by Equifax’s bad handling of the breach after it was discovered that there was unauthorized access, which revealed the hidden issues of having private credit bureaus that hold so much personal information of people. The help which they are providing for the victims was not only delayed but also quite unintelligible. At the same time, the upper ranks of Equifax leadership were selling their stock before the credit reporting breach became public knowledge, which created doubt and mistrust.
Equifax sat on the information for well over a month after the discovery of the breach in its system. However, as this paper documented during the pre-announcement period when no public information regarding the firm’s performance was available, evidence exists that insiders were selling stock to avoid holding them once the information was disclosed. This response together with the additional three weeks of obscurity provided the thieves with more time to exploit the stolen data making up for the victims’ risks.
Recent Threats and Risks to Information Security
Subsequently, Equifax committed to the actions increasing their security and having more rigid procedures for the protection of sensitive data. However, the risks are still present in any concentrated credit bureau format possessing massive amounts of individual financial information. Equifax has committed to providing people with more control over personal credit data, which is a crucial first step to address informational risks.
However, the fundamental issue with Equifax to the everyday consumer of the United States is still There is very little that the average consumer can do to control the vast amount of financial information that Equifax or the other credit bureaus collect or the measures they have in place to protect it. Thus, it is impossible for Americans to completely ignore credit bureaus even for those who do not need credits and are ready to give up the possibility to receive a loan for a car or a house with a good credit score only. Reliance as data subjects in a system with insufficient accountability will continue to expose persons to identity thieves who would exploit and monetize individual information.
Therefore, we require continuous legislative and legal interventions to tackle the issues.
The Equifax breach demonstrated how vulnerable consumers have become regarding credit data systems and the financial information of the consumer. Some have suggested legislative changes in the aftermath including national standards for faster breach notifications, prohibitions against the selling of stocks by officers and directors after breaches, and that credit bureaus be made to pay for several years of free credit monitoring for victims of breaches.
However, legislation and a higher legal risk are not going to be achieved without much effort, given that credit bureaus have significant lobbying power in Washington and state legislatures Congress and state governments are under significant pressure from the credit bureau industry when it comes to any legislation that would bring new significant business costs or data management constraints. This influence again highlights the unequal power dynamics between common data subjects and credit giants, who dominate and monetize consumer credit data.
Conclusion
One of the most concerning issues demonstrated by the Equifax data breach in 2017 is the systematic weakness when it comes to consumer data. It is extremely risky to let any private corporation gain control over and monetize data of such nature. As soon as data is breached, it is indeterminately exposed to more unrelenting criminal use. Ironically, Equifax's security failures have only amplified existing threats and risks in permitting a system where such authority over identity and financial details is centralized. Though the notion of absolute security has never been attainable, the model needs to be adjusted to address the question of fairness in the distribution of control over personal information. People should get more freedom to decide when and how their data can be used whether it is by creditors, marketers, and not to forget criminals who will always find their way through the cracks of even the most secure systems. The risks that Equifax exemplifies require aggressive reforms and better cautious restrictions governing data in the credit bureau systems. Lacking comprehensive changes one or all of the bureaus that store heaps of marketable personal information could encounter similar breaches in the future surrendering fundamental identity attributes dear to the American civil liberty-oriented society.
Call now for expert credit repair services: (888) 803-7889
Read More:
What is a good Equifax credit score?
Do lenders look at FICO or Equifax?
Does credit monitoring hurt your score?