search slide
search slide
pages bottom

Equifax Breach Compromises Data of More Than 143 Million People

Equifax, one of the United States’ primary credit reporting agencies, announced Thursday that its databases had been breached. Private information on more than 143 million people in the US, including Social Security Numbers, driver’s license numbers, addresses, birth dates, and credit card information may now be out in the wild. This is the largest such incident in history.

The breach was discovered back in July, and since the company has been conducting a private investigation. Equifax did not begin notifying victims until this week, though claimed that it did not notice any fraudulent use as a result of the breach on any affected accounts.

“Criminals exploited a U.S. website application vulnerability to gain access to certain files,” Equifax said in a statement, adding that hundreds of thousands of credit card numbers were stolen as well as “dispute documents” that contain personally identifying information for “approximately 182,000 people.”

At issue, of course, is the growing problem of big data, the lack of layered security, and the arrogance of companies that don’t prepare their systems to “fail well.” Equifax, in particular, comes out pretty bad in this, given the unscrupulous practices such agencies use to sucker employers and other organizations into using credit reports as a proxy for trust-worthiness even outside of the economic sphere. Companies like Equifax, as well as its compatriots Experian and TransUnion have routinely collected tremendous quantities covering almost the entire financial history of just about everyone in the US.

This has helped fuel an entire cottage industry of bogus debt collection, harassment, manipulation, collusion, etc. to create markets for collected data. From there, credit reporting agencies sell their “services” (i.e. your information) to various organizations including banks and retailers or potential employers.

These agencies are not only routinely wrong, but the sheer quantity of sensitivity of data collected should, at the very least, warrant one of the highest standards of caution possible. Instead, it seems, Equifax skirted best practices and left many of its most sensitive data unsecured, unencrypted, and together in large enough, contiguous blocks for the attackers to have made off with one of the single most complete troves of stolen data in history.

Data protection and privacy, thanks to the dominance of organizations like Equifax hasn’t been appropriately regulated or handled in… basically ever. This all but guarantees that almost nothing will change, few, if any, will be punished. And Equifax’s shares fell a mere five percent. After a breach that compromised well over half of every adult in the United States.

“This is a security risk for any and every website that anyone uses,” founder of Cybersecurity firm Soteria, Chistopher O’Rourke, told CNBC.

“Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare, worse in many ways than the Office of Personnel Management government breach,” O’Rourke added. “It’s nasty. If I can get my hands on that information I can call a bank. They’re going to ask me for your Social, address, the information that was leaked here, to get access.”

In a flaccid attempt to right this hilariously grim, ironic mess, Equifax has setup a website to educate victims on the data breach. The company refers to every affected as either “customers” or “consumers,” which is perfectly dehumanizing in the most insidious way.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” CEO Richard Smith said in a statement. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

Hopefully, one day, we’ll have sensible data security policies and this won’t happen. Also, maybe don’t have tons of companies running around that gather up all of our data and super pinky promise to protect it. Until then… good luck.

Let us know what you like about Geek by taking our survey.

Leave a Reply

Captcha image