Sunday, September 10, 2017

Equifax Hack

Equifax just announced this past Thursday that is suffered a huge data breach--a hack that the company discovered on July 29, but waited until now to inform its consumers. Unfortunately this hack most likely exposed the Social Security numbers of 143 million people along with other personal information. This brings around a larger topic of data security especially as more and more people are utilizing features and products of companies that do nothing but collect data on people.

There are three major credit reporting agencies in the United States: Equifax, Experian, and TransUnion. Each of these companies collects a ton of information on credit users. Anyone who has any form of credit ie credit cards, car loans, student loans, mortgages, etc has a file with each of these credit reporting agencies. Lenders report all data in regards to the loans they have out to all three of these companies. These companies are the primary source for viewing your credit reports. For those of you who have ever looked at your credit report, you know it contains a hefty amount of information on you. Your address, your social security number, your name, your birth date, your credit card information, etc. Combine these features together and you have the perfect recipe for identity theft. All this information accessed by hackers through a company you did not even have to ask to opt in to, you just did once you obtained credit. 

Reading this article, How Equifax Turned Its Massive Hack Into an Even Worse ‘Dumpster Fire’, the author states this could be the most economically damaging hack in US history. It also is of interest to discuss how Equifax responded to this hack. It took the company nearly six weeks to announce this breech and when it did, it matched the announcement with a buggy website that allowed you to check if you were affected by the hack. It seems odd that a company would ask consumers to trust a new website prompting for the input of personal information after just admitting it lost all your personal information. It even came out with a protection system that is free for a year but then, of course, begins to charge for its use. Now the company that just exposed 143 million people are turning a terrible situation into a business ploy. 

Do you think this was the proper reaction from Equifax's perspective? How can we ensure our personal data is being secured in a time where every company is collecting some sort of information on us? Do you think companies or the government will realize the implications of these hacks and impose more restrictions on data collection and security?

3 comments:

  1. Hi Emma,

    Great article you have posted here, I really appreciated reading your thoughts and perspective on the Equifax breach.

    In regards to the questions you have posed, I do not believe that Equifax handled this properly in any sense. The top execs knew over summer about the breach, but waited until they sold their shares to publicly announce it. That there is poor practice and failure to take into account the safety of the client base. With the second question, I believe the organizations such as Equifax, which collect large amounts of personal data, need to be more proactive and start modernizing their security stack for todays unknowns. And for the last question, it is my hope that the government will bring much harsher restrictions on companies such as Equifax, and punish them to the highest extent for not being more diligent with the information they have stored.

    Again great article that I really enjoyed reading, looking forward to many more just like it.

    Cheers

    ReplyDelete
  2. Hi Emma,
    After reading your post, I agree with the points you have made. It is astonishing to see how long it took Equifax to reveal about their security breach. I believe that they should have announced it much earlier, after all it is our personal information that was compromised. I don't think that the way they handle this situation was right or professional. As one of the largest credit reporting company, they should have done more than just providing one year of free credit monitoring for those who were affected by this.

    As for your second question, in order to protect ourselves from such security breaches, we need to be careful about where and how we store our personal information. Many people have the habit of leaving their online footprint on their browsers and computers, without deleting history which includes cookies. This makes us even more vulnerable to threats. Though, this won' stop them from collecting our information it can be taken as a simple precaution.

    Lastly, I hope that the government will impose stricter laws regarding cybersecurity. As recently,it was revealed that Equifax was using a widely popular open source server; Apache. Apache Struts had some flaws, and the provider had released patches to the companies who were using this server to fix these flaws. From the article,Equifax Hackers Exploited Months Old Flaw (http://nbcnews.to/2vZQSAo) Equifax failed to apply the patch on time, and at last hackers were able to get through the loop because of the flaw that was not fix! So, I hope the government will force the companies to keep their systems updated and hold them accountable through strict auditing.

    ReplyDelete
  3. Hi Emma,

    This was a very well-crafted article, good job!

    To me, a date breach is very frightening. My personal information is one of my top priorities because it is my identity. Having it stolen can change your life forever.

    In response to your questions:

    1) I do not think that it was an appropriate response by Equifax to release to the public that they were hacked 6 weeks later. I believe that an earlier response would have been better.

    2) Honestly, in terms of keeping our personal data safe with companies that collect it, we have no option but to put faith in them that they will keep it safe. Like you said, there is rarely an option to opt-in or opt-out, most are all opt-in without consent.

    3) I think that the government or other large organizations may look into reworking their rules, regulations, and laws in response to this data breach.

    Again, great article, thank you for educating me on the data breach, because I have heard so much about it, but never actually went out of my way to research it. So you did just the job!

    Best,
    Troy Caber

    ReplyDelete