“Equifax Deserves the Corporate Death Penalty”, one of yesterday’s headlines on WIRED read (Fein, 2017). Equifax is one of the States’ three big credit reporting companies that keep financial data on everyone, so that for example landlords can determine whether or not someone is trustworthy. They suffered a severe security breach, lasting from mid-May through July, but only notified the public in early September.
Equifax failed to protect sensitive personal information of 145 million Americans, nearly half the country’s population. The information in question pertains to names, birth dates, addresses, driver’s license and even worse, social security numbers. As these things cannot be changed as easily as a phone number, this may make a lot of people vulnerable to identity theft. Even more outrageous, to protect themselves, they have to pay credit freeze fees – totalling $4.1 billion – to Equifax (Feng, 2017). Additionally, the identity protection program Equifax is offering for free to anyone who wants to enrol, has two problems: the checker that’s supposed to let you know that you might’ve been hacked is broken; and enrolling in the program prevents the participant in suing Equifax (Profis, 2017).
Breaches of more sensitive data, like bank, social-security, address, and health or employment records, have become so common, a lot of people just shrug an sigh, as an article in The Atlantic puts it (Bogost, 2017). Through the demand of consumers and the willingness of corporates, software development has become easy and popular, making security an afterthought instead of the top priority it should be. Are we becoming indifferent to privacy breaches, just when cybersecurity policy is in desperate need for improvement? And is there a way to protect our personal information, when you’re not really given the choice to have your data stored at corporates like Equifax?
References
Bogost, I. (2017, September 8). The Banality of the Equifax Breach. Retrieved October 20, 2017, from https://www.theatlantic.com/technology/archive/2017/09/the-equifax-breach-marks-the-end-of-shame-over-data-security/539202/
Fein, R. (2017, October 20). Equifax Deserves the Corporate Death Penalty. Retrieved October 20, 2017, from https://www.wired.com/story/equifax-deserves-the-corporate-death-penalty/
Feng, L. (2017, October 20). After Equifax, New Security Considerations Emerge. Retrieved October 20, 2017, from https://www.forbes.com/sites/forbescommunicationscouncil/2017/10/20/after-equifax-new-security-considerations-emerge/#4ef1e74543ef
Profis, S. (2017, September 16). Equifax data breach 2017: Here’s how to protect yourself. Retrieved October 20, 2017, from https://www.cnet.com/how-to/your-guide-to-surviving-equifax-data-breach/
What makes this worse is that after the data breach was discovered in July, three Equifax executives sold nearly $2,000,000 in stock (John Gamble, Rudy Ploder and Trey Loughran) before the public knew about it. And there’s more, in March Equifax was warned by Homeland Security about a vulnerability in their software, but “There was one person who forgot to tell somebody that they had a piece of software that needed to be patched”. Which sounds like they treated it with the same level of urgency as “There was a person who forgot to tell somebody to pick up some milk, so now we don’t have any to go with our cereal”.
This is also not the first time something like this has happened to the company. Equifax started as the Retail Credit Company and due to the lack of regulation they operated in secrecy and in “unsavory practices” (Bernard, 2017). It got so bad that in the 1960s they attracted the attention of the FBI and special legislation was put in place to control the Retail Credit Company (Fair Credit Reporting Act). You might think that this had a large impact on RCC’s public image, but nope, they simply changed their name to Equifax and have been growing steadily.
As for the last point of us becoming indifferent, I think the Snowden case is the perfect example. People do not care about their digital privacy. The reason is that it is hard to see the direct effect. People shrug off that their phones are being monitored, but as soon as you stand behind them while they write their messages, they start getting uncomfortable. To see how little Snowden’s actions have affected the lives of the average American, check out this video: https://youtu.be/XEVlyP4_11M?t=7m14s
The video also contains an interview of Snowden himself, viewing these responses.
Bernard, S. (2017). As Equifax Amassed Ever More Data, Safety Was a Sales Pitch. [online] Nytimes.com. Available at: https://www.nytimes.com/2017/09/23/business/equifax-data-breach.html [Accessed 21 Oct. 2017].