Equifax’s Hit and Colossal Miss

After the recent hack involving tens of millions of identities and credit histories at Equifax, the company managed to further bungle the issue with poor management decisions and further hacks. In his recent , Philip DeFranco outlines the damage caused by the hackers and Equifax through their lacking IT security systems. One of the shocking facts in the case is the long wait by Equifax to release the news to the public: “All that sensitive information for 143 million people and Equifax waited six weeks to announce the breach. A month-and-a-half, they waited, which is crazy!” news video As one of the three major American credit reporting firms, Equifax collected information in a variety of forms: loan payments, credit report searches, driver’s license numbers, home addresses, SSNs, birthdays, and billions of other data points about everyday Americans and their financial lives. If you have ever applied for a loan, filled out an apartment lease application, opened a bank account, or interacted with the financial system elsewhere, your name and information were collected by Equifax and subsequently stolen by hackers. The information is already available online for sale in “Dark Net” forums and online marketplaces for criminals. Fraudsters often purchase stolen identities in bulk from hackers and go on to use the information for fraudulent purposes. To add insult to injury, Equifax suffered another cyber-attack in the aftermath following the hacking announcement. Their own website generated a nefarious pop-up with malware download links for unsuspecting users looking for information about the hack. These pop-ups could fool the site’s visitors into clicking on links to fake Adobe updates and malicious malware. Security protocols at the credit reporting agency were sorely lacking before and after the hack. Equifax responded to complaints about their website with blame placed on a third-party vendor running code on their website. The company has since removed the malicious links and removed the hacked page. Identity fraud affects millions of Americans every year. Some experts place the total losses from this type of fraud around $50 billion per year. As more and more financial transactions move online, the need for comprehensive online security is greater than ever. Identity theft can happen in a variety of ways from low-tech and basic theft to high-tech and advanced hacking. Stealing a person’s identity can happen in the real world or online, but the internet makes it easy to commit fraud once a scammer has the information required. Online credit applications and online stores are simple to defraud once a criminal has people’s personal details One of the best ways to be protected is by paying attention. Everyone is vulnerable to an attack including students, seniors, and even businesses. Always make sure to read your statements from credit card companies and other financial institutions. Keep your personal identification and other important documents in a safe and secure location. If you use a computer for your personal banking, make sure you keep your software updated and always keep your passwords safe. Use a VPN (virtual private network) if you must use a public Wi-Fi access point. If you want to learn more about identity fraud, the has online resources for consumers and victims of fraud. Federal Trade Commission website As soon as the news hit from Equifax regarding their data breach, the world was quick to admonish the company for allowing the hack. Many pundits and IT experts pointed to blockchain technology as a potential solution to stop future hacks. With the recent success of Bitcoin and other cryptocurrencies, it appears that the blockchain revolution is here to stay. For Equifax, the technology offers a promising future to help them secure their data. Consumers and credit score users (such as banks and landlords) could use a blockchain-based system to ensure information is kept safe. It remains to be seen whether Equifax will adopt revolutionary technology or simply plug the holes in their existing IT security infrastructure. David Brent of Accenture’s blockchain technology consultancy admits that “their focus should be on the latest encryption and security techniques for hardening and protecting data sources.” The blockchain isn’t nearly as useful to secure massive datasets such as consumer credit history, but the technology offers a lot of potential security improvements for companies and consumers to safeguard their identities online. Blockchain-based identities are a new idea, and, while it’s unlikely we will see massive adoption on a large scale, people concerned with their financial safety are already looking into solutions and moving over to companies promising them such security, leaving the data giants such as Equifax far behind for newcomers such as civic, who promise closed blockchain systems where security is of paramount importance. It’s incumbent upon Equifax and other large dataset-guardians such as governments and retailers to shore up their defense in the wake of the recent hacking spree. Most companies can ill-afford the bad press and litigation costs from a major data breach, and the consumers of the world deserve better when it comes to protecting personal data.