EQUIFAX 143: The Burning Wound

The Equifax data breach. You’ve heard enough, right? Yeah, 143 million people had their private information stolen, yadda yadda. We get it. It happened. Back to business? No, not at all. It’s time to take a closer look at an epidemic that is going to impact nearly everyone. From this breach alone, there will be attempts to steal the identities of tens of millions of people and of course, the subsequent phishing scams will be sent to their contacts and an ensuing virus will have its own repercussions.

While it’s difficult to determine the number of people who will have their lives impaired by this fiasco, the costs are also difficult to assess. It is however safe to say that they are anything but insignificant. Who is responsible for what is really an en masse modern-day home invasion? One would think the guardians of the data although it’s said to be a victimless crime if insurance pays. The truly accountable Equifax is somehow not responsible. This is yet another crime.

Having the last four digits of a social security number is enough to gain access to all of our important data on many significant platforms. This is simply not okay. Were people the least bit aware of basic security, everyone would realize that an incomprehensibly egregious infraction went unpunished. Those four numbers which are shared to millions of customer service reps daily can pop open a treasure trove of data like a bird feeder. We do this on the phone and on random websites, which is tantamount to making a public announcement declaring open season on personal information.

It’s hardly an intractable problem. A small nation like Estonia grants e-residency for the technologically ambitious and utilizes a secure ID card that connects to personal computers. Stateside, an initiative of this order may not be feasible in the short term, but the simple implementation of 2FA or two-factor authentication would represent a massive step up. Although not bulletproof, an authenticator that does not use SMS verification can offer a significant reduction in hacks. This is an inexpensive, simple alternative to a porous system that has become a boon for hackers.

No one seems to know how easy it is for a hacker to pull data off a secure server. I can assure you that it’s a joke and ignorance has allowed this to persist. It’s not a risk we run in the information age or a cost of doing business. It’s the abject overlooking of a massive issue and the price of avoidance far outweighs associated expenses. The offending companies are routinely leaving the stable door open and need to be held liable. Boycotting them represents a humble beginning.

And for all our fans of irony- in the aftermath, Equifax offered people a chance to put in the last six digits of their social to see if they had been hacked. Guess what? The site went down for some time and was believed to have fallen victim to a phishing scam. This epic display of ineptitude should not go unnoticed.

Even though basic security currently falls under the heading of “geek,” does not make anyone less responsible. The longstanding leviathans of the Fortune 500 that continue to err by way of inaction are preying on their customers. The guard is changing but not fast enough. We can not expect business to respect our personal information so long as we shrug it off and remain uncaring ourselves. The guardians of this precious data belongs in the hands of the technically competent and cryptography is not free. Ignoring clear and present dangers in the name of future earnings announcements is inexcusable. Somewhere along the line, the buck and associated peril can not be fobbed off on the public they serve. Wake up.

Trevor Goering – CEO, Gotham Security