Recently, approximately 143 million Americans had their sensitive personal information exposed due to a data breach at Equifax, one of the top three major credit reporting agencies in the US. According to a post on the FTC’s website, the breach lasted from mid-May through July, in which time the hackers were able to access people’s names, SSNs, addresses, and driver’s license numbers.
The FTC post also states that hackers gained access to the credit card numbers of about 209,000 people and dispute documents with personal identifying information for about 182,000 people. The personal information accessed spans from the US to residents of the UK and Canada as well.
It’s important to remember that this investigation is ongoing, and that the totality of the damage as well as the actual amount of information stolen has yet to be determined. Fox Business reports that the number may be much higher than has actually been reported.
“You’re talking about a good portion of U.S. adults,” Hiep Dang, director of Product Management at Cylance and former leader of McAfee’s threat team, told FOX Business. “Conservatively, maybe 75% [of us were affected], aggressively, probably all of us.”
While it’s not probable that 100 percent of Americans were affected by this latest Equifax breach, 100 percent of Americans should absolutely expect that their information will be exposed in future hacks, if they haven’t been already. This is because businesses of all shapes and sizes handle data nowadays. Even major corporations likely aren’t as secure as they should be for a number of reasons, including that the average employee doesn’t know how to protect data, as well as the fact that technology is growing faster than our ability to defend it or than laws can keep up.
Ethical Lapses Will Pervade
Lawmakers from both sides of the aisle are taking the Equifax breach seriously, with the Washington Post reporting that Senators Orrin G. Hatch and Ron Wyden are requesting the company explain “the size and reporting structure of its security team, whether it routinely seeks the assistance of outside experts to test vulnerabilities and whether the company has an established system for receiving and evaluating reports about systemic vulnerabilities.”
Both senators are also asking why the breach, which was detected in late July, wasn’t reported to the public until Sept. 7th. They are also questioning when Equifax reported the breach to board members and senior executives, including three top level executives who sold “large amounts of their shares of Equifax stock totaling nearly $1.8 million in the days after the breach was discovered July 29.”
These concerns represent a wider discussion concerning cybersecurity, future technology, and ethics. The Cornell Daily Sun reports that similar breaches in the past could have been prevented because US intelligence agencies such as the NSA knew about vulnerabilities long before hackers exploited them. In some cases, these vulnerabilities were exploited because the NSA had discovered, and subsequently leaked them.
Taking Cyber Security Seriously
Zeynep Tufekci, a regular contributor to the New York Times opinion section, illuminates another reason why the average consumer needs to take cybersecurity into their own hands.
“There are technical factors that explain why cybersecurity is so weak,” she writes, “but the underlying reason is political, and it’s pretty simple: Big corporations have poured large amounts of money into our political system, helping to create a regulatory environment in which consumers shoulder more and more of the risk, and companies less and less.”
Unfortunately, this points to the sad fact that big corporations aren’t taking cyber security seriously enough, understanding that they’ll walk away with a slap on the wrist for irresponsibly handling and losing information. This also indicates that the average citizen is complacent too, judging by the lack of public outcry.
For now, all you can do is protect yourself more diligently. Check to see if you’re one of the millions of Americans affected by the Equifax breach, and then make sure that you’re vigilant about defending yourself in the future. Andy Gutierrez with Intuit suggests a range of things from disabling SSID broadcasts, turning off Bluetooth visibility, making sure passwords and wireless keys are long and complex, changing them frequently, and creating backups often.
The most frustrating part of this whole fiasco is that there’s virtually nothing anybody could have done to prevent their information from being stolen via the Equifax breach, except Equifax themselves. Hopefully, they won’t get off scot-free, and more people will begin taking cybersecurity more seriously. Until then, we need to be prepared for the day when, by no fault of our own, our private information is stolen.