Equifax Data Breach – one year later (PART ONE)
It’s been about a year since the Equifax Data Breach was announced. It was one of the largest data breaches in U.S. history. Their negligence resulted in hackers stealing the social security numbers and other sensitive information of 148 million Americans. What has happened since?
Equifax is one of three major credit reporting agencies. Their data files contain highly sensitive information on millions of us. Any company responsible for collecting sensitive data should be required to take any and all precautions necessary to protect that information from criminals. The Equifax data breach proved that they failed miserably! As with so many prior breaches, this one was entirely preventable.
The scope of this massive breach should have shocked Washington to enact sweeping reforms. You would think that if the social security numbers of over half the adult population of the U.S. were exposed, that Congress would take appropriate action to fix the problem. So what did Congress do to punish Equifax and protect its citizens from future calamities?
Well – One year later, not much has changed
At first, there were Congressional hearings where discussions focused on setting new Federal standards for how companies like Equifax secure data.
Investigators looking into how the breach occurred discussed imposing a penalty for Equifax’s failure to timely patch the vulnerability hackers exploited to steal their data.
A national breach notification law was discussed that would require a time frame wherein companies must notify the public once personal info is stolen from a data breach.
BOTH BILLS PETERED OUT!
Why? “Regulation is tough in this political climate,” said Tom Gann, the chief public policy officer at McAfee. Congress was too busy focusing on another more pressing cyber-security issue – Russian interference in our elections. Congress can’t seem to focus on more than one cyber-security issue at a time.
The government’s Consumer Financial Protection Bureau (CFPB) recently reported that the Equifax investigation is ongoing.
Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology (CDT) says she is still optimistic about Equifax-type legislation in the new Congress.
ON THE BRIGHT SIDE
States like New York and California have since put their own protection regulations in place and 48 State Attorneys General are investigating the firm. Equifax also faces more than 240 class action lawsuits.
The FTC is also examining the Equifax data breach, which may result in Equifax facing large financial penalties. In a prior 2012 settlement with the FTC, Equifax was slapped with a $393,000 penalty.
Additionally, the Equifax breach did at least cause a spike in the number of financial firms that have since beefed up their investment in better cybersecurity.
You can read my original article about the Equifax Data Breach here
In PART TWO of my article, I will give you tips on things you can do to protect yourself. So stay tuned…