Breach in the Digital Fortress
Imagine you have lost the key to your safe. There is a single key and it is the only one that will grant you access to all your life’s savings. You cannot break into the safe or alter it in any way. This is what Equifax has done to its customers.
Equifax is one of the top three credit reporting agencies, alongside Experian and the TransUnion. These companies note down the financial data of all Americans, including their name, Social Security Number, date of birth, driver’s license number and their address; information that is mostly permanent. Equifax has lost these personal data records of around 145 million Americans.
“What does it all mean?”
Let’s say your personal data is lost to hackers. These hackers can now make purchases from your credit cards, worse, issue new credit cards in your name. In short, the hacker has stolen your identity. So, whatever the hacker does, the impersonated person has to suffer, making him completely vulnerable.
“Was Equifax a responsible company?”
Equifax was alerted by homeland security in March 2017 about a critical vulnerability in their software systems. This warning was ignored. Also, Equifax reported the entire breach in September, whereas the data was hacked in July. This gave the hackers plenty of time to misuse the data, even sell it, putting half the US population at risk.
Equifax has itself leaked customers’ data in the past. Customers received personal data information via email which was not their own. Considering this, it is evident that data of customers was never really safe. The risk was to an extent that they might be held accountable for actions they had never performed.
“What now? What could Equifax do next?”
One solution to the problem is to approach each of the top three companies and freeze accounts, so that no one can access it, including the owner; unless it is reversed. In this way, even though you cannot change the data, you can still have a security of your own. Another alternative is to use the company’s own credit protection products, which are expensive but provide more protection to the customers.
Hence, although procedures against the company will take years to complete, the concerned parties will have to take measures to protect themselves from being exposed. The government and the companies should realise the importance of such information, manage them and take necessary steps to protect it. If not, there will be no confidence in the authorities and the security they provide, in the future.
Utkarsh Harlalka | PGDM 2017-19