Major Data Breach Rattles Both the Private and Public Sector

On September 7, Equifax revealed one of the most shocking data breaches in U.S. history. (Photo by Marco Verch used under a Creative Commons license.

Equifax credit agency claimed on September 7, that sensitive information including the social security information and driver’s license numbers of nearly 143 million Americans was compromised in a data breach.  

Political scientists and economists alike are being critical of the way Equifax handled the breach, as well as the widespread effect this breach could have on Americans.

Avivah Litan, a fraud analyst at Gartner, told the New York Times, “On a scale of 1 to 10 in terms of risk to consumers, this is a 10.”

According to research done at The National Academies Press, those leading the political economy should make efforts to limit cybersecurity threats by “creating incentives to boost the economic benefits that flow from attention to cybersecurity and should penalize inattention to cybersecurity.”

Following years of corporate and government breaches, the Cybersecurity Act of 2015 was passed into law, as part of the omnibus spending bill, with the goal of creating a collective information sharing platform for the private and governmental sector to detect possible cyber threats.

The Hill contributor Eric O’Neill following the passage wrote: “A collaborative approach to defending against cyber-attacks is necessary.”

However, he also recognized the inherent flaws in this system, including the inability to gather all of the information necessary to prevent large-scale threats, as well as the risk involved with companies sharing information with the federal government.

Moreover, the Cybersecurity Act has little effect on the private sector, and corporations are not obligated to share their information with any government entities.

O’Neil believes that information sharing among the private sector regarding possible cyber security threats would be ideal and more efficient than government involvement.

Those affected by the recent breach in credit information will receive some benefits from the company such as free access to Equifax’s’ credit monitoring service for one year. However, initially, in order to redeem this service, consumers must waive their right to a class action or personal lawsuits against Equifax. The company has since waived this requirement given the backlash it received.

Elizabeth Weise of The Atlantic elaborated on Equifax’s insufficient security methods by stating

If it was due to an older vulnerability, many experts believe Equifax should have been aware of it and patched the flaw, as such patches are quickly made available.”

Brian Butler, President and CEO of Vistra, a public relations firm in Tampa, stated “They [governments] have a role, but how deep they go I am not sure, we have to have some studies and analysis done to figure out how much of a role the government should play.”

Butler believes there is a certain amount of care that must go into handling sensitive information. “If you are responsible for people’s data, you have to be honest with what’s going on with that data,” and Butler elaborated that Equifax did a poor job of fulfilling this requirement.

The magnitude of the breach and the sensitivity of the information stolen has left many wondering how the hackers were able to penetrate Equifax’s security systems.

Litan stated “Equifax should have multiple layers of controls” to prevent hackers from breaching all of the data if they were to penetrate individual layers of security.

Butler’s views regarding security aligned with Litan’s, as he explained how the government should “mandate higher protection” and how even something as simple as frequently changing passwords within the company isn’t regulated, but highly necessary.

On Monday, Equifax announced Richard Smith would “retire” as the CEO and chairman of the board while retaining his $18.4 million pension.

Comments are closed.