By Noah Kim
It seems like over the past month or so it’s been impossible to avoid a headline on the recent Equifax breach. The average student perhaps hasn’t been too invested in the storyline, and understandably so, as we are probably not the ones most directly affected by the hack. However, the shocking events that have unfolded are indicative of problems that may reach a peak when we take over the adult world. Here’s a quick timeline of what has transpired over the past month.
- September 7: Equifax publicly reports that in July, hackers gained access to Equifax’s data, with almost 145 million users compromised.
- September 8: Shares in Equifax go down almost 13%, while Equifax draws public criticism for attempting to get customers to waive their right to sue.
- September 11: Government investigation into the hacks begin, as it is unclear whether government information was also compromised during this hack.
- September 27: CEO of Equifax, Richard Smith, steps down, with an official hearing scheduled for the following week.
The investigation of Equifax has led to many startling conclusions on the nature of the corporate-consumer relationship. For starters, the fact that Equifax was hacked in July but the public was not notified until early September is very significant. Theoretically, these hackers gained very sensitive consumer information, including one’s social security number. This means that these hackers could have opened many credit accounts under the name of Equifax’s customers, and may have been doing so for a couple of months now. This can easily ruin many American’s lives, as important metrics such as credit scores could plummet. Additionally, the magnitude of this problem may prove hard to quickly fix or solve.
Most unsettling throughout this debacle has been the gross negligence on the part of Equifax. It was unearthed that the security vulnerabilities that the hackers were able to take advantage of could have been addressed in a program patch that came out months prior to the hack. Additionally, the security precautions taken by Equifax were laughable, with the Admin credentials for their Argentinian credit-report site as “ADMIN/ADMIN.” It has become very visibly ironic how lax this credit monitoring company’s security has been. Also ironic is that the customers who had their data compromised did not even directly consent to their data being stored through Equifax. Rather, all credit-related checks go through Equifax, meaning that almost all working Americans have had a stake in the recent hack.
The Equifax hack has created a very strong case to update data breach laws, as there are currently no regulations in place. The fact that it took Equifax almost two whole months to notify their customers that there was a problem is very concerning, and indicative of extreme self-interest. While it can be beneficial for a company to run diagnostics and understand the hack before going to the public, it is hard to say that, in this case, the best interests of the consumer were in mind.