The Equifax Data Breach: Its Reach and Implications

 

The recent Equifax security breach will have long-term implications for citizens for decades and may forever change the credit industry.

Lawmakers, regulators, and consumer protection groups are launching investigations and considering regulatory changes. Here is a closer look at the Equifax data breach: its reach and implications.

The breach exposed massive amounts of personal information to hackers. Names, addresses, Social Security numbers, credit histories, and credit card numbers for nearly 145 million Americans were affected by the breach. The breach was discovered in July 2017 but not disclosed to the public until September.

What makes the breach even more galling is that the company was alerted to a potential security issue months ahead of the breach but did not patch the vulnerability. In the technology news, that inaction was met with disbelief by cybersecurity experts.

Here are a few of the major implications in the wake of the Equifax breach.

1. New Approaches to Security

Poor patch management was a root cause of the breach. It was exacerbated by a reliance on open source code with vulnerabilities. To address these gaps, it’s likely that artificial intelligence programs that improve analytics and detection will play a larger role in the future. These tools could achieve better results than hundreds of analysts.

Another area needing improvement is the use of Social Security numbers for identity management. However, there are no clear solutions on the horizon.

2. Regulatory Scrutiny Grows

New bills have been introduced in both the House and Senate to provide additional consumer protections. These proposed safeguards include allowing consumers to freeze and unfreeze credit profiles for free, establishing minimum security standards for credit bureaus, requiring short timeframes before disclosing breaches to customers or other victims, and restricting companies from forcing arbitration on data breach victims.

Experts say more rigorous technologies are needed to prevent further data breaches.

3. Additional Credit Awareness

The Equifax breach, which affects half the U.S. population, has raised awareness about how Equifax and the other large credit bureaus (Experian and TransUnion) operate. With $9.4 billion in combined annual revenue, the three companies have a virtual oligopoly in the credit industry.

Consumers due to the breach will need to monitor credit reports and act aggressively to address errors for decades if not the remainder of their lives. The one seemingly positive outcome of the breach is that consumers have gained more awareness about how credit bureaus operate and how to protect their credit.

4. Equifax Legal Troubles

Both branches of Congress, 40 state attorneys general, and the Federal Trade Commission have launched investigations into the breach. The city of San Francisco and the Massachusetts attorney general have already filed lawsuits on behalf of residents.

While unlikely, the state of Georgia, where Equifax is incorporated, could institute the “corporate death penalty.” That would mean filing a lawsuit calling for the dissolution of the corporation on the grounds Equifax “has continued to exceed or abuse the authority conferred upon it by law.”

Equifax’ business strategy in dealing with the breach has come under continued scrutiny when it initially required consumers to waive the right to sue in order when checking if their data had been compromised.

It’s clear the breach will have longstanding effects on the credit monitoring industry and Americans’ concerns about credit reporting.