The Equifax Data Breach


Jay Park, Web Editor

  It sucks when someone makes a mistake. It sucks even more is when a company responsible for protecting personal data of 145.5 million Americans makes a mistake, and a huge one at that. It’s been a month since Equifax publicized that hackers managed to access its servers, but the public is still reeling from the event, and it might continue for years to come.

What happened?

  As many have heard, one of the three companies (Equifax, TransUnion, Experian) storing American, Canadian, and British personal data has been compromised. All our sensitive data, consumer habits, and every purchase we make online are in the hands of strangers who are intent on using our identities like disposable utensils. Equifax discovered this rift in July 29, but it wasn’t announced until September 7. During that time, not much was done to compensate for the disaster. Credit freezes to protect accounts must still be done manually, and those servers are currently overloaded, making them unreliable. Public knowledge of this matter is still limited, despite the fact we are the victims. Investigation is still ongoing, but new evidences are showing that this breach may even be a few years old.

Why did it happen?

  When most information became stored online, these three consumer credit reporting agencies ascended to a nearly triopoly entity. They became centers for containing detailed economic histories of consumers, constantly sharing and updating data. When a customer makes large purchases or loans, companies needed to know if the customer was trustworthy. They would consult the person’s financial records with the help of the Internet. Previously, gathering this information would take months. Convenience had allowed these agencies to profit off of our data. We had no control over our privacy, and this created serious implications when this data became vulnerable.

  These companies also had no obligation to earnestly protect our info. Unlike credit card companies that must reimburse losses, credit reporting agencies have no such punishments. This is why when a technological flaw discovered months prior to discovering the breach was not thoroughly investigated. The login process through a widely used application called Apache Struts contained a small bug was exploited. Lax security made it all the easy for hackers to make off with our information.

Why is it so bad?

  Well, we only lost privacy of our names, social security numbers, birth dates, addresses, driver’s license information and credit and debit card numbers. ‘Tis but a scratch, am I right? We students are in deep trouble as well.

  As we start creating bank accounts and credit cards, some of us might find that our identity has been used to extract a payment or a loan. Even before entering the economy, our credit data could be mangled.

  Identity theft is also a persistent issue. With this massive leak of personal information, who knows when someone will tap into our accounts at any given moment? Since the breach, our awareness and cautiousness must also rise up to meet the new safety standards. We must constantly be conscious of threats, because no matter how much these data companies say otherwise, our current Internet security is flimsy.

What now?

  Having gone  through the five stages of grief- denial, anger, bargaining, depression, and acceptance- it’s time we came to terms with reality. We are currently powerless to stop these credit data agencies from documenting our consumer data, and only a united effort to petition Congress for action will yield real results and protection. In the meantime, being a conscious and informed consumer should minimize the damages you will take from these leaks. None of us are truly safe, especially our online identities.