The Never-ending story: Equifax
I don’t prefer to write about the same subject time after time, but in Equifax’s case, new wrinkles just keep popping up. Seemingly every day brings another update in the news. Yesterday, it came out that on top of everything else, the Equifax breach also exposed driver’s license data for around 11 million people. Combined with the Social Security numbers, credit card information and addresses already confirmed stolen, this data could facilitate identity theft for any cyber thief with access to it.
More damning news for Equifax: according to a study from CreditCards.com, approximately 71 million Americans seem unaware that the breach even occurred. The study reports how only 61 million people checked their credit reports soon after the breach, which sent the phones into overdrive at both Equifax headquarters and the three major credit bureaus. Surprisingly, the most unaware demographic seem to be young millennials, the most perpetually online group you can find. If true, that so many of them may have missed this news somehow is pretty startling.
It just never ends with this story. Today, in light of a -2.8% drop in shares and a web site taken offline, word of potentially yet another breach is starting to circulate.
A small silver lining is the continued pushback this incident seems to be driving on Capitol Hill. Congress is now demanding that credit bureaus stop using Social Security numbers as part of verification. Legislation also introduced today would require Equifax and the two other major agencies to phase out this practice by 2020. Continuing the theme of what I alluded to last time, the bill would also create a national framework for credit freezes, as well as uniform federal standards for credit reporting cybersecurity.
According to White House cybersecurity coordinator Rob Joyce, the SSN has “outlived its usefulness” and should be replaced by a secure “modern cryptographic identifier.”
They are a good start, these types of post-Equifax proposals, of which this one is at least the third. I’m glad to see such a focused effort from Washington on these issues, as data is more at risk than ever before. Hopefully there will be enough of an incentive this time to crack down on those who take this risk too lightly.