Our lives exist entirely online: where we live, where we’ve been, who we know and what we’ve searched. We trust that someone out there is keeping our information secure.
However, even large multinational companies can’t keep their data safe. One of the largest data breaches in U.S. history occurred last fall, and a recent investigation discovered the hack was far worse than previously imagined.
In September 2017, Equifax announced a security breach left 145.5 million people compromised. Equifax left their door wide open to hackers after not updating the Apache Struts web-application software. The vulnerability issue was disclosed a couple of months before they were attacked, meaning that the breach could have been prevented.
Under current regulations, only eight states have a required timeline for data breach notifications, so companies can inform the public whenever they please. For example, the beleaguered company Yahoo! took more than an entire year to notify the public about its security breach. In 2016, after a hack that left 57 million people’s data vulnerable, Uber paid the offending hackers $100,000 to delete the data.
Although it takes companies time to investigate a data breach, consumers need to know in order to adjust passwords, cancel credit cards or delete accounts. Unnecessary delays can give consumers a false sense of security.
The Federal Trade Commission, the data regulators of credit bureaus like Experian, does not have the power to levy fines after breaches. This lack of authority leaves the commission completely toothless, and it gives credit bureaus the same amount of regulatory freedom as a student only taking pass/fail classes.
Normally, security breaches tend to be very abstract to the general population. We see the Sony Pictures hack and think: “Sucks for them.”
However, the Equifax hack affected almost half of all Americans, meaning anyone who has ever opened a bank account, gotten a bank loan, owned a credit card, cashed a credit check for a job or rented an apartment is vulnerable as a result of this hack.
This hack in particular is even more worrisome because the information pertains to extremely private information. All the ingredients necessary to steal an identity were released: social security numbers, addresses, tax identification numbers and phone numbers.
The saddest part is that most people did not directly place their data in the trembling hands of Equifax; it just happens to be a part of the credit-based lifestyle that we live.
We cannot afford for companies like Equifax to be fumbling the keys to our identities. While severely punishing Equifax financially is a direct course of action, we have to also take a good look at our regulations when it comes to identity protection and data security.
Companies that handle personal data need more regulation because we have seen time and time again that they do not have the responsibility to regulate themselves. Data security is a slippery slope, and even minuscule mistakes can have enormous impacts.
Personal data security should be a priority for all citizens, because the quality of our lives depends upon it.
Senior staff columnist Perren Wright is a computer science junior and can be contacted at [email protected].