On September 7, 2017, Equifax announced that 143 million American’s personal and financial information, including names, social security numbers, addresses, birthdates, and credit card numbers, had been illegally accessed and stolen by hackers in one of the most severe and alarming data breaches in US history. The data breach exposed the highly sensitive private information of nearly half of the American population and put 147.7 million Americans at significantly increased risk of identity theft. One year later, here are the five things you need to know about the Equifax breach and its fallout.
1. How Did It Happen?
On May 13, 2017, hackers were able to exploit vulnerabilities in Equifax’s dispute portal, gaining access to the credentials of 51 Equifax servers that held highly sensitive personal and financial information. Hackers had access to Equifax’s servers for 76 days, slowly siphoning off data up until Equifax became aware of the intrusion on July 29. To make matters worse, the hack required minimal programming knowledge and took advantage of a security exploit the company knew about for months. Experts and analysts still don’t know who was responsible for the hack or how the data has been used.
2. What Has Been Done?
At the time, it would have been reasonable to expect swift and direct action given the extraordinary scope and severity of the breach. Instead, Equifax responded by offering a free credit monitoring service that included a mandatory arbitration clause. It was quickly revealed that top executives unloaded company shares in the time frame between learning of the breach and announcing it to the public, a move that appeared to be in flagrant violation of securities laws. In Congress, legislation was introduced in January requiring more stringent data protection from credit reporting agencies but it failed to gain traction. Fines and legal repercussions for Equifax never came to pass.
3. Data Breaches On the Rise
Since the Equifax announcement, wide scale data breaches and leaks have continued to make headlines at an alarming rate. In March, Facebook faced public outcry when it was revealed that the political data firm Cambridge Analytica accessed the private information of more than 50 million users without their knowledge. In June, it was revealed that Exactis, a Florida-based data broker, had exposed the records of more than 340 million individuals by failing to secure a massive database of consumer information. Just this month, in a bombshell news report by the Wall Street Journal, it was reported that Equifax fell victim to another theft two-years prior to the 2017 breach. Thousands of pages of confidential business documents were stolen by former employees as they headed for new roles in China. All told, according to the Identity Theft Resource Center, there were more than 1,300 data breaches in 2017 alone, up from less than 200 in 2005, a record that will more than likely be eclipsed yet again in 2018.
4. The Current System Has Failed
Accurate, secure, and credible credit information is vital to consumers looking to access loans, get a job, buy a home, or rent an apartment. Large private corporations have failed time and time again to safeguard the private data of millions of Americans. Equifax collects consumers’ personal and financial data from mortgage lenders, credit card companies, student loan servicers, banks and over 10,000 other various sources. Data aggregation is Equifax’s prized honey pot, with $3.1 billion of their $4.34 billion in revenue coming from selling consumer data.
As this personal information is leaked and compromised, the credibility of both the data and the agencies responsible for safeguarding it is put into doubt. It is consumers who continue to bear the consequences of inadequate and ineffectual data security and digital privacy protections. With identity theft on the rise, reaching financial damages of over $107 billion in the US over the past six years, and 6% of US citizens having fallen victim to identity theft, it is clear that antiquated centralized storage models are costing Americans dearly while the companies responsible continue to evade responsibility.
Bloom: Own Your Data
Bloom is a standardized, programmable ecosystem to facilitate on-demand, secure, and global access to credit services. Bloom implements globally federated, secure ID’s on the blockchain, dramatically mitigating the risk for identity theft due to data breaches by reducing our reliance on single-source forms of identity verification.
You shouldn’t be required to give all of your personal and financial information to each and every company that you come in contact with while not knowing nor being able to control how that data is being transferred, stored, and used. Public-key cryptography makes it possible for Bloom to securely and seamlessly share data with identity verification companies and lenders, without the exposure risk of centralized storage and aggregation. Financial activity that is privately linked to your identity such that you are in complete control of how and when that data is accessed.
It is our belief that you should own your data, control your data, and authorize the use of that data. With Bloom, you own the private keys to your identity and financial information and only you can decrypt it. We believe in a world where you finally control your own information. We are building Bloom to bring identity and credit to the 21st century. It’s time to take back our data.