It’s no surprise that hundreds of millions of people are frustrated with Equifax after one of the largest security breaches. And, let’s be honest, many Americans must have saw it coming considering the numerous hacks we have had recently. Hackers found a “vulnerability” in Equifax’s site leading them to retrieve a sufficient amount of Americans most crucial information – social security numbers, credit card data, identity (The Economist, 2017). Because Equifax is amongst one of the largest CRAs, the breach ended up affecting all three of the big players – Equifax, Experian and Trans Union. What goes up, must come down.
The Economist is calling it an “Equifailure” and we could not agree more. Talk about an incredible fall in share prices, taking about a 15% dip after TransUnion, Equifax, and Experian stocks were on a stable, upwards spiral that showed growth in price from January 2017 to May 2017 (The Economist, 2017). Not only are we looking at a huge loss in the market, but a huge risk for millions of Americans. This poses the danger of identity theft and the potential for the government to have to cover the losses. And to make matters even worse, Equifax employees sold shares of the company when they heard about the breach and didn’t even notify the public until weeks later. We don’t like the sound of that.
The big question is why are they still allowed to store people’s data? Wouldn’t you think that after numerous hacks they would be able to re-locate people’s most important data, or at least protect it? As one of the biggest credit holding agencies, Equifax should not be easily hacked. The issue, however, is that it is extremely “central to the American financial system.” That means that nothing can be done to fix the issue and Equifax will just keep going on as if nothing happened in the future and keep storing data even if we don’t know about it. To make matters worse, it is regulated by the Federal Trade Commission and Consumer Financial Protection Bureau, and they aren’t even choosing to halt business (The New York Times, 2017). The real question is why not? Do they not think it is a monetary concern by any means? The employees of Equifax knew what they were doing when they each sold their stake and ended up 2 million dollars richer, while the losses of millions of Americans, frozen credit accounts, and stolen identities leaves them with nothing but fear and financial burden.
Let’s examine a CRA further to understand why our data will continue to live on and potentially, get hacked again. First of all, it is regulated by some of the biggest economic players –– each federal agency regulator is detailed in the photo below (this photo keeps uploading as low-res but the regulators are the OCC, the FRS, the FDIC, and OTS)
There is a lot of power attached to a CRA. If that power wants a CRA to continue, it will, especially if it is helping the economy. Beyond these federal agencies, CNN explains that the market can’t fix this either. “Markets can’t fix this because buyers choose between sellers, and sellers compete for buyers. In case you didn’t notice, you’re not Equifax’s customer. You’re its product.” (CNN, 2017). This hack was the result of millions of Americans valuable information, in which Equifax is in the business of ‘selling’ that valuable information. Our information is out there, and it’s only a matter of time (if not already) until it is completely exposed and stolen. The only solution is government involvement, but to the government this is not a big enough issue, or an issue that they need to take care of because it happens in data security a lot. Beyond that, so many people are choosing to complain to Equifax when the real entity that needs to step in is the government. Currently, though, there is not the proper data to support the government’s involvement in this hack and Equifax, and other CRAs will continue to “collect and sell our data [because] don’t need to keep it secure in order to maintain their market share. They don’t have to answer to us, their products” (CNN, 2017). Let’s continue to be weary of the information we share especially when it comes to CRAs. We never know what can happen.
https://www.economist.com/news/finance-and-economics/21728956-financial-industry-worries-about-who-next-big-data-breach-suffered
http://www.cnn.com/2017/09/11/opinions/dont-complain-to-equifax-demand-government-act-opinion-schneier/index.html