Equifax lost data for 143 million Americans. It's being reported that:
The criminals had access to information that could allow them to create or take over accounts for many of the people impacted since they have names, addresses, birth dates, social security numbers and "in some cases" drivers license numbers.
Public outrage has been mostly focused on Equifax (and Transunion and Experian and another one or two smaller agencies) asking customers to sign up for more Equifax products like credit freezing and monitoring services. This is completely missing the point.
Credit freezing only helps (sometimes) when criminals attempt to open new lines of credit. However, the stolen information could allow them to pose credibly as owners of existing accounts as well.
The particularly infuriating thing is that none of us chooses to have a relationship with Equifax or any other credit agency. Every line of credit, utility, loan, mortgage, etc, all end up in the bowels of these companies. They each use proprietary algorithms to condense our worthiness into a single number. There are three major ones so that fluctuations in how they assess our credit can be averaged out, or a particular institution can pick their favorite one. Regardless, it's impossible to function in the modern world without being completely linked with them.
When there's a mistake in their data or their analysis is bad, we have almost no recourse. Serious mistakes are surprisingly common. Silly mistakes happen all the time. My wife ended up with a huge hit to her credit because a zombie $75 end-of-service bill came back to life and Qwest/CenturyLink couldn't figure out how to contact her so they sent it to collections. I ended up with a ridiculous alias in one service probably because some data entry person copied my name wrong from a form. And these are just our problems.
And now, a company we want nothing to do with but gets all our information has allowed a lot of core, correlated, information to get out into the wild. And we have no recourse. We have to figure out what accounts might be vulnerable if someone knows enough information about us, and Equifax can't even reliably tell us what information was, in fact, compromised. Someone opening new lines of credit in our names that we can monitor and get shut down seem to be the least of our worries. As usual, we have virtually no recourse. Equifax doesn't have enough money to pay for the likely damages from this hack.
It seems like every company needs to recognize that name, address, social security number, birth day is not secure and move to a better model of security for account access.
The criminals had access to information that could allow them to create or take over accounts for many of the people impacted since they have names, addresses, birth dates, social security numbers and "in some cases" drivers license numbers.
Public outrage has been mostly focused on Equifax (and Transunion and Experian and another one or two smaller agencies) asking customers to sign up for more Equifax products like credit freezing and monitoring services. This is completely missing the point.
Credit freezing only helps (sometimes) when criminals attempt to open new lines of credit. However, the stolen information could allow them to pose credibly as owners of existing accounts as well.
The particularly infuriating thing is that none of us chooses to have a relationship with Equifax or any other credit agency. Every line of credit, utility, loan, mortgage, etc, all end up in the bowels of these companies. They each use proprietary algorithms to condense our worthiness into a single number. There are three major ones so that fluctuations in how they assess our credit can be averaged out, or a particular institution can pick their favorite one. Regardless, it's impossible to function in the modern world without being completely linked with them.
When there's a mistake in their data or their analysis is bad, we have almost no recourse. Serious mistakes are surprisingly common. Silly mistakes happen all the time. My wife ended up with a huge hit to her credit because a zombie $75 end-of-service bill came back to life and Qwest/CenturyLink couldn't figure out how to contact her so they sent it to collections. I ended up with a ridiculous alias in one service probably because some data entry person copied my name wrong from a form. And these are just our problems.
And now, a company we want nothing to do with but gets all our information has allowed a lot of core, correlated, information to get out into the wild. And we have no recourse. We have to figure out what accounts might be vulnerable if someone knows enough information about us, and Equifax can't even reliably tell us what information was, in fact, compromised. Someone opening new lines of credit in our names that we can monitor and get shut down seem to be the least of our worries. As usual, we have virtually no recourse. Equifax doesn't have enough money to pay for the likely damages from this hack.
It seems like every company needs to recognize that name, address, social security number, birth day is not secure and move to a better model of security for account access.
No comments:
Post a Comment