Could the Equifax hack been prevented by better security? - Sina Beaghley - RAND Corporation - Tuesday 12/12

Could the Equifax hack been prevented by better security?
Sina Beaghley
RAND Corporation
Tuesday 12/12

Have a dog?  Chances are, from time to time you may also have fleas.  That’s kinda how it is in the digital universe.  If you collect a lot of data, you will from time to time spring a leak, sometimes because someone has hacked into your data collection.  So, you patch the leak like you give your dog some flea powder, and life goes on.

That seemed to be the approach at the credit rating data collecting giant Equifax , until, they suffered something well beyond a leak… a full blowout that exposed the sensitive personal data of 145.5 million Americans, including social security numbers, names, home addresses, and driver’s license numbers.

That gets people’s attention, and so does this. The potential dollar value of the criminal activity this data breach could enable could run well into the billions; exploitation of this one info-theft could go on for a decade or more.

How could this happen?  The resigned CEO of Equifax, Rick Smith, says it was a single employee’s human error that opened the floodgates.  But other analysts say this was just one breach of several, and that the responses to other Equifax hacks have often been as inadequate as in the big case revealed in September.   Critics, including some from inside the company, say the security culture at Equifax didn’t take seriously the need to protect the intimate details of almost 150 million customers.

Another critic, Ira Rheingold of the National Association of Consumer Advocates said on HERE & THERE, that people whose records are held by Equifax aren’t customers at all.  They’re commodities, he said, whose interests aren’t served by Equifax but served up for big profits to banks and credit card companies, car dealers, and gas stations, everywhere your credit or credit card are put to use.

Equifax has proved it’s not too big to fail…but it may prove too big to discipline.  Equifax, Experian, Trans Union and Life Lock are just 4 big data collecting dogs, but they dominate the yard.  

Voices from both parties in Congress have been issuing angry denunciations, and an old bill to regulate data collection has been re-submitted.  Been there, seen that; but some new questions are being asked:

What does it mean that so much data, about so many Americans, is in the hands, or the digital vaults of so few corporations?  And how do the private sector databanks of the credit card companies and that of Facebook compare…and how much of what they know do they share with the US Government?

Digital data-processing gear keeps getting better…more info can be collected and stored and winnowed faster and more efficiently than ever.  No one can hold back that tide, because it produces so many benefits.  But can it be controlled, regulated? and if so, how?

READING ROOM

Sina Beaghley is a senior international/defense policy researcher at the RAND Corporation. She focuses on national security policy issues including counterterrorism, cyber, and surveillance and privacy. Prior to RAND, she served in the federal government for more than a decade where she most recently served as director for Intelligence and Information Security on the National Security Council (NSC). In that capacity, she coordinated the U.S. government review of intelligence capabilities and priorities in response to widespread 2013-2014 unauthorized disclosures, and provided recommendations to the President and National Security Advisor on foreign relations and intelligence posture and policy. Prior to that, Beaghley served as the chief for Near East and Africa planning at the National Counterterrorism Center (NCTC) where she directed the development of national-level counterterrorism plans. Beaghley holds an M.A. in international affairs from the George Washington University and a B.A. in political science and media communications from the University of San Diego.

https://www.rand.org/about/people/b/beaghley_sina.html

https://www.rand.org/blog/2017/10/equifax-and-the-data-breach-era.html

https://www.rand.org/pubs/research_reports/RR2008.html

https://www.rand.org/pubs/research_reports/RR1799.html

https://www.npr.org/2017/09/08/549549935/equifax-breach-exposes-personal-data-of-143-million-people

http://www.slate.com/articles/technology/future_tense/2017/09/victims_of_the_equifax_hack_that_used_the_website_may_not_necessarily_be.html

https://www.nytimes.com/2017/11/10/business/dealbook/equifax-cyberattack-earnings.html

https://www.nytimes.com/2017/11/09/business/equifax-data-breach.html

https://www.nbcnews.com/business/consumer/it-s-not-over-yet-how-identity-thieves-could-use-n804571

https://www.cnbc.com/2017/10/11/despite-equifax-breach-consumers-doing-little-to-guard-against-fraud.html

https://www.marketwatch.com/story/what-retirees-should-do-in-wake-of-equifax-data-breach-2017-09-18

https://www.cbsnews.com/news/equifax-data-breach-new-hack/

https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed

https://motherboard.vice.com/en_us/article/ne3bv7/equifax-breach-social-security-numbers-researcher-warning

https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.html

https://www.consumerreports.org/privacy/what-consumers-need-to-know-about-the-equifax-data-breach/

https://www.nytimes.com/2017/11/21/technology/uber-hack.html

 

TOP

Subscribe

Subscribe to insider notes from Dave Marash along with previews and cartoons of upcoming podcasts. You’ll be richer, taller, and if you don’t eat, thinner.

Donate

Here & There is kept afloat by wonderful sponsors and curious listeners like you. Your support is appreciated!

Connect

LOADING