The stock price of consumer credit reporting agency Equifax has dropped by nearly 14 percent after announcing Sept. 7 that hackers had gained access to the personal information of up to 143 million Americans. This included 209,000 credit card numbers and unspecified amounts of driver’s license numbers, full names, birthdates and social security numbers.
While it is not the largest data breach of the decade, the Equifax hack is especially concerning for consumers because of the sensitivity of the data stolen.
It is apparent that further measures must be taken to ensure that a consumer’s personal information is not compromised further or otherwise used maliciously, whether such actions come from governmental, cybersecurity or private sectors.
In compensation, the company is offering a year of free credit reporting to those affected by the hack and is allowing them to freeze any further Equifax reports. There is further skepticism, however, about checking to see if personal data was compromised by using the website the company has provided, which requires users to enter their last names and partial social security numbers.
The events are further complicated by the fact that Equifax waited six weeks before disclosing any information about the hack to the public.
Three company executives, including Equifax CFO John Gamble, sold nearly $1.8 million worth of company shares prior to the public announcement. The company has claimed, however, that Gamble and two other executives who sold shares were not aware of the data breach when they cashed in.
Equifax also stated in a press release Sunday that it has waived the arbitration clause in its user agreement that would have otherwise protected them from any class action suit.
One solution to these cybersecurity issues is to allow the Federal Trade Commission or Consumer Financial Protection Bureau to put federal regulations into place that dictate how personal data can be stored, shared and collected, as well as how the public should be informed if a security breach does occur.
Others, however, are hesitant to give the government any power to control such aspects of the information sector.
Still, part of the function of government is to protect its citizens from potential sources of harm. The FBI, CIA, FDA and military all exist at least partially for this reason. But consumers do have an equal obligation to make informed choices about who they are sharing their personal information with. The common sentiment of the free market is simply to "let the buyer beware."
Legislation was recently passed in Europe that will require companies to disclose potential breaches to the public within 72 hours of their detection. Only eight U.S. states — Indiana not among them — have similar laws in place, with disclosure deadlines usual falling somewhere between 30 and 90 days.
Failure to comply with such regulations can result in audits from various agencies, but these are laughably weak punishments to companies like Equifax who control vast swathes of their respective markets and bring in billions of dollars in revenue each year.
“This isn’t just about Equifax,” writes Farhad Manjoo in a recent New York Times article. “We live in the age of Big Data. We have allowed, mostly passively, the emergence of huge and exquisitely detailed databases full of information about all of us.” Now, we are facing the consequences.
The Editorial Board has no doubt that this is not the last time that personal information will fall into the wrong hands, but we hope that the government and companies themselves will take further action to protect the data of our nation.