Three lessons from Equifax for greater online security

Equifax leaks its business model

The hacking of Equifax and the subsequent leaking of private data on an estimated 143 million people has created a furor that reaches from top governmental levels down to the little guys worried that their data is being distributed and misused all over the internet.

There are big reasons to be concerned

Equifax is not just a company with a lot of consumer data. They ARE data. As one of the big three credit rating agencies in the United States, their business model is to collect a myriad of personal and financial data on about everything – and to reformat this into reports and resell it. The Equifax haystack of data contains much more than titillating information contained in other notable leaks such as Ashley Madison.

Here is what Equifax says in their own words about credit reports and where the information comes from:

Your credit report contains a wealth of information that is used by lenders to assess your risk as a borrower.
It includes information about your credit accounts – such as the type of account, the date it was opened, your credit limit or loan amount, your account balance, and payment history – as well as any public records or collections that are in your name.

Credit reporting agencies are the lubricant of the modern consumer economy – informing both borrowers and lenders about the risks and the costs of nonpayment. Not only does this leak create a huge mess impacting millions, it also throws a lot of sand into the gears of commerce. These reports are critical for people trying to get loans and credits. The data that goes into these reports – along with personal ID numbers – are absolute gold in the hands of cybercriminals, intrusive governments, and more.

Looking beyond the furor

Equifax has gotten uniformly negative comments for its incoherent and inconsistent responses. The internet is also full of confusing reports about what people can or should do if they think they have been directly hit by this leak.

The larger debate question is whether a profit-maximizing company should even have access to this much private data. Is Equifax a public utility? Is it time for the government to take a firmer regulatory step? Bruce Schneier, security guru, author, and CTO at IBM Resilient, and an EFF board member stated in his blog:

If you don’t like how careless Equifax was with your data, don’t waste your breath complaining to Equifax. Complain to your government.

Three (indirect) things you can do about it

There are a few steps you can take to help keep an Equifax event happening to you on a personal device level:

  1. Close the window. While you can’t prevent all of the data collection that companies like Equifax do, you CAN close the window on many other trackers. To shut out trackers, use an adblocker such as the one in our Browser Safety extensions.
  2. Stay updated. It seems that Equifax opened the door to hackers by not staying fully updated. Keep your collection of devices up to date with the free Avira Software Updater.
  3. Change that password. Researchers have discovered that an Equifax password protecting customer details in one country was a simple “admin/admin.” That is bad for big companies and it is also bad for you. Change that password please and, better yet, get a password manager to help you do this more easily.
As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.