Posted on 2017-09-18 by: Axel Kloth
Equifax collected everyone’s data, and in my option did so illegally. Not only that, they clearly had no clue that the data they held was valuable, and that any breach or intrusion had real-world consequences. The Chief Security Officer studied music. In other words, she had no scientific education whatsoever. She would have been utterly unable to conduct a risk assessment. How she became the CSO will always remain a mystery, but the consequences of her being appointed to that position are not. The Chief Information Officer holds a bachelors’ degree in Russian, and an MBA. Wow. A linguist with additional knowledge in business. As a Chief Information Officer. No scientific background here either. No computer science, no electronics engineering, no other degree that would qualify him for the job he held. Again, a complete mystery as to why Equifax thought that this person is qualified for the job he held, and why he was appointed into that role.
Equifax must be sued out of existence for those two failures alone. 143M data sets, and each one can cost the person affected by it $1M. In essence, Equifax must be sued for $143T (yes, trillion) to make sure that this practice ends, that SSNs are not used for ID, and that all of their competitors take this as a last note and message to keep that data safe (or destroy it altogether).
The not-so-funny thing is that I kept pointing out issues in my blog, namely on security, privacy and many other related issues. “More on Internet Security” on 2017-07-18 and “Protecting your privacy” on 2017-07-05 explicitly pointed out the risks on the SSN being used as an ID, and them being available in large databases with Internet access.