breaking news

Study: Common household chore as damaging as smoking 20 cigarettes daily

OPINION: It’s time we penalize, not reward, corporate negligence

Does the number 143 million sound familiar? It’s the number of American consumers whose personal and financial data were initially presumed stolen during a months-long data breach at Equifax, one of the three largest credit monitoring firms in the United States. It’s nearly half of all Americans, whose personal data are now thought to be compromised.

What does all of this mean to all of us? Just this: The information stolen was what many companies use to verify customer identities. If your information was involved, you might one day find your bank or brokerage accounts hacked, your debit card drained, your credit cards billed for fraudulent purchases, your credit rating trashed.

By being in the business of tracking the data of millions of people, Equifax and similar firms would seem ethically and legally obliged to safeguard that sensitive information by all reasonable means. That the intrusion shouldn’t have happened is clear, but that it would have happened eventually was just a matter of time — unless it was preventable.

Was it? Let’s look at Equifax’s own timeline, from reported sources:

Early March, 2017: U.S. Computer Emergency Readiness Team identified and disclosed a vulnerability in software supporting Equifax’s online dispute portal. Equifax Security was aware of the vulnerability at the time, and “took efforts to identify and patch any vulnerable systems.”

May 13 to July 30: Equifax “cybersecurity incident” occurred.

July 29: Equifax Security observed suspicious network traffic, and blocked it.

July 30: Equifax Security observed more suspicious activity, and took the affected application offline. Equifax identified a vulnerability in the application, and patched it before bringing it back online.

Aug. 2: Equifax contracted independent cybersecurity firm Mandiant to determine the extent of the intrusion. Over several weeks, Mandiant found the potentially compromised personal information included names, Social Security numbers, birthdates, addresses, and driver’s license numbers of millions of U.S. consumers, plus credit card numbers and other documentation for between 280,000 and 400,000 U.S. consumers.

Sept. 7: Over a month later, Equifax publicly acknowledged the data breach.

Sept. 15: Equifax released these details on the cybersecurity incident, and announced the retirements of its chief information and chief security officers.

Sept. 26: Equifax CEO Richard Smith retired.

What the Equifax release does not mention is a Reuters news report that a patch for the portal vulnerability was available in March, well before the attack, yet no decision was made to apply the patch as a routine preventive measure. Indeed, it wasn’t until two and a half months into the attack that Equifax finally remedied the vulnerability after-the-fact.

Considering this, perhaps it’s time to declare an emergency recall of golden parachutes pending an independent investigation, maybe one or more criminal negligence indictments, and Equifax’s unqualified acceptance of all responsibility, effort, and cost to restore the personal security of every one of those millions of affected individuals. Some might consider this an unfair burden on Equifax. But many more, I think, would agree it’s a reasonable expectation for all companies that collect and store personal data.

S.A. Joyce is one of our regular community contributors.

Reader Comments ...

Next Up in Opinion

Opinion: Mass killers should be denied notoriety they crave

An orgy of mutual disgust now greets every mass shooting in America. Liberals despise conservatives who, they predict, will offer only insipid “thoughts and prayers” in the face of what they conceive to be preventable massacres. Conservatives scorn liberals who, they believe, will propose “feel-good” gun measures that would...
Opinion: Infrastructure spending won’t transform America

“MASON CITY. To get there you follow Highway 58, going northeast out of the city, and it is a good highway and new.” — Robert Penn Warren, “All the King’s Men” (1946) WASHINGTON — Appropriately, Warren began the best book about American populism, his novel based on Huey Long’s Louisiana career, with a...
OPINION: History-making or not engaging? Readers on Obama portraits
OPINION: History-making or not engaging? Readers on Obama portraits

IN THE EYE OF THE BEHOLDER Paintings rarely stir up much controvery or heated discussion these days, so it was pretty interesting to hear the animated chatter that greeted Tuesday’s unveiling of the official portraits of former President Barack Obama and First Lady Michelle Obama that will hang in theSmithsonian’s National Portrait Gallery...
PERSPECTIVE: An Olympic reminder of parenting’s challenges

I don’t know about you, but I love the Olympics. Watching athletes perform after lifelong commitment is inspiring. Each of these amazing competitors has a story filled with years of preparation, hard work and unyielding perseverance. Most often, family support is paramount. I was watching an interview with Chloe Kim, the American gold medalist...
Gail Collins: Who’s President Trump’s worst minion?
Gail Collins: Who’s President Trump’s worst minion?

Does every terrible employee in America work for the Trump White House? O.K., probably not. Donald Trump didn’t hire the guy who told Hawaiians they were about to be hit by a ballistic missile. Or the airline representative who was accused of pressing a passenger to flush her hamster down the toilet. But for overall ineptitude and ability to...
More Stories