The latest massive internet security breach here in the United States involves a credit ratings agency called Equifax.
1. On July 29, Equifax discovered that 143 million records of personal data (credit card numbers, social security numbers, dates of birth and first name, last name) were stolen.
2. Equifax waited six weeks to publish this information. (By the way, it seems that their Apache web server software was to blame. A patch had been issued in March for a vulnerability, but the patch was not applied).
3. The emergency-information website that they then had set up, looks like the site that a scammer would use to get one’s social security information. Oh boy.
4. The stolen information could be used MANY YEARS from now by criminals to get credit cards, tax refunds, commit Medicare fraud – who even knows what else.
5. Three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered the breach.
Some observers say this could finally bring to an end the ubiquitous use of social security numbers as a personal identification number in the United States. (It was never intended to be used for that; only for citizens to record and obtain their social security benefits). I already try to keep a sharp eye on my credit card transactions, but feel I now have to figure out if I need to put a credit freeze on my accounts at the three credit ratings agencies. A credit freeze is the nuclear option for protection, but also blocks anyone to access one’s credit history. So for new credit, or a new job, or signing an apartment lease or a buying a new car with financing, one would have to lift the freeze, which takes time and money. But surely that is far less of a convenience than getting one’s identity stolen?