Slashdot Mirror

← Back to Stories (view on slashdot.org)

One Year After the Massive Equifax Data Breach, Pretty Much Nothing Has Changed (axios.com)

Posted by msmash on from the they-don't-really-care-about-us dept.

The Equifax data breach was supposed to change everything about cybersecurity regulation on Capitol Hill. A year ago, Equifax announced that 145.5 million U.S. adults had their social security numbers stolen in an easily preventable breach. If any data breach was going to be able to shock Washington into enacting sweeping privacy reforms, this should have been it. Axios: But that didn't happen: "The initial interest that was implied by congressional actions didn't pan out," said Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology (CDT). What was supposed to happen: After the first of several hearings involving Equifax, Sen. Chuck Grassley (R-Iowa), chair of the Judiciary Committee, said it was "long past time" for federal standards for how companies like Equifax secure data.

Data security wasn't the only anticipated reform. Congress appeared poised to create a national breach notification law governing how and how quickly companies must notify anybody whose personal information is stolen in a breach. Currently, to the chagrin of national retailers, those laws vary state to state. Several investigations were supposed to penalize the credit bureau for lax cybersecurity, including failing to patch the vulnerability hackers exploited despite government warnings. What actually happened: The bills petered out. Mick Mulvaney took over the Consumer Financial Protection Bureau in November and halted the bureau's investigation.

5 of 120 comments (clear)

  1. Change it! by Anonymous Coward · · Score: 1, Insightful

    I'd say we should appeal to Donald Trump to change this, but he kind of has his hands full.

    1. Re:Change it! by ShanghaiBill · · Score: 5, Insightful

      I'm pretty pissed off that Meuller is investigating Trump and not Equifax.

      In no way whatsoever are these alternative actions. Mueller would not be the right person to investigate Equifax anyway, since he doesn't grok technology.

      The Equifax fiasco is not hard to understand. Unqualified people were placed in positions of authority, they made stupid decisions, and there were no mechanisms for underlings with better understanding to raise alarms.

      But there are deeper systemic problems. Only in America do we rely on critical information being both secret and widely known. Mere knowledge of someone's SSN, DOB, and address should not be enough to clean out their bank account nor establish credit in their name. No other country has this problem. Until we fix our financial system, data breaches and identity theft will continue to be major problems.

    2. Re:Change it! by raymorris · · Score: 4, Insightful

      > In no way whatsoever are these alternative actions. ...
        > Unqualified people were placed in positions of authority, they made stupid decisions, and there were no mechanisms for underlings with better understanding to raise alarms.

      And the other situation is Equifax.

  2. Why should anything change? by CaptainDork · · Score: 4, Insightful

    There's no incentive, no motive.

    Customers are helpless to do anything about it so they just shrug and move on.

    Their shit is out there anyway, what with all the other goddam break-ins.

    In the spirit of, "too big to fail," Equifax is too big for their breaches.

    All your base are belong to us.

    --
    It little behooves the best of us to comment on the rest of us.
  3. No interest in consumer protection. by XXongo · · Score: 5, Insightful

    The last line of the summary says it all: "Mick Mulvaney took over the Consumer Financial Protection Bureau in November and halted the bureau's investigation."

    The current administration is not interested in consumer protection.

    They are on the side of business, not consumers.