One Year After the Massive Equifax Data Breach, Pretty Much Nothing Has Changed

The Equifax data breach was supposed to change everything about cybersecurity regulation on Capitol Hill. A year ago, Equifax announced that 145.5 million U.S. adults had their social security numbers stolen in an easily preventable breach. If any data breach was going to be able to shock Washington into enacting sweeping privacy reforms, this should have been it. Axios: But that didn't happen: "The initial interest that was implied by congressional actions didn't pan out," said Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology (CDT). What was supposed to happen: After the first of several hearings involving Equifax, Sen. Chuck Grassley (R-Iowa), chair of the Judiciary Committee, said it was "long past time" for federal standards for how companies like Equifax secure data.

Data security wasn't the only anticipated reform. Congress appeared poised to create a national breach notification law governing how and how quickly companies must notify anybody whose personal information is stolen in a breach. Currently, to the chagrin of national retailers, those laws vary state to state. Several investigations were supposed to penalize the credit bureau for lax cybersecurity, including failing to patch the vulnerability hackers exploited despite government warnings. What actually happened: The bills petered out. Mick Mulvaney took over the Consumer Financial Protection Bureau in November and halted the bureau's investigation.

Nope

[AlanBDee]

Politically, nothing happened. But a lot of people locked their credit score. I'm sure credit card companies are now asking for more information to prove your identity to open a new card. People's ssn, date of birth, and drivers license can no longer be trusted as a form of identification for anything. I also had so many friends and family ask what they should do, which opened the door for me to introduce them to things like LastPass, Yubikey, and other security.

And when the whole debate about voting machines came up, one word shut most people up: Equifax.

Re:headline

[wwphx]

I've been mulling over the lack of an armageddon since the breech happened. I'm not a conspiracy theory kind of guy, but my personal conclusion is that it was done by a state actor, and that actor was China. My suspicion is they hoovered Equifax because the exploit made them vulnerable and in doing so it gave China access to a treasure trove of information not just on pretty much every American, but a specific subset: every American working for the U.S. government. Every CIA agent, every NSA agent, in addition to every head of industry, every computer chip researcher. Anyone who might be of interest. At first I thought it might have been theft for stealing medical insurance coverage, but not only did that not happen, but nothing happened. It was such a huge haul of information that no criminal org capable of stealing that amount of info is going to sit on it - they need/want to monetize it for their efforts, but a government who wanted it for different purposes could.