After Equifax, We Need Action From Congress On Data Security

Sep 12, 2017

Commentary: The Equifax data breach that released intimate personal and financial details of 143 million Americans resulted from criminal negligence.  The flaw in the Apache Struts software that allowed hackers in for over two months has been known since March, and the IT managers at Equifax failed to fix it, even knowing the tremendous risk it posed. 

Our legislators, our attorneys general in all the states, must force Equifax to provide free weekly credit checks to all of us who have been affected. They must also provide for Equifax to fail, giving way to a new company. 

Why a new company, not just leaving the other two credit bureaus, Experian and TransUnion?  Well, some in government argue that we must maintain competition among the bureaus; Equifax is too big to fail. 

Does that sound familiar...and outrageous?  Damage one life, physically or financially, and you go to jail.  Damage millions?  You go scot-free. 

I don’t  see the end of the story of Equifax, but I look at an increasingly likely end story of electronic data: it will all be breached, by malfeasance or criminal hacking.  Web security is full of holes. Recall how simple DVRs and webcams got turned into the botnet that created the biggest denial-of-service attack in history. When all of our identities are up for identity theft, How do we rebuild? 

Answers, Equifax?  Answers, our legislators?  We’re waiting.