Three Early Lessons From the Equifax Hack

InsideSources covers the Equifax breach and Jim Harper‘s response to it.

It’s been almost two weeks since Equifax reported the hack of 143 million consumer records. Already, we are getting a picture of how the public reacts to a breach of such proportions.

Equifax, one of the three major credit reporting agencies, stores a remarkable amount of information on individuals in a single place. A hack of a bank, retailer or credit card company, while serious, might involve only account numbers and names. As a literal storehouse of consumer credit data, Equifax records grouped names and addresses with associated dates of birth, Social Security numbers, bank accounts, credit accounts, loans and other personal financial information and histories. All that together makes the information a gold mine to identity thieves.

As the Competitive Enterprise Institute’s Jim Harper points out, the credit rating cartel of which Equifax is a part is the result of the 1970 Fair Credit Reporting Act. As products of regulation, Equifax and its fellow credit agencies only have to meet the requirements of the law, not the industry best practices, which have more than eclipsed the FCRA’s 45-year-old standards.

Over the decades, this has made the agencies complacent. While the hack may have been due to a vulnerability in software, a patch for that fault had been available for months. Equifax failed to keep up. Unfortunately, there might be very little Congress can do in way of penalty other than to shame the executives, whose response will be a litany of variations on “we complied with all regulations.”

Read the full article at InsideSources.