A Year After Equifax Breach: What We've Learned
We've learned nothing apparently.
Looking back at the massive breach of Equifax Inc. in September of 2017, when the personal information of 143 million people, mostly in the United States, was leaked, we've seen that number climb to 148 million into 2018.
It seems like with a breach of that magnitude, heads would roll. Uh, yeahhhhh, not so much…
Not only did no one worth noting get fired for the breach, at least publicly, the companies shares have all but recovered and will probably post a record annual profit next year. Not only did their CEO not get fined, fired, or face any reprimands, he was able to retired, collecting his 410k, which was probably through the roof. Again, no one was fired, but I'm guessing they were asked to retire. My assumption is the only firing that happened was to the one, single IT technician on which they blamed the hack after they failed to install the patch (a patch is finding a vulnerability in a system and fixing it, so it is no longer problematic). The only other known employees that have been fired for anything even related to the breach were employees arrested for insider trading, when they sold stock after the company knew about the breach but before the shareholders were informed. Sudhakar Reddy Bonthu, a software manager, was one of them, when he traded on the information he received while creating a website for consumers affected by the attack.
When stocks began to fall from $141.59 on September 1st, down to $92.98 a share on the 15th of September, it seemed like Equifax was at its all-time low. Now, we see the Equifax stock closing in on $140/share, which is only $5/share off of its all-time high, when it was $145.09 not long before the breach was disclosed.
So maybe we haven't learned much from Equifax, but have we learned anything as the human cog in this technical wheel? Short term? Absolutely. After the Equifax breach, there was a huge backlash by users and anger over the way the breach was approached and disclosed. However, looking back, it was short-lived. "Equifax," although now becoming near synonymous with "breach" is rebounding perfectly fine.
The important take-away is how we as people and users operate on a day-to-day basis. Do you use one password for everything? Does it just meet the minimum requirements for password strength, or does it exceed them? Are you using numbers and symbols in combination with a word that isn't related to you? These are the things we need to learn from breaches. I do understand that some things are impossible to protect against, like the Equifax breach. Whether your personal information was involved or not, no amount of password protection was going to protect you from that breach. So as far as Equifax-esque breaches go, just be weary about your personal information.
Don't just sign up for random things online, don't use your full, real name unless required, password strength is key.
There are some resources out there to see if you or you’re email has been involved in any data breaches or leaks. It is called Have I Been Pwned. It’s a good resource that I highly recommend checking out. It is one of the reasons I got a new email account some time ago. I have one email to which I get all of the coupons and other garbage sent, and then I have a different one that only people very close to me have. It is also the email I use for things like online banking or Amazon. It is also good to frequently change your password. Try your best to think of something complex that combines letters, numbers, and symbols. I took roughly a week to come up with my most recent one. It is well over eight characters, in fact, I think its over fifteen. Regardless, try to change passwords often. If you have issues remembering passwords, there are things like iCloud Keychain or 1Password that many people like and trust.