The private data of 143 million Equifax “customers” is now accessible for obtain. Have little doubt: This means you will be hacked. This means your SIM card could be spoofed. This means somebody will attempt to get into your e-mail and on-line accounts. This means somebody will attempt to open a bank card in your identify. This crass, callow, and lazy therapy of our digital information can not stand. Equifax – and each firm that dumps information like an airplane bathroom dumps chunks of frozen urine – should face a reckoning.
First, we can not permit our most treasured information to be accessible by way of the final 4 digits of our social safety quantity. Any new firm that does this ought to be shut down. Once I inform a customer support consultant the final 4 digits of my SSN – I simply did it a second in the past with an insurance coverage firm and it sprang open my private information like an affordable padlock – I’ve misplaced all safety. That CSR can use my information. Someone can overhear my weak PIN. What’s worse, I take advantage of that PIN in every single place. Entering my SSN right into a random type subject on some well-meaning website means I’ve basically written the password to most of my private information on a busy freeway overpass. These locations are that insecure.
We should look exterior the US for management. Estonia, for instance, has already launched a variety of options to this drawback together with a cryptographically safe ID card. This card connects to our computer systems and unlocks our information. Without it nobody can entry our information. An even simpler answer might embody government-provided 2-factor ID generator. These are low cost and transportable and rugged and far safer than any static quantity. Further, we should additionally outlaw SMS two-factor authentication. In reality, thanks to the information stolen from Equifax, that course of could be simply damaged by (you guessed it) telling a CSR the final 4 digits of our Social Security Number.
Ultimately we should maintain these firms accountable. Target loses your information? Don’t store at Target. Trump Hotels dumps your bank cards for the third time in two years? Maybe AirBnB is for you. Equifax dumps your social safety quantity? Don’t rely on their information to your merchandise.
We should create new, safe strategies for cryptographically securing our information. We should make it so hacker with a quick connection and information of the tar command can not drag our information off of a safe server.
Equifax, for its half, has all however given up. Their safety website – a website the place you kind within the final six digits of your SSN and your final identify to see for those who’ve been hacked – appears to be down and/or attacked by phishing scammers. This sort of technical incompetence is disgusting.
Mistakes occur. Unfortunately, they have an inclination to matter extra on the very organizations the place time, ineptitude, and complacence have decreased information safety to a tertiary concern, properly underneath “deciding what’s for lunch” and “increasing shareholder value.” These outdated organizations – Equifax was based in 1899 and hasn’t modified a lot since inception – should die, to get replaced by options that (and I shudder to say this) blockchain-based. I shudder as a result of I do know that the hazards to our information are much more expansive if we hand them over to the cryptoratii however, in the end, this have to be the way in which we go.
There is precedent for this form of technological shift. Twenty years in the past for those who informed a CTO that she would at some point decide a homegrown working system stuffed with bugs and spaghetti code over Microsoft she would have laughed you out of the workplace. “No one gets fired for buying Microsoft,” was the outdated saying. Now for those who beneficial a Windows set up over spinning up just a few Ubuntu cases on Heroku you’d be thought of a madman.
In quick, it’s time for many who are careless massive information to die. It’s up to you, the entrepreneur, to provide true and viable alternate options. Because shedding your private information is terrible the primary time however when it occurs once more and once more there has to be a greater method.
“There’s an old saying in Tennessee,” a smart man as soon as mentioned. “Fool me once, shame on you. Fool me [twice] you can’t get fooled again.”
I, for one, am accomplished getting fooled.