Credit reporting company Equifax Inc. stated on March 1 that 2.4 million additional citizens had personal information stolen from them due to last year’s breach—however, not as much data and information was taken from these individuals. According to the credit reporting company, only the names and partial driver’s license numbers of these 2.4 million people were stolen. However, the state where their licenses were issued along with the date of issuance and expiration were not. Last year, 145.5 million Americans had their Social Security numbers compromised by the attackers.
According to the LA Times, this attack on Equifax, which affected around 147.9 million Americans in total, is the largest data breach of personal information in history.
The explanation for the late discovery of these additional victims is due to the company’s original focus on those whose Social Security numbers were stolen. That information is more vital to the security of one’s identity, more so than driver’s license numbers.
After the breach was first discovered last year, Equifax’s Chief Executive Richard Smith was sent to Capitol Hill to answer questions regarding its mistakes that led to this security failure. Smith had already resigned and accepted responsibility by this time.
Senator Elizabeth Warren (D-Mass.) conducted an investigation into this breach and concluded in February that the company failed to keep its company systems and security up to date. Furthermore, she concluded that they were not as transparent as they could have been in revealing details of the damage that was done.
Warren stated on Thursday, “I spent five months investigating the Equifax breach and found the company failed to disclose the full extent of the hack. Enough is enough. We have to start holding the credit reporting industry accountable.”
According to Warren, the company may be profiting off this breach. In an interview with Marketplace, she stated, “Equifax may actually make money off this breach because it sells all these credit-protection devices, and even consumers who say, ‘Hey, I’m never doing business with Equifax again’—well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back-office part. So Equifax is making money off their own breach.”
House Representative Ted Lieu tweeted on March 1, “Today I introduced two bills to address data breaches by credit reporting agencies. On the same day, Equifax disclosed an additional 2.4 million account breaches.”
Lieu’s bills are intended to “protect consumers by safeguarding their data and ensuring victims of data breaches can hold companies accountable in court.” The first bill, entitled the “Protecting Consumer Information Act of 2018,” will “expand the Federal Trade Commission’s enforcement authority over credit reporting agencies.” The other bill, entitled the “Ending Forced Arbitration for Victims of Data Breaches Act,” will “prohibit entities from enacting arbitration clauses for suits related to a data breach, and empowers the FTC, State Attorneys General and citizens to have their day in court.”
House Representative Greg Walden stated on Thursday that “despite repeated requests for documents from Equifax as a part of the committee’s investigation, Equifax has provided only partial responses,” according to the LA Times. Walden is the Republican leader of the House Energy and Commerce Committee. It has yet to be seen how effective the previously mentioned measures will be in preventing this kind of widespread data breach.
Alex Shakhazizian is a fourth-year student majoring in political science with a minor in journalism. ✉ AS823512@wcupa.edu.