Equifax’s Massive ID Theft Is a Reminder That Firms Need Incentives to Keep Data Safe

Right now, half of America may as well post its personal details online for all to see. That’s because, as the Associated Press reports, the credit monitoring firm Equifax has suffered a huge data breach that saw names, social security numbers, birth dates, and addresses of 143 million Americans stolen by hackers.

It’s a huge amount of user data to be compromised, and will massively damage the reputation of the company. Even more frustrating for most people is the fact that Equifax identified the attack on July 29, but only published details of it on Thursday.

So far, the company has yet to explain the delay, though it's come to light that some of its execs sold their shares in the firm during the intervening period. Nevertheless, consumers will be concerned about what may have been done with their data in the meantime. (If you’re worried, Wired has a good explanation of what you should do to cover your back.)

Somewhat ironically, as the Financial Times points out (paywall), facing competition in the credit monitoring market, Equifax recently pivoted to specializing in ... fraud prevention and identity management, and selling advice on how to manage data breaches. Clearly, that pivot hadn’t yet resulted in beefing up its own security.

The news serves as a reminder that, as we've explained before, new ways must be found to make companies up their security games. Currently, the cyber defenses of many organizations are lacking and they’re slow to respond to known vulnerabilities, but new kinds of incentives could make corporations work harder to keep our data safe.