A nuclear bomb has been dropped onto the American financial system. The hack of the credit bureau Equifax has resulted in the social security numbers and personal information (address, bank info, date of birth etc) of a majority of working Americans being in the possession of hackers. The number of affected Americans is staggering. The population of the United States is approximately 320 million. Children do not have information at credit bureaus. The hack was of 143 million Americans. So if 50 million Americans don’t have information at credit bureaus then it means that more than 50% of all Americans had their information stolen. What this means is that half of all Americans personal information can now be bought on the dark web. This threat does not go away even if a consumer is confident that as of today no one has wrongfully used their personal information. Hackers can wait. They will file tax returns seeking refunds, they will steal identities, borrow money, get passports, and apply for credit cards. Once compromised the information can not be ever safe again.
The reality that this hack illustrates is that no American financial institution, and I repeat no financial institution that has this information is immune from being hacked. As time goes on the hackers only get stronger and the financial community simply is not equipped to stop these hacks. There is a belief that financial institutions have protected consumer’s information. This is simply false. Whether it is JP Morgan, Merrill Lynch, or consumer’s accountants ,the customers information is not safe.
This hack demonstrates that it is simply impossible using present security techniques to protect large data. In 2013 Equifax was seriously hacked. Equifax only learned the hack occurred when the social number, credit report and other personal information of celebrities and Michelle Obama were posted online. Equifax then increased its protections and here we are only 4 years later and the most serious consumer data breach in history occurs at the very firm the hack occurred in 2013.
To be clear the information was not supplied to Equifax by the consumer but by banks and other financial institutions. If the consumer requests a financial institution to not share this information the institution would ignore the request. The reason the hackers hit the credit bureau instead of a bank is simple: the information of many banks was in one place. It was not because banks are harder to hack. Is there a way for a consumer to protect their information? While it is not sufficient, it is a good idea for a consumer to put a freeze on their information with all the credit bureaus. That way in some cases when the information is used the consumer will be notified and be able to prevent the fraudulent act. However, this is not a complete solution. For example, tax refunds in a consumers name can be applied for or a false identity card or passport. The reality is clear. Consumer’s information is not safe from hackers with the out of date methods of data storage and data sharing American financial institutions use.