Major credit reporting agency breached revealing the sensitive data of over 143 million people including 44 million UK citizens.
The major news of the past few days has so far been that the global credit report agency Equifax was breached, with over 143 million people reported to have been affected.
While the necessary authorities investigate the breach, it is understood that hackers gained access, between May and July, to private, sensitive customer information which included names, social security numbers, dates of births, addresses and driving licenses. The result of the attack has left millions extremely vulnerable to identity theft, especially if said information found its way onto the Dark Web.
Furthermore, Equifax has stated that intruders had accessed files containing credit card numbers for roughly 209,000 US Consumers as well as “certain dispute documents with personal identifying information for a further 182,000.”
The Equifax attack is thought to have been one of the largest ever reported in the US with Equifax chief executive Richard Smith saying he was “disappointed” wished to “apologize to consumers and business customers for the concern and frustration” caused.
Apologizing is not enough when companies are in control of valuable PII (Personally Identifiable Information) and when that data gets leaked, it’s the last thing customers want to hear. Instead they want answers. Why was their data made available? Where the best security measures in place?
Protecting PII should be the number one priority for any organization. Customers, when using your services, are counting on that the information they provide will be secured to the best of the enterprises capabilities.
This is where companies, like Equifax, have failed. Whether the data is stored in house or externally on the cloud, encryption should be the method of choice for data security.
A tiny consolation could be found in that this breach did not occur under GDPR. With an estimated 44 million UK citizens affected, Equifax would have incurred heavy penalties for failure to comply to the legislation.
If for example, Equifax had encrypted the data and had secure control over the encryption keys, even if the hackers stole the data, it would still have been protected. They would have also avoided any fines under GDPR.
Adopting a secure solution that encrypts all data should be the plan of action for any business looking to save their reputation, money, and most of all, their data.