Watching the development and track of largest Atlantic hurricane to make landfall in the United States since 2004 has been eye-opening, to say the least.
As Hurricane Irmadeveloped into a Category 5 storm outside of the Caribbean Sea, it became clear that this major hurricane would bring devastation to areas of the Caribbean and likely make landfall in the Florida Keys and southern Florida.
With eyes on Hurricane Irma’s impending approach, however, news broke that Equifax suffered a massive data breach that exposed upwards of 143 million records. At first glance, a major hurricane and a massive data breach of a credit bureau are two very different events… but in reality, they exhibit a commonality that should give every company pause to evaluate the scope and impact of its data-protection policies.
Similar to Hurricane Irma, the Equifax breach is a major event. In addition to the breach of 143 million records (which would be substantial on its own), the fact that Equifax suffered the breach should make everyone shudder. Along with TransUnion and Experian, Equifax is one of the big three credit bureaus in the United States that capture and store the credit histories of most Americans. As such, Equifax regularly deals with highly personal information as part of its core function. It is axiomatic to think that Experian would employ some of the most stringent safeguards in the industry to protect such information in its possession. Although the mechanism for the breach is not yet completely clear, what isclear is that whatever processes were in place were not enough to stem either the breach or the scope of the breach. Moreover, the content of the records is equally troubling – Social Security numbers, birthdates, drivers’ license numbers as well as credit card numbers were exposed. This is not trivial – it is a treasure trove of information that can facilitate the identity theft of millions of people. Without question, this is a major hurricane of the data sort.