Will the Equifax breach finally crystallize nationwide US data protection?

The scale of the breach reported at Equifax this week, and the fact that it occurred at one of the major credit reporting organizations, makes this incident a major event. US Senator Mark Warner (D-VA), a founder of the bipartisan Senate Cybersecurity Caucus, characterized the breach as affecting 'the Social Security Numbers, birth dates, addresses and credit card numbers of nearly half the US population.'

Warner went on to say that the breach 'raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans.'

High time. How regulators have allowed this situation to persist for this long is utterly baffling. At a time when many enterprises are scrambling to become compliant with more stringent data protection requirements outside the US, such as GDPR, the US seems positively backward in its approach – embarrassingly so when it comes to the PII handled by credit reporting firms, which may not always invest in data security in proportion to the money they make from some of the most sensitive personal information there is.

This is just one of many aspects of this incident we will be keeping an eye on. We will continue to follow this story as it unfolds.

Scott Crawford

Research Director


Information Security

All / Security / General

New Alert Set

"My Alert"

Failed to Set Alert

"My Alert"