An Equifax Breach Post-Mortem

Individual privacy is under fire at all times, but is a class action lawsuit the best way to go?  Is there more you can do for yourself?

 

By Sheila Dean 

 

At press time today, there was news of a group collecting those impacted in a class action lawsuit due to the Equifax breach.   Breach victims have cause to sue any negligent agency. The Equifax breach was particularly awful because they assumed protective responsibility for those in harms way of data breaches and information security threats.

Equifax has at least 2 major market lines for personal data evaluation and protection services.

  • B2B post-breach credit monitoring services
  • Individual marketed credit protection services

This means people impacted by existing market breaches were under watchful treatment by Equifax.  They also expanded this service to families and individuals who wanted to give themselves an extra measure of information protection.  Equifax proved neither insurance or information protection.  That is the basis for the class action lawsuit.

 

EQUIFAX, THE HONEY POT

In data security, when a collection of information is found vulnerable and valuable in high quantities, it is called a Honey Pot. Honey Pots attract thieves. Your information in the hands of a data holder or data processor is similar to that of a bank. Even if you don’t like making comparisons of your personal information as currency, others in the global markets already have designated it as such or there really wouldn’t be incentive to steal it. When people-as-data become money you get the Equifax breach. 

If a bank is robbed, you could blame the bank.  Most people don’t blame the bank because they know robbers will occasionally try to steal money because it is collected there. Banks do their best, but they assume that risk because they manage money.  When bank robberies became more prevalent, the FDIC assumed the bank’s risks, as a federal insurer, because it caused big problems.

In the case of Equifax, this company not only assumed duties of transactional watch for problems to alert security services, but assumed market intelligence offensives on the black market to alert security services.  They also assumed the security risks; which come in offering protective services from black market forces. 

The black market harboured by the Deep Web is driven by illegal uses of force; which has zero limits when it comes to darkness. What’s it like to provoke the dark web underworld? Open a crate of old world black metal, complete with epic irrational arbitrary waves of hate and marry it to transactional treatment of all forms of innocent and vulnerable humanity over several million terabytes of web space. It is unclean, evil and threatens the whole world with treachery.

Just understand Equifax provoked the dark web and they really didn’t have the security integrity in place to hold up against the WhoIs Dark Army du jour.  It didn’t take a genius to see it coming, but we still need recovery from all of this.

 

PAST RESPONSIBILITY IS PERSONAL RECOVERY

 

Yes, we can all sue Equifax, but will it restore the lifelong perils of living on a criminal’s radar? Probably not.  Government regulators move slow.  Government information protectorates move quicker, but it’s still far too slow to beat incoming threats.  

It is a good idea for US data processors to start thinking differently about the scope of physical security reaching consumers who do business with them from the information space.  People who collect data need to start thinking differently about personal data as well.  Perhaps they should reconsider making personal data a monetary unit.  Especially because of the people attached to that data.  Perhaps they should defer first to the Litecoin or US backed currencies because it has less direct link to personal harms in the exchanges.

If that is too big picture for short-term thinkers, let me ask the question: what’s wrong with regular money?  It’s not really quick, but it’s still transactional.  Can’t your battery of math geniuses and actuaries get together with some more technologists to get regular money to conduct at the same speed as data?  I know you can.  Treat money like money and less actual identities get stolen.

 

For the individual, stop spreading the wealth.  Pull your information out of transactional circulation. 

·      Carefully evaluate comprehensive identity protection services for the risks they are assuming in care of your personal information.  Are they insured?  Do they have risk response certification?  Do they have a business response in place to report to you in the event of breach catastrophe?  Can they give you the guarantees a bank would in exchange for your losses?  If not, don’t give them custody of your sensitive personal information.  They become a source of threats.

·      Stop accepting shopping benefits cards.  Don’t sign up for any more rewards or contests. 

·      Start closing those online and rewards accounts.

·      Ask for data removal and disposal from services hanging onto your credit card and consumer information.

·      Schedule to scrub your information from the web’s People Finder sites using services like Reputation.com and PrivacyMate.

·      Sign up for information security tutorials from reputable sources like the BBB, Consumer Reports and AARP.

 

Soon I hope you will soon tune out uninsured or poorly guaranteed information services the same way you tune out pharmaceutical ads; which sell a laundry list of side effects to ward off liability.  Rather than improving their product, so it produces less harm to consumers, they put out a risk-apology in the form of an advertisement.  It’s far easier to live with bonafide solutions rather than impoverished falsehoods.

We have to stop the convenience use case for identity-as-money.  Eventually, it will graduate to physical harm, because we will not have much, if any, control over rotten forces coming to attack us from the unseen world.  

When you live in a dangerous world, you accept more responsibility for your own protection.  You change your behaviour towards businesses and those around you.  Everyone has to move with the threat models impacting their lives. This includes a certain presumption someone has information about you they shouldn’t already.

Don’t be afraid.  Be prepared.