Lessons to learn from the Equifax data breach

In 2017, the Equifax data breach was experienced as one of the most damaging data breaches in history. Cybercriminals accessed a massive trove of data on 148 million Americans that contained personally-identifying information, including 209,000 credit card numbers.

a hacker violation privacy acts causing a privacy lawsuit at equifax data breach

The full impact of the Equifax data breach is still being calculated. Its massive scope highlights ways in which credit reporting agencies and other third parties use our personal data—and the threat that poses to every American.

Understanding the breach

As companies have leaned into the technology that has helped them achieve their business goals, they haven’t always been as diligent with cybersecurity as they should have been.

Prior to the breach, Equifax had already conducted an internal audit that showed its network was vulnerable. The first Equifax data breach occurred in 2016, resulting in the leak of more than 430,000 names, addresses, social security numbers, and other types of information.

Still, when cybercriminals gained access to Equifax’s data in 2017, many of its cybersecurity systems were out of date. That allowed the hackers to maintain access from May to June of 2017—the second Equifax data breach—without being detected.

The constitutional right to privacy

Companies that collect personally identifying information have an obligation under the US Constitution to safeguard that data effectively. Although there is no specific “rights to privacy amendment,” you call the Bill of Rights the “rights to privacy constitution.” In general, courts and legal scholars agree.

Legal right to privacy

The most significant law that protects our right to privacy is the Privacy Act of 1974, which has been updated periodically to address changes in the information marketplace. In essence, the law enshrines individuals’ right to privacy and establishes duties that companies have when they collect, use, or share personal information.

Based on the Privacy Act’s protections, the FTC has published best practices for businesses when they’re in possession of consumer information.

  • Take stock—know what information you have
  • Scale down—keep only what you need
  • Lock it—keep it protected from cybercriminals
  • Pitch it—properly dispose of information when it’s no longer needed
  • Plan ahead—create a plan to respond to security incidents.

What we can learn from the Equifax data breach

Unfortunately, the biggest lesson of the Equifax breach is that it can happen anytime. Cybercrime is a multibillion-dollar business, and even businesses with highly sophisticated data security run the risk of being breached.

Knowing this, though, consumers can take steps to protect themselves. Some recommendations include:

  • Pay with an app (PayPal or Apple Pay) instead of a credit card
  • Use a signature instead of a PIN to identify yourself at the point of sale
  • Avoid scam emails related to data breaches (and everything else)
  • Study your statements to make sure there aren’t suspicious charges
  • Use cash whenever possible

The Equifax data breach settlement

Given the damage done to consumers by the Equifax data breach, the company agreed to a settlement of up to $425 million to help people who had experienced fraud or identity theft.

The initial deadline to file claims was January 22, 2020. However, if you discover misuse of your personal information you can still get free identity restoration services even if you didn’t file a claim for other benefits.

If you’ve been impacted by a data breach, including the Equifax data breach, and need help to access benefits, contact Napoli Shkolnik today for a free consultation.