Too Big To Fail – Did the Equifax Breach Set a New Precedent for Consumer Data?
This fall Equifax, a consumer credit reporting agency, found itself in a detrimental scandal. Through a software flaw in Apache Struts, a tool used to support its online dispute portal, hackers were able to take control of the Equifax website. Access was gained to sensitive information such as users’ names, social security numbers, birth dates, addresses, and even driver’s licenses, compromising the security and identity of Equifax’s 145 million users. Months later, individuals are still suffering from the ramifications of this incident, fighting against identity theft as they try to repair their credit reports.
Citizens, as well as lawmakers, are scrutinizing Equifax for their failure to prevent this crisis. The company was aware of this flaw and its potential endangerment well before the hacking occurred, taking measures to identify and fix it. Obviously, this later proved to be insufficient as the hacking took place anyway. Only after suspicious activity was observed on their website did Equifax take the web application off the internet. Waiting more than a month to alert its customers and shareholders of the incident, Equifax researched what data was compromised, realizing a series of breaches took place from May 13 through July 30.
Now, lawmakers seek to hold Equifax accountable for their failure to protect data and consumer privacy, recognizing that this breach calls for drastic reform concerning how privacy laws are applied to consumerism. Senator Claire McCaskill is attempting to pass a bipartisan bill that would help prevent a crisis like this from happening in the future by giving consumers a better understanding and control over their credit reports.
Senator Elizabeth Warren has a similar stance on this issue, arguing that consumers should have greater control over access to their own data, instead of giving that power to the company itself. Many argue that this individual control should also allow the consumer to remove themselves from the credit grid if they so wish. Equifax has also worked on this reform, launching a new product after the breaches occurred that would allow consumers to lock and unlock their credit free of charge.
Though plans for reform are in place, Equifax has faced little economic or legal consequences for their actions, demonstrating the immense imbalance between corporate power and consumer power. During the worst of the breaches Equifax stock plummeted $23.7 million although in the months that followed their shares recovered many of the losses suffered. In addition, Wells Fargo dismissed the incident with Equifax, instead raising their outlook for the stock to outperform. Legally, as well as economically, consequences seem unlikely.
Since Equifax stands as one of the nation’s most prominent credit-reporting agencies, shutting this company down is considered to be too detrimental to the American financial system. Aside from the Federal Trade Commission and Consumer Financial Protection Bureau, no one is in a position to regulate or punish the company for their shortcomings. And having only undergone an investigation into the incident, the FTC has failed to deliver a remedy or legal response to Equifax’s harmful oversight.
One can only conclude that when your company is as big as Equifax, the cost in failing to protect the private information of 145 million American users is nothing compared to the damage these users face. Is this the price of living in the Digital Age? One can only wonder.
Zore Law provides legal services to entrepreneurs and emerging companies. Our experience in technology transactions, intellectual property, data security and privacy, business and other legal content areas provides our clients with front line knowledge and strategic counsel. Contact us at info@zorelaw.com.