Equifax Must Pay

Credit monitoring company Equifax is now in the running for the worst handling of a data breach ever.

Not only did it potentially give up ready-made identity theft packages for more than half of all adult Americans, its response has been heartless verging on evil. The company should be prosecuted and severely financially damaged, but it's acting like it's above the law.

The Equifax breach involves "full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers." This is far worse than your usual name-and-email breach, or even name-email-and-password, because it gives thieves everything they need to open bank accounts, credit cards, and get loans in your name.

The data was accessed via a "US website application vulnerability." Let that sink in. A company with power over the financial destiny of most Americans—you cannot opt out of data collection if you want to participate easily in the modern American economy—let everyone's data be exposed through its public-facing website.

Equifax responded to the breach with supreme arrogance. After hiding it from the public for more than a month (giving the CFO a chance to sell stock), it directs people to a website where they have to enter the last six digits of their Social Security number to see if they've been pwned. Because, of course, right now you want to trust Equifax with your Social Security number. It then responds with a confusing message about signing you up for credit monitoring.

But oh, it only gets more sinister from there. Twitterer Zack Whittaker points out that even by checking to see if your info was stolen, you waive your rights to sue Equifax for their malfeasance, which has since caught the eye of regulators.

Equifax Must Be Punished

The government needs to come down on Equifax hard. The problem is that Equifax offers a privatized, quasi-government function. If you want to participate in the modern US economy, you're subject to the company's rating and arbitration. If you want to rent or buy a home, get a car loan or a cell phone plan, Equifax and its two interchangeable quasi-competitors get to decide your financial fate.

("Not so!" says one commenter, looking up from sewing his handmade clothes in his solar-paneled cabin which he paid for with cash. Okay, Mr. Unabomber, moving on.)

The Washington Post says analysts are "puzzled" by why Equifax is acting with such a tin ear. I'm not puzzled; the answer is impunity. When you feel like you have nothing to lose, like you're not under threat, you're going to do the absolute minimum in situations like this. That's what Equifax is doing.

We've seen these data breaches before, and we're going to see them again and again until companies are held accountable for their cyber-security practices. So far, no company has been prosecuted or fined for a data breach in any way that would actually hurt it. When Target settled for $18.7 million for a 2013 breach, well, that's about one hour of revenue for the company, given a 10-hour store day over a 365-day year. Adobe paid just $1 million for exposing 38 million people's records.

The four-year gap between Target's breach and its settlement shows another problem: justice must be swift here. We don't want four more years of identity theft before companies get around to taking data security seriously.

The Equifax breach is the worst ever, because it's a company we can't really choose not to use, and it's a company whose whole job is to hold our personal data for the financial system. If the government cracks down here, it'll send a message that corporations need to take cyber-security more seriously. If not, well, we just all better get used to having our identities regularly stolen.

About Our Expert

Sascha Segan

Former Lead Analyst, Mobile

My Experience

I'm that 5G guy. I've actually been here for every "G." I reviewed well over a thousand products during 18 years working full-time at PCMag.com, including every generation of the iPhone and the Samsung Galaxy S. I also wrote a weekly newsletter, Fully Mobilized, where I obsessed about phones and networks.

My Areas of Expertise

US and Canadian mobile networks
Mobile phones released in the US
iPads, Android tablets, and ebook readers
Mobile hotspots
Big data features such as Fastest Mobile Networks and Best Work-From-Home Cities

The Technology I Use

Being cross-platform is critical for someone in my position. In the US, the mobile world is split pretty cleanly between iOS and Android. So I think it's really important to have Apple, Android and Windows devices all in my daily orbit.

I use a Lenovo ThinkPad Carbon X1 for work and a 2021 Apple MacBook Pro for personal use. My current phone is a Samsung Galaxy S21 Ultra, although I'm probably going to move to an Android foldable. Most of my writing is either in Microsoft OneNote or a free notepad app called Notepad++. Number crunching, which I do often for those big data stories, is via Microsoft Excel, DataGrip for MySQL, and Tableau.

In terms of apps and cloud services, I use both Google Drive and Microsoft OneDrive heavily, although I also have iCloud because of the three Macs and three iPads in our house. I subscribe to way too many streaming services.

My primary tablet is a 12.9-inch, 2020-model Apple iPad Pro. When I want to read a book, I've got a 2018-model flat-front Amazon Kindle Paperwhite. My home smart speakers run Google Home, and I watch a TCL Roku TV. And Verizon Fios keeps me connected at home.

My first computer was an Atari 800 and my first cell phone was a Qualcomm Thin Phone. I still have very fond feelings about both of them.

Read the latest from Sascha Segan

Read full bio