UPDATED 22:35 EDT / MARCH 01 2018

INFRA

Equifax reveals 2.4M additional records stolen in 2017 hack

Consumer credit reporting agency Equifax Inc. revealed Thursday that an additional 2.4 million people had their data stolen in their infamous 2017 hack — that is, on top of the 143 million consumer records it previously believed had been stolen.

In a statement, Equifax said that the additional 2.4 million stolen records were discovered as “a result of ongoing analysis of data stolen in last year’s cybersecurity incident … who were not in the previously identified affected population discussed in the company’s prior disclosures about the incident.” The data related to the additional 2.4 million is said to include names and partial driver’s license information, but “in the vast majority of cases” did not include consumers’ home addresses or their respective driver’s license states, dates of issuance or expiration dates.

On Friday, Equifax also said it expects to incur a net $200 million in costs from the overall breach, including costs of technology and data security upgrades, legal fees and free identity theft protection and credit monitoring it offered to affected consumers.

Veridium Ltd. chief technology officer John Callahan told SiliconANGLE that “as we thought, the Equifax breach was way worse than we all knew. When it comes to data breaches, few compare to the damage that has and likely will continue to come from information leaked. And yet it still seems that many people aren’t taking away the right message from this attack — if they’re taking one away at all.”

Callahan said that we may be reaching a tipping point in consumer awareness. “Eventually, consumers will reach their breaking point and realize they truly have no protection when they put trust and all our information in the hands of companies,” Callahan said. “The need to stop giving up privacy for convenience will be understood, and moving forward, they must change our mindset about data security from the foundation up. It’s time to take back control of their information.”

Richard Henderson, global security strategist at Absolute Software Corp., said he thinks the Equifax story will continue to get worse before it gets better. “Time and again we experience massive breaches where the hackers get away with troves of personal information and today we find out that an additional 2.4 million U.S. customers had partial information stolen — beyond all those that were already identified. A nightmare come true.”

And new rules are making action even more urgent. “With regulations like GDPR about to come into full force, and the likelihood of other nations fortifying their own data privacy regulations, time is of the essence when it comes to totally revamping how companies look at how they are storing and using consumer data,” Henderson noted. “This should be ringing alarm bells to every other corporation in the world, and they should be asking themselves this simple question: When organizations whose sole existence is collecting and managing the most intimate of personal data can’t truly determine the scope of an incident months and months after, are we certain we’re doing everything we can to protect our own customers’ data?”

Callahan said one interesting answer to the problem is “self-sovereign identities,” a closely related concept to the blockchain-based distributed identity management platform Microsoft Corp. said it was developing in February. This concept puts identity in the hands of a user rather than a third-party server somewhere, he explained.

“Through blockchain technologies, implementing self-sovereign identity could become real – creating an environment that offers privacy and transparency without the risk of large-scale breaches,” he said. “While data breaches might be inevitable now, innovative technologies like blockchain can help better manage identity and access control, creating an environment where, as consumers, we can guard our own identity.”

Image: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU