Another Day, Another Breach
Have we reached the point where Americans react to data breaches with a yawn? Given the constant stream of new attacks and the staggering number of accounts involved, that's an understandable reaction.
The sportswear retailer Adidas recently joined the list of companies successfully attacked by hackers. The size of the data breach isn't fully determined as of this writing, but an Adidas spokesperson estimated that "a few million" consumers who purchased products through the company's U.S. website could be affected.
So far, the breach involves contact information and usernames, along with encrypted passwords – but not credit card information or any personal information regarding health and fitness.
Adidas joins a long list of corporations hit by data breaches over the last few years, including Delta Air Lines, Sears, Boeing, Under Armour, Panera Bread, Hudson's Bay Company, and Best Buy. Hackers have even stolen data from the IRS and the credit bureau Equifax.
Under these circumstances, why would anyone expect their data to be totally secure?
Regulators to Equifax: You're Not Done Yet
Equifax stands out as a particularly egregious breach. Most hacks affect individual businesses and retailers, limiting the damage to consumers who shop there (or, in some cases, work there). By definition, Equifax collects data on every consumer with a credit file. You can choose to avoid certain retailers, but unless you reject credit completely, you can't avoid Equifax or the other major credit bureaus (Experian and TransUnion).
As a comprehensive database, Equifax must be held to a higher standard for data security. They failed in the previous data breach, exposing the data of almost 148 million Americans – and, according to state regulators, they have still not done enough to prevent future attacks.
Regulators from eight states, including California, Texas, and New York, recently issued a consent order against Equifax mandating data security improvements. Equifax has agreed to terms without any comment on wrongdoing (neither denial or acceptance).
Under the consent order, Equifax has ninety days to improve its data security practices. They have one month to create an internal audit program to monitor their progress and results moving forward. Equifax must outline their improvement steps to regulators by the end of July.
Equifax contends that data security improvements were already underway, and that the consent order effectively fits into their existing plans – with many of the action items already completed. However, the consent order does provide a feedback loop to outside entities that can verify that Equifax follows through.
Where's the federal government in all this? Operating at its usual snail's pace. The FBI and Federal Trade Commission (FTC) have probes into the issue, but the states were first to take any definitive action – aside from the recently signed legislation authorizing free credit freezes for consumers beginning September 21, 2018.
Protect Your Own Credit
Regulatory efforts like the Equifax consent order will help prevent future breaches, but identity thieves are numerous, relentless, and resourceful – not to mention highly motivated. The number of data breaches over the past few years suggests that corporate security measures can't keep up, and that regulators and policymakers are too overwhelmed to mandate improvements. Note that the state actions were announced almost one year after the Equifax breach was discovered.
In short, don't expect the government to help you protect your data. You need plans of your own.
With every new data breach that is revealed, the odds increase that your personal data will be compromised and exposed to criminals. It's best to assume your information has been breached and act accordingly. Make it difficult to get your data – and to use your data fraudulently if it is compromised – and thieves are more likely to move on to easier targets.
The Equifax breach and the slow and tepid response to it show that you must be responsible for monitoring your own personal data. Create a list of precautions to prevent identity theft and follow through on that list.
Pay special attention to your credit reports, as that's usually your first indication of a potential breach. A regular check of your credit score and reports from all three credit bureaus is essential. You can check your credit score and read your credit report for free within minutes using Credit Manager by MoneyTips.
You can apply a credit freeze to keep thieves from opening new accounts in your name – but that won't stop people from abusing your existing accounts. Unless you pay regular attention, you may not realize your accounts have been hacked until you have maxed-out cards and a tanking credit score.
If you're too busy to keep a constant vigil on your credit accounts, join MoneyTips to enjoy Identity Protector at no charge. The credit monitoring service provides alerts that can help you monitor your credit score, catch attacks early, and limit any potential damage. You'll also see your credit report, which could reveal fraud. Take charge and protect your personal data and accounts or be prepared to live with the consequences.