As many as 143 million Americans’ identity data are at risk following the breach at the consumer credit reporting agency Equifax. The particular scope and facts of this hack are still being determined. Breaches are inevitable. But this breach is one of the worst to date in terms of both the number of people affected and the long-term consequences. It should serve as a wake-up call to industry and, just as importantly, to policymakers: we’re doing it wrong.
The reality is that this is likely far from the first time—and far from the last time—that many of those 143 millions’ social security numbers and other key data will be sold on the dark web. Cyber risk management should not be optional. It is critical to the mission of every enterprise, particularly those with the responsibility for protecting massive amounts of personally identifiable information. This is not just about Equifax. And this is not just a technical problem. This is a systems-level problem and government and industry both need to do their part. Congressional hearings and the many bills being introduced are one part of the equation. But we see this flurry of activity with every major breach and nothing changes. Congress, the White House, and industry must recognize their failure to act is harming Americans now, and is damaging our economy in the longer term.
– David Hickton, Founding Director, Pitt Cyber