It’s been one year since Equifax announced it was the victim of a giant hack — four months after criminals stole the sensitive, personal information of more than 147 million people. In that year, not a whole lot has changed. No federal data breach notification laws, no big changes to how credit agencies collect information or tell you what they’re collecting. Equifax’s stock is almost back up to where it was before it told the public about the breach. One thing that has happened though: Equifax has spent $200 million beefing up its security. That was part of a deal with eight states that let it avoid fines in exchange for better protecting our data. We dig into this in Quality Assurance, our Friday segment where we take a deeper look at a big tech story. Host Molly Wood talks with Lily Hay Newman, a security reporter for Wired, who says senior executives at Equifax told her they’ve improved their security infrastructure. The following is an edited transcript of their conversation.
Lily Hay Newman: [The security improvements are] their side of the story. And for 147 million people [whose data was stolen], there’s probably outstanding questions about what that’s really going to look like and whether they can trust those remediations.
Molly Wood: And we still don’t know what, if any, long-term consequences there might be for Equifax. Is there any update on that side of the house?
Newman: There are some efforts to confirm that Equifax has made the changes to their security posture that they claim. Eight states signed an agreement with them, including California, to do sort of monthly progress updates and then a third-party audit at the end of this year to see how they’re doing and check their progress. But, yeah, in terms of the larger superstructure of the credit monitoring and reporting industry and of the identity protection industry, a lot is really still deeply enmeshed and intertwined.
Wood: And how about the ramifications for consumers? Has any of that started to play out in any traceable way?
Newman: I don’t believe so. I don’t think we know what happened to the data. I don’t think it’s been released on the dark web or being sold anywhere. So, so far, it’s not clear who took it or why. But I think the big ramification is kind of the larger issue of combining Equifax with all the other breaches that have happened. Now we really are at a point where people need to kind of assume that their Social Security number or their driver’s license number or their home address has been compromised in a breach. Because even if it wasn’t Equifax, combining that just massive amount of data with everything else that’s been exposed over the years, the odds are starting to get pretty bad.
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.