Written by John Lounsbury
Prof. William K. Black considers the hacking breach at credit reporting agency a scandal of epoc proportions. He explained his thinking in an interview by Aaron Mate on The Real News Network.
Please share this article – Go to very top of page, right hand side, for social media buttons.
Here are his introduction highlights:
- The experts in cybersecurity say on a scale of 1 to 10, where 10 is the worst, that this is a 10, and it’s almost comically bad. It’s another demonstration of our family rule that it’s impossible to compete with unintentional self-parody, and that’s certainly what the executives of Equifax have demonstrated in this scandal.
- First, this is the third major breach in about two years, so they had plenty of warning that their security, cybersecurity, was incompetent, and they obviously didn’t fix it.
- Second, they now say that the breach began in May and that they didn’t detect it ’til July, while they were, as you said, stealing at least 142 million people’s worth of data, probably multiple times.
- Once they did discover, finally, the breach, the very first thing that happened, you mentioned part of it, which is three senior executives sold roughly $2 million-ish in shares, including the chief financial officer, who they’re now claiming wasn’t told of the breach.
- On top of that, there was also an immediate … in the same time period that these senior executives were selling their stock, there was a massive increase in sales of stock options compared to the normal for Equifax, and that almost certainly was again because people had been tipped about what had happened in the breach.
Here is the full interview:
The comments at YouTube offer some further insight. Selected comments below.
Alfred Epding:
These credit bureau’s like Equifax proves how arrogant and obtuse the corporate world has become. Greed and fraud and when the law is not exactly on their side they simply ignore the law because they know that if there is any penalty it will cost them less than continuing their fraud. Do people need more proof than this that our corporate elite are nothing more than liars and thieve’s? Think these same elites can’t make your lives harder or economic situation worse, let alone to your liberties? Well yes things can get even worse if we the people don’t revolt against this.
James Orman:
I don’t understand why personal credit information is managed by commercial companies and not the SEC.
Robert Giggles:
So who gave these “credit bureaus” permission to collect personal information on people in the first place…?
beelovedfuzz:
This criminal system and criminal economic model has become beyond tiresome.
April Sanchez:
Why call it a scandal when it’s a crime? I’m so sick of this… A company in charge of data allowed to have a business to sell people protection for the data they were supposed to keep safe? Who allowed that? Who allowed Equifax to have two functions, and what laws were enacted or permissions given to enable this scenario in the first place? I don’t want to hear what the company has to say… I want to hear how this was set up to benefit the crooks, and who will be prosecuting…
Also some comments from The Real News Network:
Steve Naidamast:
I happen to have a lot of respect for Professor Black’s talents and abilities and the fact that he was instrumental in sending so many white-collar criminals to jail over the years.
However, as a senior software engineer I have a different outlook on this entire situation.
As I have written in papers previously, the US has experienced terrible breaches of corporate data in the past and very little if any had any effect on the national population as a whole. If citizens were being wiped out on a large scale basis as a result of such compromises of personal data this would have been reported somewhere somehow. To date, no one can provide a major report of such situations.
Yes, individuals have suffered terribly with identity-theft but many of these reports have been a result of carelessness on the part of consumers.
As a result, I see such such large-scale “breaches” as endeavors to target specific, high-profile people for political or criminal reasons, leaving the majority of the population out of the equation. Credit card numbers are more than worthless as consumers can only be held accountable for the administrative fee of around $50.00 for such losses unless a consumer has involved him or herself in some level of negligence such as not reporting such issues on a timely basis if their accounts had been affected.
Kenneth C. Fingeret:
Hello Steve Naidamast, You are letting the criminals off the hook! Security needs to be paramount and any failure needs to be corrected immediately if not sooner but the credit reporting bureaus are not spending enough so this will happen over and over again. When this happens, remember TARGET, there was a super warning but EQUIFAX ignored or didn’t do enough to protect their data from “PRYING EYES’ aka hackers. Their solution is a 1 year fix for checking to see if you, as an individual, have been harmed. They have proved that they are in one word “IRRESPONSIBLE”! In this case the punishment should be as massive as the offense. In the Mikado the solution was promulgated by the Lord High Executioner!!!!!!!!
Tyson Kamp:
Agreed re: credit card numbers. The larger issues are the potential for social security fraud, and ability to falsely authenticate based on the stolen PII. It’s tough to quantify the personal downside for those involved (me) until [and if] it’s exploited. This is also not to mention what looks like criminal behavior on the part of the executives. We’ll see who was taking the options positions. That might lead to the perpetrators.
Durango McMuphy:
When did we give Equifax our permission to store our personal information ? Oh, i remember , we didn’t . We have Constitutional protection against illegal search and seizure . They simply seized our information and declared they have some Right to give us a “credit score “. Sue them into oblivion .
Let’s conclude with a couple of comments of our own:
The point that only a few of the 142 million stilen data sets will actually ever come home to roost is spurious. The point is that we don’t know which 10,000 or 100,000 or 1 million will suffer loss. The company (Equifax) should be forced to idemnify all losses. No action by any of the 142 million should be necessary. If Equifax does not have the resources for such restitution then it is likely that many corporations handling such information would not have the resources. A condition for being granted a corporate charter for such businesses should be adequate bonding against such losses.
The argument that stolen data (such as the Equifax case) is not as dangerous because laws prohibit stolen credit card information for accruing losses in excess of $50 per stolen card is not a valid one. Yes, each cardholder has such a guarantee, but it does not come for free. All card holders pay higher ineterests and fees to cover such losses. Corporations do not carry that cost – individuals do.
Finally, who gave permission for Equifax to collect your personal information? You did when you elected the lawmakers who passed legislation under which the businesses were authorized, or who failed to pass legislation to limit the corporations’ authority.
