Michael Riley, Jordan Robertson, and Anita Sharpe, in a lengthy feature for Bloomberg:
The impact of the Equifax breach will echo for years. Millions of consumers will live with the worry that the hackers — either criminals or spies — hold the keys to their financial identity, and could use them to do serious harm. The ramifications for Equifax and the larger credit reporting industry could be equally severe. The crisis has already claimed the scalp of Richard Smith, the chief executive officer. Meanwhile, the federal government has launched several probes, and the company has been hit with a flurry of lawsuits. “I think Equifax is going to pay or settle for an amount that has a ‘b’ in it,” says Erik Gordon, a University of Michigan business professor.
If you call a $90 million golden parachute a scalping, you can scalp me any time.
I’m struggling to come to grips with the likely long-term ramifications of the Equifax breach. The entire model of the credit reporting industry rests on the idea that they can secure the financial details of millions of people. But the reputation of all of this industry — and, I would argue, any company that collects sensitive information en masse — has been deeply undermined by this breach and others like it.
Lawsuits are a predictable response. However, even if this attack puts Equifax out of business — and I wholly doubt that it could — the effects of this breach will be felt for decades to come by American consumers.
I know that regulation is a touchy subject, but the kind of data that is held by companies in pretty much every major industry is far too valuable to allow for anything other than a perfect security record. If we are going to permit mass data retention, there ought to be standards for how this information is secured: latest patches must be applied immediately, frequent audits need to be conducted to ensure that data centres are secured, and there ought to be steep penalties for any violation. Self-regulation isn’t working, and failures have massive consequences.