Solomon Davis is a sophomore journalism major at MU. He is an opinions columnist who writes about technology for The Maneater.
Last Thursday, America woke up to arguably one of the worst data breaches to date. Equifax, one of the three largest American credit agencies, reported that it had been hacked and 143 million consumers were affected.
One can understand the scope of such a number, but it is not until you find out that you are part of the 40 percent of Americans whose information was stolen, including addresses, Social Security numbers, birthdates, driver’s license numbers and even credit card numbers, that it really starts to set in.
Here I am, only a sophomore in college and the victim of a massive data breach, through no fault of my own, that has the potential to impact me for the rest of my life. It is really reassuring to go to bed and know that any moment someone could be bidding for my information on some sketchy site on the dark web.
Right now, not much is known. In fact, the company is keeping information close to its chest. What we do know is that the data breach occurred between mid-May and July of this year. Equifax said the criminals somehow exploited a website application that they then used to steal the data.
If you do a little digging, according to an article from Fox Business, the hackers exploited a flaw in the open-source server software the company uses, Apache Struts. In March, Cisco Systems, Inc. let the public know that a bug in Apache Struts was being used in a lot of recent attacks. Equifax, on the other hand, appears to have ignored the warning and was using an old version of the software.
A website application? At this point, you might be just as confused as I was, because to me, open-source and website application should never be said together in the same sentence with regard to storing Social Security information.
Hackers breaking into sites and stealing passwords has essentially become commonplace. Yahoo experienced the largest breach in 2013 and 2014 when upward of 1 billion user accounts had been hacked. However, the Equifax hack is arguably the worst because it involves Social Security numbers as well as information that can be used to steal the identities of more than 140 million people.
There is no way that I as the consumer can protect myself from the fallout of the Equifax breach. I was being a good steward of my finances and took advantage of my free credit report from the agency and now my data is exposed.
The Equifax hack is a call to action. Consumers can no longer stand by and just allow companies to store our data because they have shown they cannot safely handle it. A company that handles such sensitive data should have it stored safer than on a web server someone could easily access and then exploit, but the executives of the company not only failed to see a problem with it, they even used an out-of-date version.
It is time for Congress to start passing comprehensive rules that govern the storage and use of our data and time for companies to take stock of and invest heavily in their cyber security divisions.
Even if you have never heard of Equifax, if you have any type of credit, chances are the company has your information. To see if you are part of the 40 percent of Americans affected, go to equifaxsecurity2017.com.