In the aftermath of possibly Australia’s biggest data breach, Optus offered customers “most affected” a free subscription to an identity-protection service, provided by credit-monitoring company Equifax Protect. Presumably, this offer still stands for the people whose details were leaked before the hacker apparently deleted all their posts this morning.
Now, where have we heard the name Equifax before? Turns out, if you google “Equifax data breach”, Optus’ offer isn’t the only news story that comes up. For example, there’s this from The Washington Post, September 7, 2017:
The credit reporting agency Equifax said Thursday that hackers gained access to sensitive personal data — Social Security numbers, birth dates and home addresses — for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for Americans’ credit histories.
Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a ‘website application vulnerability’ and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates are particularly sensitive data, giving those who possess them the ingredients for identity fraud and other crimes.
Equifax also lost control of an unspecified number of driver’s licences, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its ‘core consumer or commercial credit reporting databases’.
Oh, cool.
Of course, it’s the right thing that Optus are being more hands-on than it previously has been regarding the breach, and we’re sure Equifax has done some serious work on its security in the intervening five years — if for no other reason than to avoid another fine of more than half a billion dollars.
But it points to a problem with most solutions offered after a massive data breach. Like the proposal floated by Home Affairs Minister Clare O’Neil that companies provide banks with details of stolen data after a breach — they always seem to involve handing one’s data to yet another company which could in turn be compromised.
‘…. handing one’s data to yet another company which could in turn be compromised.’
This is the nub of the dilemma & is why anyone would be reluctant to take up the offer. Surely it’s a numbers game ie: the more agencies which have one’s data the increased chance of it being compromised.
And I think our (LNP) government got the bright idea of retaining data access hatches for terrorism tracking purposes from the bumbling fools in the USA, who also are unable to either protect citizens privacy or catch terrorists….
Couldn’t allow Huawei here because such things belong to our Great & Powerful doddering friend, the Hegemon.
Would it be too cynical of me to point out that Data is the new Oil, and control of it would put the stranglehold on the world enjoyed by the fossil fuels industry (currently in its death throes) into a similarly small group of hands for the foreseeable future.
Yeah, I thought so. Then again, maybe the snowballing vulnerability occasioned from agency sharing as pointed out in the article is actually the idea.
Okay, now I sound as paranoid as the CIA, right?