Equifax put a music major in charge of information security, and now 143 million Americans can no longer securely identify themselves with their birthdates, addresses, Social Security numbers, and maybe driver’s license numbers.
Music majors, I love you, but there’s a time and a place for everyone.
Equifax is letting us freeze our credit for free for a while; the other credit agencies are still charging South Dakotans $10 for the privilege of shutting off our access to new loans, leases, and credit cards… and it will cost us another $10 each time we want to lift the freeze to access new credit and another $10 if we want to permanently remove the freeze.
But freezing our credit won’t address all the new risks Equifax’s sloppiness has imposed on us:
If you don’t take action to protect yourself, hackers could eventually sell your data to other criminals who could then use it to take out loans in your name, get credit cards, perpetuate tax fraud, access your medical benefits and countless other illegal activities [Nathan Bomey et al., “Equifax Data Breach: What You Need to Know About Hacking Crisis,” USA Today, 2017.09.15].
It’s as if we all stored copies of our car keys at the bank downtown, and the bank left its doors open for over two months, letting bad guys riffle through the key drawers and make copies of nearly half the keys in town. And now we’re being told to freeze our locks and pay $10 to the same morons who got us into this mess every time we want to get into our cars.
We need new keys. To that end, I propose the following solutions:
- Liquidate Equifax. They had one job—share personal data only for authorized financial purposes—and they blew it.
- Transfer whatever money we can get from Equifax’s assets (including clawbacks of executives’ shadily timed stock sales) to a special account in the United States Treasury to fund remedial measures.
- Transfer Equifax’s records and a hundred new IRS agents to study them to Fort Knox or Cheyenne Mountain.
- Audit those records to document exactly whose data got hacked and whose didn’t.
- Issue new Social Security cards with new Social Security numbers by hand courier to every American.
- Place perpetual fraud alerts on every credit report.
- Adopt the Apple approach: require Face ID to open any new line of credit, file a tax return, or access medical benefits or records. Somewhere in Joe’s credit application process, there must be some certified third party—banker, county auditor, police officer—who looks the applicant in the eye and says, “Yup, that’s Joe.”
- Alternatively or more broadly, use two-factor authentication for everything credit-related, employing at least one data point not involved in the Equifax hack.
- Implement laws requiring immediate notification of victims of data breaches and restricting the data that companies can collect to the bare minimum necessary to conduct transactions. (There’s a briar patch much bigger than a bullet point.)
- Until appropriate remedies have been fully implemented, declare credit scores unreliable and freeze their release and use for any purpose.
There’s also cash-only self-sufficiency: we could all shred our credit cards and barter tomatoes and chickens from our backyards, but no one wants to spark another economic collapse… except maybe those clever hackers who could be working for certain foreign powers who might find an undermining of Western institutions and resulting global instability playing to their advantage.