clock menu more-arrow no yes

Filed under:

Equifax breach speaks to global concern, cyber expert says

This July 21, 2012, photo shows Equifax Inc., offices in Atlanta.
This July 21, 2012, photo shows Equifax Inc., offices in Atlanta.
Mike Stewart, Associated Press

SALT LAKE CITY — The recent data breach of one of the country's three major credit reporting firms can serve as a stark reminder for businesses and individuals nationwide about the increasing threat posed by hackers around the globe.

Retired U.S. Air Force intelligence officer Col. Cedric Leighton said the implications of such a large, targeted cyberattack are the warning signs that show how vulnerable internet-based information systems are in today's global society.

"The major effort is really going to be focused on how to protect one's self during times where the geopolitical climate is changing around the world," he said. "It's all about mitigating risk and figuring out what's best for individual businesses as well as — to some extent — society at large."

Leighton will visit the Beehive State later this month as a guest lecturer for Bank of Utah. Leighton, who is a CNN military analyst and the chairman of a Washington D.C.-based global strategic risk consultancy firm — will be in Utah on Sept. 26-27 speaking to audiences from Logan to Lehi, including a noon speech in downtown Salt Lake City at the Grand American Hotel on Sept. 27.

He said the data compromise at Equifax could have a significant impact on future regulation for large and small businesses that handle sensitive information.

The Equifax credit reporting agency revealed that personal information of about 143 million consumers may have been breached. Hackers may have gained access to Social Security numbers, birth dates, addresses and legal names — information that hackers could then use to commit identity fraud.

Additionally, hackers may have accessed some 209,000 credit card numbers and the personal information contained in sensitive documents belonging to 182,000 people in the U.S.

The news of the cyber breach prompted financial and political backlash, with Equifax losing almost $2.3 billion in market value and calls from Congress that Equifax withdraws its requirement that those who sign up for its credit monitoring waive the right to sue the company. Equifax is currently under investigation by the FBI.

Leighton said the source of the breach has not been determined, noting that it could be a criminal organization or a nation-state sponsored attack.

"This breach is potentially the harbinger of stricter regulation in the field of cybersecurity," he said. "It also means a look at the kinds of practices that companies that store data engage in and whether or not they are storing that data in the most secure possible manner."

He said the findings and congressional review of the matter would likely result in changes in how credit reporting agencies operate in the future, along with other industries as well. As for individual consumers, they, too, will be affected.

"Consumers are starting to become much more savvy about cyber breaches and realizing their data is being compromised," Leighton said. "At some point, they are going to be gravitating toward companies that appear to be doing a better job in protecting their data."

He mentioned that any regulatory changes would likely include new standards that would preclude hackers from accessing "everything all at once." There may also be calls to include cyber risk insurance to mitigate the potential for a large-scale breach, he added.

Because this issue of data breaches is relatively new territory for businesses and regulators, it may take a little time to devise a workable strategy that can be effectively implemented on a nationwide basis, he said.

"Cyber defenses in general and the cybersecurity industry, in particular, have been far more reactive than proactive," Leighton said. "That is a fundamental weakness of how the internet was developed."

How the business and government react to this most recent breach may determine how well information is protected from the next possible cyberattack, he said.