The recent data breach at Equifax, affecting 143 million U.S. consumers, is believed to the largest data breach in history. While we’re still in the early phases of learning about the event, there are already some things we can learn from the event and what it means for the financial services industry. Personally identifiable information (PII) has long been a mechanism for financial services organizations to identify customers while giving financial services firms access to the most vulnerable customer information possible.
Equifax is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders — sometimes without you knowing. The Equifax breach is quite different than others given the scale and reach it has maintained, impacting 44% of the population in addition to compromising 209,000 credit card numbers and personal dispute details for another 182,000 people. The event has led some to wonder if this breach may be an indicator that the financial services industry should end its reliance on static personal identifiers like Social Security numbers and birth dates.
Joel Winston, a former deputy attorney general for New Jersey, whose current law practice focuses on consumer rights litigation, information privacy, and data protection law adds that this is different because we — the consumers — are not its customers. “We are the product,” he says. “Us and our data is what Equifax is selling to other people and companies, and they are scrambling to keep their customers, without much regard for actual consumers.” In this case, not only social security numbers and birth dates were compromised, but also addresses, credit card numbers, and the numbers of some driver’s licenses, putting millions of consumers at risk for having their credit stolen.
Perhaps this is just the motive that the financial services industry has needed in order to change the way that PII is protected and stored. “The whole system relies on static information held by old, stale companies,” said Kaz Nejatian, CEO of the alternative payments network Kash. “Anyone who deals with fraud can tell you that this system is totally broken. This latest hack, hopefully, will force everyone to take a long, hard look at the technology foundations for banking.”