As many of you have heard by now, Equifax, one of the big 3 consumer credit reporting agencies is engulfed in a massive data security breach that affects close to 140 million consumers in the United States.
According to multiple outlets malicious actors gained access to Equifax consumer data in mid-May and Equifax hadn’t discovered the breach until July 29th. According to Equifax and other security consultants, the attackers exploited a weak point in Equifax’s website software. In addition to the other material that was compromised, the attackers were also able to acquire names, birth dates, and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also poached.
This incident once again highlights the problems of large repositories of centralized data storage: They create massive incentives for attackers to exploit vulnerabilities and these centralized honey pots of data are large single points of failures. By exploiting just one tiny website vulnerability, attackers were able to steal a plethora of valuable information from millions of people. Just one small vulnerability in a large, systemically important financial institution has an extremely negative impact on a large swath of people. The attackers are now reportedly selling this information on dark markets for criminals to sift through and take advantage of millions of unsuspecting people.
The solution to these inevitable breaches is not to build thicker walls or bigger walls or even to create better procedures around an ever increasing amount of sensitive data but rather to stop centralizing sensitive personal information. Centralization and massive third parties are the problem. “The Equifax Hack” is just the latest example of a massive problem that permeates our society. Decentralization of data and personal ownership of highly sensitive information is the solution. Edge Security is our implementation of that solution.