The Equifax breach exposed dangerous levels of apathy

Your stomach knots as you notice the shimmering glass on the concrete beside your car. With a sinking feeling that gets worse with each step, you know what you’ll find. You were only in the store for a few minutes—how could this happen!? And sure enough as you step up to the car, you confirm what you already knew: shattered glass on the passenger-side seat where just moments before your backpack had been. And inside it your laptop, wallet, and smartphone. Gone are thousands of dollars’ worth of electronics…and signed-in access to your email, bank accounts, credit cards, medical records, and who knows what else. 

You immediately run into the store to call the police.

As more and more of our lives are stored on smartphones and laptops, the prospect of being without them can be frightening. They represent convenience, privacy, security, organization, even offloaded memories. All weightlessly and effortlessly digitized and available on demand. Their loss can be stressful, traumatic to the point of “smartphone separation anxiety.” 

So it’s interesting to contrast our collective reaction to the Equifax data breach, in which at least 145 million Americans had their names, Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers stolen en masse. That data is no doubt making its way around the dark web, being sold in whole and in parts, today, tomorrow, and forever. After all, data has no expiration date.

The Equifax breach was in the headlines for weeks, covered in-depth by practically every major media outlet. You couldn’t have missed the news. As the scope of the theft became known, there was extensive coverage of what to do and how to check your credit accounts for signs of identity theft. Yet in a post-breach survey of 1,000 Americans, only 22% had initiated a credit freeze on their accounts, one of the key steps recommended by experts. If 145 million of us had our smartphones stolen, would 78% of us decide to stick our heads in the sand?

Comparing these two thefts reveals something really important about where we’re at with privacy and data security today. People just don’t value digital data in the same way we do physical access to our information. But we should. In fact, there’s reason to believe we should be even more concerned about our online information being stolen. According to the Bureau of Justice Statistics, 7% of Americans above the age of 16 were identity theft victims in 2014. There were 1,091 reported data breaches in the U.S. in 2016, and experts predict that this number will jump by 37% to 1,500 by the end of 2017. The odds that you or someone you know has or will be victimized are high. One expert grimly assessed the situation by saying, “It’s a safe assumption that everyone’s Social Security number has been compromised and their identity data has been stolen. While it may not be explicitly true, we have to operate under that assumption now.” 

The identity theft threat 

Identity theft impacts many areas of our lives. Hackers and analog fraudsters use stolen data to steal federal tax refunds, open credit lines and bank accounts, steal money from existing bank accounts, and even use their victims’ insurance policies to receive medical treatment. Even more alarmingly, there seem to be new ways for cybercriminals to steal personal data all the time. High-profile cases like Equifax occur due to database hacks, but phishing and text scams, malware, and “evil twin” Wi-Fi attacks (in which hackers set up malicious connections that mirror legitimate hotspots) are also used to steal information. If you unwittingly log into your bank account through a corrupt connection, you’ve just handed hackers the keys to your financial life. 

Digital hacks are becoming increasingly sophisticated and increasingly worrisome. A series of recent cyberattacks on hospitals and medical organizations highlights the growing problem. In one case, an 85-year-old woman received benefits documentation for a nose job she had never had – someone stole her information to receive the cosmetic surgery under her insurance plan. A Los Angeles hospital shelled out $17,000 in Bitcoin to hackers who were holding its electronic medical records ransom. Such hacks are extremely dangerous because they provide criminals with key pieces of data needed to successfully pull off an identity theft scam. Once you have someone’s name, birthday, and Social Security number, it’s not terribly difficult to begin opening accounts in their name. 

Americans aren’t unaware of cybersecurity risks. The Pew Research Center found that 64% of people surveyed in the U.S. had personally experienced a significant data breach. Roughly 50% expressed a lack of confidence in the federal government’s and major social media sites’ abilities to keep their data secure. With those kinds of numbers, you’d think we’d be more nervous about digital theft than physical break-ins. 

But it seems that the opposite is true. The same Pew study indicated that despite people’s awareness of cyber threats, most practice rather poor digital hygiene. Only 12% used a password management system, which is a best practice cybersecurity experts often recommend. Many simply memorize their passwords or write them down with pen and paper, and they often used the same passwords for multiple accounts – all of which experts advise against. Pew also found that many people are lax in their smartphone security, leaving their phones unlocked or failing to install system updates that contain important security patches. 

Rethinking cybersecurity 

So, what gives? We know that cyberattacks pose substantial threats to our data, yet we consistently fail to protect our digital security in the same way we protect our physical property. One reason for this might be the “free” nature of online content. We’ve become so accustomed to consuming digital content for low or no cost that perhaps we undervalue what’s online. Whether or not we’re conscious of it, we make the calculation that our online information is more disposable, or at least less valuable, than hard copies of our data. 

While that mentality might have made sense 20 years ago, it doesn’t work today. More and more, we share and save important data online, from photos and videos to deeply private data about ourselves. Not being able to hold that data in our hands doesn’t make it less valuable than the property we keep in our homes. As more of our financial, medical, and other personal records are digitized, we should be just as concerned – if not more so – about our online data as we are about information in “real life.”