Getting hacked is a painful and often loss-inducing fiasco. To add fuel to the fire, if you do not even know that the data has been compromised, isn’t this a bigger risk than just being exposed to a cyber hack? The earlier the compromised data is put back again behind a safer and more secure data firewall, the less the damage.
Regulations and laws are in place but don’t seem to be strict enough to require reporting a data breach immediately. Often, the public reaction and loss of reputation associated with being hacked makes even large organizations hide these incidents from the general public. As the recent U.S. Securities and Exchange Commission (SEC) hack and Equifax Inc. (NYSE:EFX) hack have shown us, hiding data breach incidents can do more damage than coming out openly about it.
Equifax & SEC’s Late Response to Data Breach Eroded Customers’ Trust
Both the Equifax hack and the SEC hack were reported several weeks after the respective incidents occurred.
The SEC Story
The SEC breach supposedly took place in 2016. Even the top officials of the SEC were kept in the dark. The current chairman stumbled across it when he ordered a review of the organization’s cybersecurity and vulnerabilities. The SEC, which mandates that all organizations trading publicly be open and transparent and comply with its regulations and policies, had hidden this data breach incident from the public as well as the top officials for months. What message does this convey and what were the reasons for hiding it?
The reasons could have been many, right from the fear of the cybersecurity team losing their jobs or senior officials being held accountable and, in turn, losing their jobs, to getting a negative image in the public mind, to having a larger impact on the country’s economy. Or it could have been a political reason.
Whatever the reason, the fact remains that the incident was hidden from everyone and this has resulted in a deep impact on the trust that people had in the SEC. Who knows how many material decisions may have been influenced as a result of the data exposed during this breach?
The Equifax Story
Equifax, which is based in Georgia, did not inform its customers about the theft of their data for many weeks. One reason for this lack of communication could be that it did not want to sabotage the investigative agency’s efforts by going public with the information that the data breach had occurred. It has also been observed that each state has its own different laws about the timeframe within which they should inform customers about the compromise in their data systems.
In the case of the recent data breach, before Equifax broke this news to the public, many senior executives sold their shares in the market, which, in turn, resulted in an almost 18% drop in the company’s share price. This can be considered as a future indicator of a company trying to minimize its liabilities in terms of a bigger consumer problem—in this case, the data breach and exposure of sensitive and personally identifiable information of thousands of Equifax customers.
How Did Equifax & the SEC Get Hacked?
At Equifax, it seems that the breach was an accident waiting to happen. Cybersecurity experts had identified a hole in their code and had informed the company of the vulnerability; however, even though the patch was available, Equifax sat on it.
Equifax did not bother to install the security patch that could have prevented this data breach and the hackers took advantage of exactly this security flaw. The fact that Equifax had the means to patch the security vulnerability but did not act on it has had a lasting impact on its financial outlook. The shares have taken a big fall and there is bound to be a cascading effect on the economy as well.
The SEC hack was perpetrated by cyber criminals who, according to the SEC statement, simply hacked their way in when they found certain vulnerabilities in the security system. The SEC has a corporate data filing system it calls “EDGAR.” The data breach meant that many of the files stored in EDGAR related to the SEC filings by public limited companies were accessible to the hackers. They may have used this data to gain undue advantage while trading stocks.
The mere fact that such compromised data was used to gain insider-type information and trade in shares meant that the economic situation of these companies was taken advantage of illegally and unfairly.
The impact of these kinds of breaches is far-reaching and can affect the entire country’s economy and fiscal planning.
Impact of Equifax & SEC’s Data Breach on U.S. Economy
Equifax stock lost 14% in trading when this data breach was announced, with the losses said to be reaching hundreds of millions of dollars. The consumers could face problems in the years to come.
Since Equifax stored the credit information of individuals, this meant that the hackers had laid their hands on gold mines of information that they could use to apply for fraudulent loans, apply for credit cards illegally, and use the social security numbers of American citizens to do illegal financial transactions across the world. With the current situation and threat of terrorism looming large over most Western countries, the effect this kind of data could have is perhaps scarier than we can imagine.
When a data breach goes unreported for several months at an organization such as the SEC, it is only going to raise questions in the minds of all the corporations who have entrusted their data in the hands of the SEC. It will require many months of damage control to bring the eroded reputation back to where it was.
These kinds of incidents have a tendency to shake the entire country’s economy. With the U.S. being a global economic influencer, its approach and the steps that it will take to handle such incidents in the future—or better still, to prevent them all together—will make all the difference between making or breaking the economy’s trust.
What Does It Mean for Consumers?
The Equifax security breach has affected everyone with a credit history; each and every individual may have had his/her data compromised. The fact that Equifax still won’t clarify exactly who was affected means that everyone is on the hook. If the data on the Quartz web site is to be believed, only about 15 million people have been to the Equifax web site to see if they have been impacted directly. This number is in the single digits in terms of the percentage of people affected. Those who are uneducated and are from the financially illiterate strata tend to be more greatly affected as they fail to realize the impact of the data breach on their financial situation and the risk they may face in the future.
The way Equifax handled this entire situation is seen by many as irresponsible behavior and could spell the downfall of this credit rating ranking agency.
Consumers of all those corporations who filed their details with the SEC will be wary of these kinds of incidents in the future. In cases where there has been insider trading with the help of hacked information, those who benefitted from these transactions will be under the radar and may even have to face the penalty of such malpractices.
The impact of both these breaches will create a long-lasting dent in the U.S. economy and the public trust that has been eroded will take years to rebuild. Coming in strongly against those who made any kind of inappropriate fortunes through these incidents will help repair the damage done by these data breaches in the long run.
Could This Have Been Prevented in Any Way?
In conclusion, both these incidents could have been prevented entirely. Once they occurred, they could also have been handled very differently. The slowness to react and the actions taken by certain stakeholders puts a question mark on their solidarity and trustworthiness.
In the weeks to come, the true extent of the breach may be revealed and further investigated by financial and cybersecurity experts. Cyber hacks remain a serious vulnerability and a threat that any digital agency or company will continue to face. It will not be an easy task to battle with this demon in the future.
“SEC Draws Scrutiny for Slow Response to Hack,” CET US News, October 25, 2017.
“The Equifax hacks are a case study in why we need better data breach laws,” Vox, October 25, 2017.
“Equifax had patch 2 months before hack and didn’t install it, security group says,” USA Today, October 25, 2017
“SEC Says Cybercriminals Hacked Its Files, May Have Used Secret Data for Trading: The two-way,” NPR, October 23, 2017
“The Equifax breach will most hurt the people who can least afford it,” Quartz, October 23, 2017
SEC says EDGAR breach obtained personal information of 2 people,” Pension & Investments, October 23, 2017.