Examples of problems.
When it comes to the ownership of data about people today, we live in a strange world because oftentimes the most sensitive data about people does not belong to people and people can’t do anything about the management of it. However, most people are used to having credit bureaus and agencies managing their data and think that it is simply a necessary part of life.
Originally, governments have created numbers such as the United States Social Security Number or the United Kingdom National Insurance number as a way to track earnings of their workers, so that the workers would get benefits and be able to participate in the entitlement programs. There was just one goal for the creation of the numbers, which was better tracking, and the workers were benefiting directly from this goal. However, eventually these programs have grown into something much bigger, turning into identification mechanisms and the foundation of financial and commercial tracking by private entities.
Companies such as Experian, Equifax and others collect, store and manage huge volumes of data about people, including social security numbers, addresses, and information about all kinds of financial accounts. These companies are for-profit organizations, meaning their goal is to profit from the data and they do profit from it on a very large scale. For example, in 2017 Experian had over 15,000 employees and the revenue of the company was over USD $4 billion. Equifax had over USD$3 billion in revenues in 2017. The company has over 10,000 employees.
The problem is that the ways these companies manage and handle data do not always benefit the consumers whom the data is about. In the recent times, not only have consumers been not benefiting from what the companies do, but the actions of the credit unions have been creating problems for a lot of people and the people were not able to do anything about that. They were simply left with having to deal with the consequences.
Brief overview of the hacks of major companies in the twenty-first century
Hacks and data mismanagement don’t only happen with credit bureaus. Stores, websites and many other businesses and organizations also have all kinds of problems and issues.
In September of 2016, Yahoo has announced that unidentified hackers, most likely state-sponsored, have stolen names, addresses and birth dates of about 0.5 billion of the users of the company. Yahoo claimed that most of the passwords stolen during the hack have been protected by cryptography, but it later said that another hack has occurred earlier, in 2013, and the passwords were not as well protected. According to the new data, the hack had an impact on many more accounts. The company later changed its estimates from 0.5 billion to 3 billion.
In May of 2014, eBay has announced that hackers used the credentials of its employees to steal data about all 145 million users of the website, including dates of birth, names and passwords.
In December of 2013, Target had said that attackers gained access to about 40 million records with credit and debit card numbers of its customers. Similarly to Yahoo and others, the company later revised the numbers and the estimate went up from 40 million to 70 million records.
In late 2016, Uber Technologies has found out that hackers were able to access its databases and get names, phone numbers and emails of over 50 million users of the platform and over 500,000 drivers. The hackers found access codes to Uber’s cloud storage on GitHub. The codes should have never been on GitHub. Once Uber learned about the breach, it didn’t do anything to inform the users and the drivers on the platform. Instead, it chose to pay the attackers USD$100,000 and believed the hackers when they said that they would destroy the data after getting the money.
One of the biggest hacks of the recent years occurred at Equifax, where the attackers gained access to about 150 million records. Just like other companies, Equifax has been revising the numbers of affected records. Initially, in September of 2017, the company has said that about 145 million accounts have been affected. In 2018, it said that the number of accounts is higher by 2.4 million consumers. The attack has happened in May of 2017, but the company has only found out about it in late July of 2017 and waited for yet another month to disclose the information about the problem. Even when the company made an announcement about the issue, it did not disclose right away what information exactly has been stolen and whether it included social security numbers, driver license numbers and personal identification numbers of users, credit and debit cards.
When Senator Elizabeth Warren conducted an investigation into the company, she has found that the company both did not have adequate computer security and did not come forward in a prompt and honest manner to inform the consumers and the authorities about what happened with the data.