Data Breach Protection and Information Security Will Be Critical Issues
Written By ESR News Blog Editor Thomas Ahearn
On September 7, 2017, nationwide credit reporting agency Equifax announced that a massive data breach incident had impacted approximately 143 million Americans – almost half of the country – a number that grew to include 145.5 million people ins the U.S. The need for background screening firms to ensure information security in the wake of the Equifax data breach is trend number 6 of the “ESR Top Ten Background Check Trends” for 2018 selected by global background check firm Employment Screening Resources (ESR).
The data breach at Equifax – one of three major credit reporting agencies with Experian and TransUnion – occurred between mid-May and July of 2017 and allowed hackers to access sensitive information that included names, social security numbers, birth dates, addresses, and driver’s license numbers. The Equifax data breach is one of the worst ever judging by reach and by information exposed to the public. More consumer information about the Equifax data breach is at www.equifaxsecurity2017.com.
Employers concerned about credit reports used for background checks being affected by the massive Equifax data breach “can breathe somewhat easier knowing their employees won’t be affected,” according to the Bloomberg BNA article ‘Should Equifax Data Breach Worry Employers?’ Brad Landin, president and chief compliance officer of Employment Screening Resources (ESR), who has over 25 years of experience in background screening industry compliance matters, was interviewed for the article.
“I don’t think there’s a risk to consumers in terms of credit reports that are ordered by employers,” Landin told Bloomberg BNA. He explained that the only way the Equifax data breach could be a liability – which will likely to not be an issue – would be if a hacker tried used the information to try to obtain a job. “Why would a person steal an identity to get a legitimate job?” Landin asked, adding that identity thieves who steal credit report data are “in the business of stealing money, not making money.”
Landin also said that it was “unlikely employer credit checks for hiring purposes will be affected by the hack” since most credit report checks used by employers come through resellers of credit information and not directly from Equifax. “I’m highly confident that the availability of Equifax credit reports is largely unaffected,” he concluded. On a personal note, Landin said “he was relieved to find he wasn’t one of the 143 million Americans who had information compromised by the Equifax hack.”
According to the Gallup Annual Crime Poll, two-thirds of U.S. adults worry about becoming victims of cybercrimes such as a data breach with 67 percent worrying at least occasionally about computer hackers stealing their personal information and 66 percent worrying at least occasionally about identity theft. The Gallup Crime Poll found that one in four Americans – 25 percent – reported they or a member of their household had personal information stolen by hackers in the last 12 months.
Statistics from the Identity Theft Resource Center (ITRC) and CyberScout revealed that the number of data breaches in the U.S. hit a half-year record high of 791 through June 30, 2017. At this pace, the ITRC anticipates the number of total data breaches could reach 1,500 in 2017, a 37 percent increase over the all-time record high number of 1,093 data breaches in 2016. Data breaches for the business sector accounted for more than half – 54.7 percent – of the total data breaches in the first six months of 2017.
In response to the Equifax data breach and other cyber security incidents, Governor Andrew Cuomo directed the New York Department of Financial Services (NYDFS) to issue a proposed regulation that would require credit reporting agencies to register to comply with the state’s cybersecurity standard and provide the NYDFS Superintendent with the authority to deny and potentially revoke authorization of consumer credit reporting agencies to do business with New York’s regulated financial institutions.
In September of 2017, Senator Elizabeth Warren (D-Massachusetts) and Senator Brian Schatz (D-Hawaii) introduced the Freedom from Equifax Exploitation (FREE) Act to Congress to give consumers control over their credit information in the wake of the Equifax data breach. According to a fact sheet, the FREE Act would give consumers more control over how their personal financial data is used and secured by credit reporting agencies, and more tools to protect themselves in the wake of the Equifax data breach.
Equifax was not the only business affected by a data breach in 2017. In May of 2017, California Attorney General Xavier Becerra announced a record $18.5 million multi-state settlement with Target, Inc. The settlement was in response to allegations that more than 40 million customers had their payment card information compromised from a data breach during the 2013 holiday season after the retailer failed to provide reasonable data security, according to a press release on the Attorney General’s website.