What happened with Equifax in the USA and how OpenLedger BaaS Would have been the Solution
Equifax, one of the nation’s three main credit reporting agencies (the other two are Experian and TransUnion), announced on September 7 a cybersecurity incident that potentially impacted approximately 143 million U.S. consumers. The cybersecurity firm Mandiant completed the forensic portion of its investigation on the incident by the beginning of October and announced that approximately 2.5 million additional U.S. consumers were potentially impacted, raising the total number to 145.5 million, which is over 40% of the U.S. population.
Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents.
Criminals exploited the U.S. based website application vulnerability to gain access to certain files. Although the company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases yet, the threat isn’t necessarily immediate: criminals have the information they need and they can decide to use it whenever they want.
The Equifax hack serves as a prime example of how centralized databases and servers create massive vulnerabilities for consumers. One single company’s system exposed sensitive information potentially compromising the identity of nearly half the country.
Several specialists have now been suggesting that using blockchain technology would have kept consumers’ data completely safe.
Jason Bloomberg—who has dubbed himself “a skeptic – primarily around Bitcoin, but for blockchain as well”—writes in Forbes that an open sourced distributed ledger would solve the problem fast. In addition, a decentralized platform would give the extra safety and security that Equifax was lacking, and companies like OpenLedger who provide blockchain solutions (BaaS) have been advising global businesses how to stop this from happening to them.
Ronny Boesing, CEO of OpenLedger, says that “Building the solutions to these problems using blockchain technology allows more than safety and security. There are so many more plusses including transaction speeds and transparency that make a decentralized solution the only solution going forward for every company.”
“The whole SSN as identifier regime needs to be scrapped,” says Eduard Goodman, global privacy officer at the identity theft protection firm CyberScout. “As we see more and more issues with the centralization of data, different schemes for different uses—biometrics for in-person interactions/transactions, some form of advanced encryption or blockchain technologies online. The solutions are already in front of our eyes.”
Blockchain proponents advocate that consumers can limit the amount of personal information used to authenticate themselves when using blockchain technology. According to Jerry Cuomo, vice president of Blockchain Technologies at IBM, consumers will have sovereign authority over their personal information when operating on blockchain since transactions are securely verified by permissioned participants. Bypassing centralized servers and databases will spread consumer information across secured peer-to- peer networks protected by layers of cryptography. Incidents like the Equifax hack lend credence to the benefits of blockchain in enhancing cybersecurity.
Boesing added, “The funny thing is that right after one of these incidents, our enquiries for BaaS go up 60%. Why companies do not do this now instead of waiting for themselves to be the next target, I do not know.”