The views expressed by contributors are their own and not the view of The Hill

How to prevent the next great Equifax heist

By letting the Equifax breach go unexamined, the Consumer Federal Protection Bureau (CFPB) is permitting a world more vulnerable to fraud, insecurity, consumer inaction, and third-party risk — a menacing combination.

Your personal data is highly valued — not just by you, but also by cyber criminals. There is a thriving economy for stolen and leaked data. For precisely this reason, the Equifax exposure differs in scale, size, and scope than previous breaches.

{mosads}With stolen or leaked data, only monetization matters. Cyber criminals are generally agnostic about the type, origin, or owner of the data — and the better the packaging, the easier the sell. To this observation, resignation is the most common reaction: “Why would a cyber-criminal target me? I don’t have a high credit limit. And even so, my bank will credit my account and send me a new card.”

 

This apathy is dangerous. Whales don’t target individual krill. They consume opportunistically and in mass quantities. While incidental, a whale’s appetite is no less dangerous for the krill.

What is the actual, tangible impact? Like contemplating the ocean, it needs boundaries to provide meaning. Here are four clear impacts from the Equifax data breach: 

Faced with a confrontation, humans will fight, flight or freeze. After the Equifax breach, Congress castigated and called for change, but again, inaction won. (Currently, all 50 states are independently investigating Equifax, including the Federal Trade Commission (FTC), as well as 240 class action lawsuits.) Previous milestone breaches have failed to overcome this inertia, however, here are four legal, regulatory, and policy pathways that merit consideration:

Continued apathy and inaction threatens our wallets, safety, identities and businesses. The CFPB has no excuses left for inaction.

Munish Walther-Puri is an experienced intelligence and risk analyst and chief research officer at Terbium Labs, a dark web monitoring company.