The silver lining on the Equifax breach

By any measure, the recent Equifax data breach was and is a disaster: in exposing the personal information of 143 million American consumers, it could cause years of trouble for all involved. It also revealed all too clearly the tenuous protections provided for consumer data in the credit reporting industry.

Not that anyone is inclined to feel sympathy for Equifax at this point, but it has also cost and will continue to cost Equifax millions upon millions of dollars. The jobs of many who bear no blame for the failure are also on the line.

And yet … for those who are charged with educating employees and consumers about data protection (as I am), the breach could turn out to be a blessing in disguise. Call me crazy, but I think this may be a rare opportunity to shine the spotlight on an issue that every American needs to know and care about.

Because of its sheer size—in users affected, and in amount of data breached—this breach overcomes one of the big resistance points to understanding cybersecurity. With the Equifax breach, the “What’s in it for me?” (or WIIFM) is all too clear. People are more ready than ever to pay attention to our entreaties to protect themselves and their companies.

Here are a couple practical ideas for points to highlight to make the most of this moment:

1. Software updates suddenly matter

It appears that the cause of the breach is traced back to a failure to patch a known vulnerability in an open-source software package. What a great chance to remind everyone that keeping their software up to date—on their phone, on their home computer, and at work—can prevent huge hassles.

2. Watch who you trust with your data

In the immediate aftermath of the breach announcement, Equifax put up a site to allow customers to see if their data had been breached—all you had to do was enter your personal data! The press howled in response: why would you provide this information to a company that had just shown they couldn’t protect it? What a great opportunity for all of us to think about who we share our information with—and to consider what happens to a company that loses the trust of its customers.

3. Identity theft just got interesting

In the weeks since the breach, countless sources have helped us see how much our credit score can affect our lives. Most frighteningly, it has shown just how much information credit reporting agencies know about us, and how little control we really have over that data. It’s been a wake-up call for anyone who didn’t already understand how widely dispersed their personal data is, and thus how easy it is for cybercriminals to perpetrate identity theft. The resources available for people to learn about identify theft have never been more readily available, nor have they been so good (check out this FTC video for an example). If we can’t get smart about identity theft now, when will we?

Time will tell if this massive display of public interest in protecting data will lead to any long-term changes in the way the U.S. regulates consumer financial data, let alone to the overall protections offered to personal information. It’s still hard for me to imagine a U.S. version of the upcoming General Data Protection Regulation (of GDPR), but stranger things have happened.

However, if all of us involved in educating employees and citizens about data protection seize this moment to get people more engaged in understanding and acting upon information protection, it will turn out that the Equifax breach was a good thing after all.