Equifax Breach: Lessons For Indian Companies

by CXOtoday News Desk    Sep 11, 2017

web breach

American credit rating agency Equifax informed that a vulnerability in one of its web applications has led to the leak of millions of social security numbers being compromised in the US. With the personal details of up to 143 million data being compromised, this breach acts as another reminder about the dangers of poor security architecture.

The hack, among the largest ever recorded, was especially alarming due to the richness of the information exposed, which included names, birthdays, addresses and Social Security and driver’s licence numbers, cyber researchers said. Bigger hacks, such as those disclosed by Yahoo last year, did not put as much sensitive information at risk. Responding to criticism, Equifax apologised in a corporate statement for any inconvenience caused by its support website or call centre, but the damage has already been done.

While a chunk of the US population now risk their SSNs ending up in the hands of identity thieves and, perhaps, the dark web, the breach can be yet again an eye opener to consumers across the globe, including India.

In India, Equifax operates as a joint venture with four public sector banks — SBI, Bank of Baroda, Bank of India, and the Union Bank of India — and three private banks, according to the company’s website. The company offers credit ratings reports for free to consumers in India, and requires users to submit their Aadhaar number to authenticate their identity for these reports.

In the last few months, they have been expanding their microfinance offerings, and partnered with the International Finance Corporation to “deepen coverage” of credit reports of Self-Help Groups in India. The company has been involved in microfinancing in India since 2011, according to its website.

“The breach at Equifax is another reminder that information that isn’t properly protected will be stolen. Whether it is in the cloud, on a thumb drive or on a mobile device, unprotected data is valuable to criminals. What’s worse is that the bulk of the information, such as social security numbers, birthdays, addresses and other personal details, is far more valuable than the stolen credit card information. Your identity can’t be changed or replaced like a credit card,” said Sunil Sharma, Managing Director – sales for India & SAARC, Sophos.

Meanwhile, the Reserve Bank of India is looking to open a public credit registry incorporating unique identifiers for borrowers, including Aadhaar for individuals, and Corporate Identification Number for companies.