“We use many techniques to protect data: encryption, tokenization, masking, encryption in motion, encrypting at rest. To be very specific, this data was not encrypted at rest,” Smith, Equifax Ex-CEO said.
Although it has been noted that encryption would not have kept the hackers away from the information they were seeking, the fact that Equifax used different data security techniques in different environments is the underlying issue. No standard was set. In fact, there is no federal standard about what is personal data and what is not. Is it your name? Your social security number? It also brings up the question of who owns it. Sounds crazy, but with the hacking of 145 million personal records- how was a company allowed to collect so much information about us without our permission? That still a big TBD.
With federal standards around personal data protection comes heavy costs to many financial institutions and banks. So- lesson here is…well, who knows. But be assured there will be a lot of hot topics and agendas coming our way around cyber security and more enforcement actions. To read more on this topic, check out this article.