This week saw the biggest public breach in the history of credit reporting, as Equifax reported a hack affecting as many as 143 million customers. The hack exposed Social Security numbers, birthdays, and, in some cases, even credit cards. The attackers gained access as early as May, so the data has now been circulating for months. For years, experts have said you should assume your Social Security number and birthday are already available on criminal marketplaces — and with more than half of the adult US population implicated, that logic is now hard to avoid.
Beyond the immediate damage, the breach reveals some deep absurdities in Equifax’s business model. The company was one of the central stores of personal data, the place you checked to make sure you weren’t writing a mortgage to an impostor. But now the impostors have the same data as everyone else. If you can’t keep it secure, why stockpile the data in the first place?