The Equifax Credit Reporting Breach: Is Blockchain The Answer?
In a recent development in the U.S. that sent shockwaves through the world of personal finance, credit reporting agency Equifax announced that they had been breached, compromising the personal information of over 143 million Americans. The potential impact of this is profound as it amounts to over 40 percent of the U.S. population.
In this attack hackers captured troves of information including social security numbers, birthdates, addresses, credit card numbers and other sensitive private data. By gaining access, these criminals to gain access to troves of personal data that can be used to create fraudulent lines of personal credit and new credit cards.
Equifax noted that the breach, which likely occurred as early as mid-May 2017, wasn’t discovered until July 29. It is believed that the hackers discovered and capitalized off of a web application vulnerability.
Equifax, along with Experian and TransUnion, is considered one of the big three credit reporting agencies in the U.S. Together, they facilitate and curate credit reports for over 200 million U.S. adults, playing a vital role in housing, auto and other significant financial decisions impacting the lives consumers.
The potential ripple effect ensuing from this attack could be unprecedented. As a result, both credit-reporting agencies and financial experts are urging people to keep a close eye on their finances and credit reports for irregularities. Consumers are also being advised to contact the big three agencies to set up fraud alerts.
The major intrusion at Equifax offers a prime example of how centralized IT systems create massive vulnerabilities for consumers, in this case placing at risk the identity of nearly half the country.
Is Blockchain Technology a Preventative Elixir?
This attack is now raising new questions about the potential efficacy of blockchain technology in mitigating the effect and scope of breaches such as this due. Its potential impact is tied two fundamental characteristics; decentralization and cryptography.
The ability to steer clear of centralized servers and databases through a secure peer-to-peer network and cryptography that blockchain delivers is certainly worthy of discussion. On the heels of this breach, we here at BTCManager asked several experts in this space for their thoughts on whether the blockchain represents a viable means of mitigating these sorts of attacks in the future.
Bharath Rao, CEO of Leverj, a decentralized platform for cryptocurrency derivatives trading says that aggregating everyone’s identities into a central location clearly a bad idea. He notes that it’s only a matter of when, not if, a security breach will put everyone’s identity and finances in jeopardy.
Rao says that blockchain technology allows us to measure reputation and credibility anonymously using decentralized identity and reputation systems. “Many of these blockchain-based systems are already live, and their fundamental principle is the same. These innovations show the true power of ingenuity of developers and the power of blockchain, offering a quick glance at how safer, more powerful systems form a new foundation that is likely to replace fragile legacy systems.”
Jason English, VP of Protocol Marketing of Sweetbridge, a global alliance that aims to use blockchain to create a liquid supply chain says that the Equifax breach spectacularly highlights all the reasons why we need a new decentralized way for individuals to control their personal identity.
Remarks English, “For too long, this firm (Equifax) profited off the private data collected from citizens without their consent, all the while creating a central point of failure that was bound to fail someday, and acting as a grossly irresponsible steward of that data. A blockchain-based voluntary identity system is called for that would be cryptographically secured, immune to tampering and give everyone control over exactly what personal information can be shown to whom on a case-by-case basis.”
“There are already a few interesting blockchain projects pushing to bring the goal of a decentralized identity system into reality, and that’s a good thing, because we have long needed a better alternative.”
Rob Viglione, co-founder of ZenCash, a privacy coin for borderless, decentralized communications and transactions chimes in by saying that the recent Equifax breach is not the first, nor will it be the last, shocking hack. He cautions that much economic activity still resides on technologies that are decades old. “Every honeypot of value will eventually be breached, so it would be great to see institutions that have custody of enormous volumes of private data migrate to more modern solutions.”
“Distributed ledger technologies, or blockchains, especially those that employ zero-knowledge cryptography to further shield sensitive information, should be on every CTO’s experiment list.”
Finally, Alex Mashinsky, CEO of Celsius, a peer-to-peer credit system designed for the people says that the Equifax hack shed light on a systemic problem that one or two identifying factors, like a social security number, can grant anyone access to consumers’ digital identities. He believes that an important step in moving toward the world where honeypot hacking events are a thing of the past would be using the blockchain to build secure and immutable digital identities and developing a more secure network for our financial information.
The Equifax hack, notes Mashinsky, proved that “centralized platforms cannot be properly secured and that the solution lies on the blockchain.”