By Sophie Gilbert ’19, News Editor

This past October was National Cybersecurity Awareness Month. It has been observed in October every year since 2004, but a focus on cybersecurity is particularly fitting this year given recent events concerning Equifax. Equifax is one of the largest credit reporting agencies in the U.S. It has information on nearly 800 million individual consumers and over 88 million businesses worldwide. And recently, a massive data breach by hackers exposed the information of 145.5 million people–nearly half of the U.S. population.

This cybersecurity breach, announced by Equifax on September 7th, occurred from mid-May to July 2017. From the discovery of the data breach on July 29 until their announcement in September, Equifax had been investigating the hack thoroughly. The exposed information included names, Social Security numbers, birthdates, addresses, driver’s license numbers, and credit card numbers. It primarily affected people in the US, but also affected residents of Canada and the U.K. Generally, Equifax is the company people or businesses turn to when dealing with identity theft and stolen information, making this data breach particularly complicated for the millions affected.

However, there is a deeper layer to the Equifax data hack scandal. After the breach was discovered, but weeks before it was publicly announced by the company, three of the top executives sold their shares of the company. After the hack was announced, two executives in the company stepped down–the chief information officer and chief security officer. Later, the chief executive officer of Equifax, Richard Smith, stepped down as well. There have since been many federal investigations of Equifax, both because of the unusual amount of stock that had been sold by executives before the announcement of the hack and because of the company’s handling of the hack in general. This has led to confusion and controversy over people’s right to sue Equifax, due to terms in Equifax’s original contract that prohibit parties from entering class-action lawsuits. However, it has been concluded that this contract does not apply to the cybersecurity issue, and in addition individuals can sue Equifax for negligence in small claims court.

In the wake of the data breach announcement, there has been a rush for people to check whether they are affected by the hack. Equifax set up a website with the specific purpose of helping those who may have had their personal information exposed. On the website, Equifax advises, “We recommend that consumers be vigilant in reviewing their account statements and credit reports, and that they immediately report any unauthorized activity to their financial institutions. We also recommend that they monitor their personal information and visit the Federal Trade Commission’s website…to obtain information about steps they can take to better protect against identity theft.” Additionally, Equifax introduced a new service that would permit consumers to directly control access to their credit file, so that they can lock and unlock the account themselves quickly. This makes the file more secure and in control of the consumer.

While this is a humongous data breach, affecting so much of the U.S. population, many young people do not know much about it. Katie Powers ‘22 said that she had never heard of Equifax. In regard to the idea that people’s personal information could be so easily accessed through technology, she said, “It’s pretty scary, but it’s also pretty common in our current world. Having more technology is really important, but lots of harm comes from it too.” Becka Dunayev ‘19 had also never heard of the Equifax hack, but believes that “You take that risk when you deal with any technology in the first place. You have to know that your personal information could be leaked–even before [the Equifax hack] there was always the possibility that something could happen.” The technology that allows companies to safely secure such enormous amounts of people’s personal data is revolutionary and incredibly useful, but with that technology comes the risk that all of it could be exposed by hackers.

Our own school community is doing its part to promote awareness of cybersecurity. Since it is National Cybersecurity Awareness Month, the Newark Academy tech office is holding many events throughout the month, including a phishing challenge to help Newark Academy students become more technologically aware. Phishing is the act of sending a false email that tricks people into entering their personal account information, which can then be stolen. Through events like the phishing challenge, Newark Academy students can learn to recognize when they are in danger of having personal information stolen, and be able to avoid it. While the cybersecurity breach that affected Equifax is incredibly daunting and somewhat scary, it will hopefully lead to strengthening of cybersecurity both in companies like Equifax and through individual action and awareness.