Skip to main content

Q&A: Are consumer data breaches the new normal?

ASU global security expert Jamie Winterton weighs in on recent Equifax breach


binary code
September 07, 2017

On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.

ASU Now spoke with Jamie Winterton, director of strategy in ASU’s Global Security Initiative, to learn more about why breaches are so common and what impacts consumers face as a result. 

Question: Data breaches have become so common. Should consumers consider these instances to be a new normal?

Answer: I wish I could say no, but, unfortunately, data breaches are a fairly common event. And the numbers are staggering. The Equifax breach affected 134 million people — that’s almost half the population of the U.S.

Perhaps more concerning is that consumers aren’t always notified immediately when their data has been compromised. Equifax mentioned in the press release that the files were accessed sometime between mid-May and July, through an unspecified web-based vulnerability. So, several months passed where an affected individual’s data could’ve been used for identity theft.

Q: What kinds of challenges exist for cybersecurity professionals who are trying to stay a step ahead of hackers?

 Global Security Initiative

Jamie Winterton

A: Hackers are incredibly creative — there’s a saying that “red team only has to be right once.” This means that, for all the security protections a company takes, a hacker just needs to find one vulnerability to exploit. Staying on top of all the potential methods of attack is one challenge.

Another challenge is that companies often don’t prioritize cybersecurity until it’s too late. We’re still too vulnerable to known methods of compromise. We don’t yet know the exact methods that the Equifax hackers used, but most often, hackers compromise a network by exploiting known security issues in the system. It’s very unusual that a hacker will have to use a brand-new method of breaking in (also known as a “zero day”). It can be difficult for information security professionals to keep security at the top of the list, when there are so many other pressing business needs for a company to address.  

Q: Equifax has created a website to help consumers determine whether their information has been comprised and is offering identity theft protection. Is there anything else consumers can actively do to prevent damage in these situations?

A: First, never use any personal data in your passwords. Too many people still use their date of birth, middle name or some combination of information that is easy to reconstruct from these breaches. Identity theft protection is a good idea, especially if you’ve been breached — it won’t stop someone from using your data, but it will alert you to suspicious activity, like loans being taken out in your name, or unusual credit card activity. Finally, be aware of things like your credit score and credit history. The longer it takes to find malicious activity, the longer it takes to recover.

More Science and technology

 

Inside pages of book with an illustration of people doing different tasks around a house

ASU author puts the fun in preparing for the apocalypse

The idea of an apocalypse was once only the stuff of science fiction — like in “Dawn of the Dead” or “I Am Legend.” However…

April 16, 2024
ASU student Henry Nakaana holding a petri dish and a dropper and wearing lab gear.

Meet student researchers solving real-world challenges

Developing sustainable solar energy solutions, deploying fungi to support soils affected by wildfire, making space education more…

April 16, 2024
Tiffany Ticlo wearing a dress, her Miss Arizona sash and crown, sits at a desk in front of a classroom, pointing to a presentation screen.

Miss Arizona, computer science major wants to inspire children to combine code and creativity

Editor’s note: This story is part of a series of profiles of notable spring 2024 graduates. “It’s bittersweet.” That’s how…

April 15, 2024