What is Big Data?
Gone are the days of privacy on the internet. As personalized shopping suggestions and ads become the norm in daily online browsing, privacy has nearly disappeared. Big-Data and the ever-growing amount of information companies such as Facebook and Google have collected on its consumers, has led to this reality. Now, what is Big-Data? Big-Data essentially boils down to, “The exponential increase and availability of data in our world” (University of Wisconsin). Big Data has grown so big in the past couple of years that according to MarketWatch it is estimated to grow almost quintuple the size from just 23.56 billion in 2015 to a staggering estimate of $118.52 in 2022. This means big business to companies as they try to collect their own data to sell off to potential customers in the market. This rapidly growing market is prone to growing pains that sadly hurt consumers most.
What are the potential risks of Big Data?
As companies scramble to collect their own data to sell and use, more and more security risks arise. Many people would be quick to assume that hackers must navigate a series of firewalls and other barriers in order to gain access to this information but sadly, it is far easier to gain access then many would think. Many of the breaches now occur as a result of human error. Simple mistakes such as leaving a printed password out in the open or failing to follow basic security protocols have led to the majority share of data breaches that occurred during the years of 2005-2011. (Ayyagari) Also in this timespan alone, 2633 data breaches occurred and over 500 million individual records stolen as a result. Now 500 million individual records may seem like a tremendous amount, but since 2011 there have been data breaches which affect well over 500 million people on their own.
As Figure 1 shows, the amount of individual data affected during data breaches has increased tremendously since 2011. The Yahoo data breach that occurred in September of 2016 had over 3 billion compromised users alone. Now the information taken from these breaches varies greatly. Some breaches only reveal passwords and emails while others obtain personal information such as addresses and social security numbers. Let’s take a closer look at a breach that obtained Americans most personal information.
Patching is a “Lower level responsibility that was six levels down”
Deep Dive into Equifax
Although the Yahoo! hack was the largest data breach to occur, the data obtained is nothing of note compared to what was obtained by the Equifax data breach. Equifax as described by the United States Senate, “Offers products and services to financial institutions, corporations, governments, and individual consumers. Equifax maintains comprehensive databases of consumer and business information derived from various sources. The company analyzes this information to help develop decision making solutions and processing services for its clients” (U.S Senate). Now the information that Equifax holds in its servers consists of very personal information such as home addresses, information of credit disputes, driver licenses, and even social security numbers. (Fazzini). The Equifax breach happened between June and early July of 2017. The breach wasn’t discovered for a whole month after hackers were able to gather sensitive information. This breach was not an intelligent feat of hacking or years of preparation, but a simple exploit that went unpatched due to poorly executed cyber security protocols. The exploit was first discovered in March of 2017 and was never fixed, as the developer who oversaw the application was never notified. He was never notified of the issue because he simply was not on the proper mailing list. This is shocking to imagine as the data of 100s of millions of users was in the hands of a single developer who was never even notified of the breach (U.S Senate). Even the Chief Information Officer, who oversaw the I.T department and the developer, did nothing to prevent the breach as he stated that patching was a, “lower level responsibility that was six levels down” (U.S Senate). The U.S Senate detailed all the failures in their report on Equifax and explained the incompetence of the I.T department. The aftermath of the breach was nothing notable. The then CEO Richard Smith stepped down, and a settlement was made with consumers affected. As Senator Elizabeth Warren put it, “One year after they publicly revealed the massive 2017 breach, Equifax and other big credit reporting agencies keep profiting off a business model that rewards their failure to protect personal information — and the Trump Administration and the Republican-controlled Congress have done nothing.” (Warren) No major laws or changes were made as result. This is disheartening to see that these companies are still able to profit off of consumer information while not even caring to protect the data. It’s sad to think that just a little more proactiveness and better training on the part of Equifax would have stopped one of the biggest data breaches in the world from occurring. In Figure 2, a timeline of the Equifax data breach is provided.
(Info for the Timeline Provided by both Wall Street Journal and Fox Business)
What now?
Now with the passing of Equifax and the uncovering of a slew of poorly executed security practices by the U.S Senate subcommittee of Investigations, what is the future of big data protection? As noted by Ayyagari, a majority data breaches are caused by improper security implementations. Will better training and error prevention be enough to prevent more breaches in the future? How can we as consumers petition for better security from these companies that hold precious information that needs to be kept secret? It’s scary to think that our most sensitive information is just one human mess up away from being stolen.
Works Cited:
https://www.foxbusiness.com/features/equifax-hack-a-timeline-of-event
“What Is Big Data?: University of Wisconsin.” University of Wisconsin Data Science Degree, https://datasciencedegree.wisconsin.edu/data-science/what-is-big-data/.
By. “Big Data Market 2018 Global Analysis, Industry Demand, Trends, Size, Opportunities, Forecast 2023.” MarketWatch, 31 Aug. 2018, https://www.marketwatch.com/press-release/big-data-market-2018-global-analysis-industry-demand-trends-size-opportunities-forecast-2023-2018-08-31.
Ayyagari, R. (2012). An exploratory analysis of data breaches from 2005-2011: Trends and insights. Journal of Information Privacy & Security, 8(2), 33-56. Retrieved from https://search.proquest.com/docview/1086344058?accountid=14882
Weise, Elizabeth. “USA TODAY’s List of the Biggest Data Breaches and Hacks of All Time.” USA Today, Gannett Satellite Information Network, 30 July 2019, https://www.usatoday.com/story/tech/2017/10/03/biggest-data-breaches-and-hacks-all-time/729294001/.
Fazzini, Kate. “The Great Equifax Mystery: 17 Months Later, the Stolen Data Has Never Been Found, and Experts Are Starting to Suspect a Spy Scheme.” CNBC, CNBC, 14 Feb. 2019, https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html.
Andriotis, AnnaMaria, and Michael Rapoport. “Equifax’s Ex-CEO to Outline Series of Mishaps That Led to Hack.” The Wall Street Journal, Dow Jones & Company, 3 Oct. 2017, https://www.wsj.com/articles/equifax-systems-didnt-identify-vulnerability-ahead-of-hack-testimony-1506954636.
United States, Congress, “How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach: Staff Report.” How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach: Staff Report.
