Here's why the massive Equifax breach could be even scarier than we thought
The Equifax data breach in 2017 was one of the largest cybersecurity disasters in U.S. history. A flaw in the systems of one of America's leading three credit reporting corporations led to unknown thieves accessing terabytes of data from over 140 million people — nearly half the American population — stealing Social Security numbers, birth dates, and home addresses. Some consumers also had credit cards, state driver license information, email addresses, and tax IDs compromised as well.
This breach caused widespread panic and prompted affected people to freeze their credit scores. If you were affected, all of this information could potentially be used by identity thieves to do everything from open credit cards and mortgages in your name, to stealing your tax refund. Some people may have to take precautions for the rest of their lives.
But what actually happened to the stolen data? Did anyone have their identity stolen?
So far, there is no evidence that any of the data compromised by the Equifax breach has been used for criminal purposes. Bank officials and intelligence experts have been trolling through the "dark web," identity-concealing websites that are used for selling black-market data and criminal services, and found nothing.
But according to a report by CNBC, the implications of that could be even more frightening. The data might not have ended up in the hands of identity thieves, but of a hostile foreign intelligence service that plans to use it against the United States:
As several independent investigations wound down, the experts following the case came to a general consensus ... the breach probably started with a low-level criminal who exploited a vulnerability in Equifax's defenses but was not experienced or capable enough to do more damage by moving further throughout the company. This criminal then sought help via the criminal underground and shared or sold information about the vulnerability. The buyer was probably a proxy for the Russian or Chinese government.
That buyer used far more sophisticated tools and techniques to hack deeper into Equifax's databases and exfiltrate — an industry term for "steal" that implies moving huge amounts of data undetected — the now-infamous terabytes of consumer credit information.
There could be multiple reasons why Russia or China would want the financial information of millions of Americans, according to experts. First, it could help them create an algorithm to identify people who might be American spies, based on common traits of their financial records. Second, it could allow them to identify high-ranking government officeholders or bureaucrats who are in debt, and leverage their financial problems to turn them into spies for their side.
"I think I'm going to be watching some news feed some day a decade from now and see that some politician is trying to do some crazy deal with some country we supposedly don't like," one anonymous intelligence expert told CNBC. "And I'm really going to wonder: am I finally looking at the Equifax data after all this time?"
Cyber warfare is growing more advanced and more prevalent all the time, as Russian interference in the 2016 presidential election made all too clear. But it could be just the beginning of how foreign powers are using data to attack us.