After Equifax, Can Our Data Ever Be Safe?
Knowledge@Wharton has a provocative article titled “After Equifax, Can Our Data Ever Be Safe?”
Read our commentary below, and you can find the article here.
After Equifax, Can Our Data Ever Be Safe?
“In the annals of data breaches, the Equifax hacking stands alone due to its sheer scale: Digital thieves traipsed through the personal information of 143 million Americans for several months to do with it as they pleased.” The implications of how unsecure our identities and finances are, subject to the whim of savvy hackers- is enough to make us cry for a new way. As Prasanna Tambe says in the article, “[Large] scale, high-profile data breaches just serve as dramatic reminders of the problems that we have with using the SSN for verification.” The truth of it is, the technology already exists and can be deployed to protect our private information.
The problem could be addressed by having the sensitive personal information kept in a way in which it is not exposed, and there is a way to verify the data. For example, instead of keeping names and social security numbers ‘in the open’, a hash of the name, social security number and some additional data could be used to find the actual client’s data. This way, even if the information was stolen, it would not include sensitive information or allow anyone to deduct to whom the information belongs to.
Szrek deploys such technology in some of its products. For example, in Trusted Ticket one can only verify security information based on the secure indicia printed on the tickets. This protects the Lottery against an insider printing winning tickets using the information in both gaming system and Trusted Ticket system. The information kept in those systems does not allow to recreate the ticket but allows to verify it. A similar approach could have been used by Equifax.