Snippet: Capital One’s Breach Was Inevitable, Because We Did Nothing After Equifax ☇

Zach Whittaker for TechCrunch:

Another day, another massive data breach.

This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005.

That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.

There is no perfect situation where data will be 100% secure, but from everything I’ve read about this so far (including some armchair quarterbacking on Twitter), it sounds like Capital One was a bit careless with how they stored their data and what kinds of permissions were allowed. Beyond that, there was no alerting mechanism when an intruder was siphoning large amounts of data. Rather than Equifax being a learning moment for the industry, this will probably continue:

The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine. We watched and waited to see what would happen as the canary’s lifeless body emerged — but, much to the American public’s chagrin, no action came of it. The companies continued on with the mentality that “it could happen to us, but probably won’t.” It was always going to happen again unless there was something to force the companies to act.

Companies continue to vacuum up our data — knowingly and otherwise — and don’t do enough to protect it. As much as we can have laws to protect consumers from this happening again, these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously.