By Jason Williams
Taxpayer Association of Oregon
Wall Street Journal Editorial “Hypocrisy and Hacking“, 10/6/17 mentioned Oregon Congressman Greg Walden’s remark on Equifax. Good article, good comments.
Former Equifax CEO Richard Smith faced understandable bipartisan fury on Capitol Hill this week after hackers breached the credit-reporting company’s systems this year, gaining access to the confidential information of more than 145 million Americans. “How does this happen when so much is at stake?” asked Rep. Greg Walden, an Oregon Republican. “I don’t think we can pass a law that fixes stupid.”
That’s also true of federal regulators at the Securities and Exchange Commission, which admitted in September that hackers penetrated its systems last year. And this week we learned that Equifax and the SEC both received advance warnings about cybersecurity risks.
A year before the Equifax hack, the index provider MSCI raised concerns about several shortcomings, giving Equifax a zero rating on privacy and security. Two months before the SEC discovered its own breach, the agency’s Inspector General received a three-page memo from the agency’s forensic unit flagging “serious deficiencies” in the SEC’s cybersecurity operations, Reuters reported. The forensic unit’s staff, which was supposed to watch for potential threats, was stuck with hardware so outdated that it was originally bound for the junk heap.
In both cases, the warnings raise questions about negligence, and neither Equifax nor the SEC was transparent when breaches occurred. After discovering the hack, Equifax left the public in the dark for weeks as it conducted its own internal investigation. The SEC didn’t immediately tell the public about its breach, though it promptly notified the Department of Homeland Security.
SEC Chair Jay Clayton faced his own Senate grilling last week, and Ohio Sen. Sherrod Brown asked, “How can you expect companies to do the right thing when your agency has not?” It’s a valid question, and one the public should ask as politicians crusade for more power for the fallible feds.