Cyber insecurity
It was bad enough when Yahoo disclosed an August 2013 security breach that affected about a billion user accounts late last year. Now the company has said the security breach actually exposed 3 billion accounts. That’s every Yahoo account that existed at the time.
Yahoo’s update is a new low in the annals of Internet security. But it’s not the only one.
Last week, the Internal Revenue Service awarded Equifax a $7.25 million, no-bid contract for taxpayer identity verification and fraud prevention services. Equifax, of course, is the company responsible for a massive cybersecurity breach in September that potentially compromised troves of sensitive personal information for more than 145 million Americans.
Taken together, the two stories suggest something highly disturbing: a business culture that’s increasingly dependent on our personal data yet completely blasé about protecting it, and a federal government that’s equally unmoved by the security risks to individual citizens and the entire country.
These kinds of breaches are a threat to the U.S. public. The U.S. Department of Justice estimates that 17.6 million Americans experienced identity theft in 2014.
They’re also a threat to the republic. Cybersecurity experts have noted that governments hostile to U.S. interests can use citizens’ personal information for their own purposes.
Considering the stakes, you’d think Washington would recognize the need to clearly define and enforce security standards for online personal information. Unfortunately, the opposite appears to be true.