Remember when, on September 7, 2017, the world found out about a massive Equifax breach? Almost 140 million consumers learned, that day, that their Social Security numbers, driver’s license numbers, information from credit disputes and other personal details had been stolen. And yet, 1.5 years later, no one knows what the perpetrators plan to do with the data.
This article on CNBC does an amazing job of outlining how breaches like this typically play out—and why the Equifax breach is so weird. Usually, thieves will attempt to sell the data on the black market immediately—right after a hacking takes place, and before a company has a chance to detect it. In these situations, speed is of the essence—after all, the more charges you can make on a stolen credit card before it gets cancelled, the more valuable said stolen card is.
Equifax first discovered the cyber breach in July of 2017, and it likely started well before that. And yet, nothing appeared on the black market—before or since that date. As a result, most experts believe this hacking wasn’t done for monetary gain—rather, they believe it was committed by a foreign government as a means of recruiting, and identifying, US spies.
According to the article, this is how one expert believes it’s all playing out:
“First, he said, the foreign government is probably combining this information with other stolen data, then analyzing it using artificial intelligence or machine learning to figure out who’s likely to be — or to become — a spy for the U.S. government. He pointed to other data breaches that focused on information that could be useful for identifying spies, such as a 2015 breach of the Office of Personnel Management, which processes the lengthy security clearance applications for U.S. government officials.
Second, credit reporting data provides compromising information that can be used to turn valuable people into agents of a foreign government, influencers or, for lower-level employees, data thieves or informants. In particular, the credit information can be used to identify people in key positions who have significant financial problems and could be compromised by bribes or high-paying jobs, the former official said. Financial distress is one of the most common reasons people commit espionage.”
Most of the stolen data was taken from Equifax’s US subsidiary, with Canadians only being impacted if they had US credit for some reason. That being said, it never hurts to check in on your credit report once in a while to see how it looks—and make sure it accurately reflects your spending and credit habits.