Meet Equifax’s data privacy partner since 2018
Three years ago Equifax was hit by one of worst data breaches in history. Nearly half of all US citizens’ data including names, birth dates and social security numbers, was compromised and exposed to hackers for weeks.
Last month, the US charged four members of the Chinese Liberation Army for the breach. But since it happened, Equifax has not – until now – revealed some of its key new technology partners which have helped the credit reporting agency get back on its feet.
Today, Washington-based data privacy partner Active Navigation was able to reveal the work it’s been doing with Equifax, following the global agency’s announcement that it has committed $1 billion to transform its information security over the next five years.
The partner’s chief revenue officer (CRO), Dean Gonsowski, tells FinTech Futures about the work its been doing to delve into the agency’s unstructured data whilst helping it index and classify what’s sensitive and what’s not.
“You could say Equifax was the canary in the coalmine of change in the industry,” says Gonsowski, who points to many companies which, until recently, were “blissfully unaware” of their “dark [or unstructured] data” and the potential it held for risk if failed to be realised or understood properly.
Gonsowski believes the industry is now moving away from this attitude into an era of data minimisation, where firms are beginning to stop collecting data for the sake of it without a front-end purpose.
Active Navigation, which has around 52 employees, was picked up “pretty quickly” after the breach through referrals from Equifax’s strategic partners. The file analysis software firm put a “very fast” proof of concept together, picked for its ability to get sifting through data in a matter of days rather than weeks or months.
The hardest thing for Equifax when it began its data clean-up process was getting visualisation on the terabytes of data from around the world which the hackers had gained access to. Gonsowski says hackers will spend an average of six-to-nine months in an organisation’s files, meaning they often know the foundation of a company’s “data estate” better than the company itself.
This means Active Navigation’s first step was to create a map or an inventory of Equifax’s data. Once the partner understood the brevity of the data landscape the agency held, it proceeded to find the sensitive data which the hackers had managed to locate.
This is a continuous process, Gonsowski notes, highlighting the fluidity in the accumulation of data that firms like Equifax are designed to facilitate. Active Navigation uses pre-built rule sets and search queries to find the sensitive data, and as it’s located the firm works with Equifax’s in-house counsel to decide what to do with the data.
It might help the agency “quarantine” it, which means taking a file out of circulation and migrate it to a “safer” place. By quarantining it for a certain amount of time, like six months, the firm can more easily make decisions on what to do with it in the long-term. Gonsowski says companies will rarely resort to simply deleting it.
“There’s a tonne of data anomalies that can be complex – but that’s the plumbing of what we do. That’s what we work out in sequence,” explains Gonsowski when asked whether there’s potential for Active Navigation’s software to miss some data on Equifax’s system.
Ultimately, the CRO thinks the most important thing for Equifax now is to be clear with its customers that it is employing the best tools to store their data. “You can’t say ‘we’ll never be breached again’,” says Gonsowski. “But you can assure them that you have the best technology to handle their data”.
He concludes that there’s still a lot of work to be done on the reverberations of Equifax’s breach, whilst acknowledging it has prompted the company to “come a long way” in its state as a data-resilient entity. But as Gonsowski reminds the industry, data clean-ups are never a finished job, likening it to painting the infamously hard to paint Golden Gate Bridge.