Equifax Hack Exposes More Than SSN

by Drew P.

On September 7th, one of the three credit reporting agencies, Equifax, revealed that the personal information of 143 million Americans has been compromised in a cyber-attack that happened months prior. What makes matters worse is that Equifax is only offering one year of identity theft protection with their own product, TrustedID, which is owned by Equifax. After having my data compromised as a result of Equifax’s incompetence, I certainly wouldn’t trust a company owned by them to keep it protected. The really interesting thing that this attack revealed isn’t the financial information of the millions of Americans; it is who was in charge of security for Equifax, and what they have to say about those currently going to colleges.

The position of Information Security Officer (CSO) is not one to be taken lightly by a company. The CSO is in charge of making sure that a company is safe from risks like cyber-attacks, financial risks and perhaps physical security, depending on the company in question. This is a high level position, often requiring advanced business or security degrees and often paying a large salary the question that comes up in the case of Equifax is why they would hire Susan Mauldin as the CSO? According to Susan’s now defunct LinkedIn page, she did have a master’s degree . . . in Music Composition, and no security experience outside of her time at the company. This begs the question of why a major financial institution would even consider hiring her, and why she was able to stay in as long as she did.

There are a few possible explanations that could account for this decision, with each of them providing a rather bleak outlook for the many hard working students at Penn State and across the country. The first explanation could be that she was a diversity hire. There is a big push in tech right now for women and minorities to have representation in the technology field and positions of power within companies. While at face value there is nothing wrong with this, companies may feel pressured to hire a less qualified candidate in order to appear more ‘diverse’. Recently there have been several campaigns to increase the presence of women in technology and leadership positions such as “sit with me”, Intel’s campaign, and the PUSH! Campaign among many others. While only those who hired Susan know for sure why they did so, it is likely that they thought that having a woman CSO would portray their company as a very progressive organization, especially considering that the other two credit reporting agencies have well qualified men in the CSO position.

Another potential reason for her to be put into that position is that she knew people within the company who could get her the position. While networking is important and not necessarily bad, to hire such a clearly unqualified candidate could show a dangerous level of favoritism or perhaps even nepotism. While looking at an archived image of her LinkedIn bio, it showed that she was active within the Phi Kappa Phi society when she attended college. Seeing as this is a rather large organization for honor students, it isn’t hard to imagine that somebody from a position of power within Equifax could also be a member, and gave her preferential treatment during the interview process, overlooking her lack of skill in the security field.

The hiring of Susan shows that while you may work yourself to death in a STEM field trying to get good grades, it may ultimately not matter. This shows that who you know and how you were born can matter more in the long run than your skills, knowledge, and grades. 143 million Americans may be affected by the data theft, but millions more students around the world are affected by the corrupt hiring process that we have been able to reveal today.

Jack T.

Leave a Reply

Your email address will not be published. Required fields are marked *