Transcript

Introduction to Digital Fallout

Speaker 1 0:00

Hi , welcome back to Privacy , Please . I'm Cameron Ivey , and this is the second episode of our series , Digital Fallout . Before we begin , the story you're about to hear is a true story based on extensive public reporting . We've dramatized certain elements to bring the story to life . For a full list of our resources , please see the show notes . With that being said , let's get into the story . Let's get into the story .

Speaker 1 0:26

Have you ever had the strange feeling , that prickle on the back of your neck that tells you something is wrong , A feeling that someone somewhere knows something about you they shouldn't ? For a 32-year-old woman from Ohio named Sarah , that feeling began in the summer of 2017 . Sarah and her husband had been saving for years to buy their first house . They had good jobs , they paid down their debts and their credit scores were pristine . They were finally ready . In late August , they walked into their bank to get pre-approved for a mortgage ,

Sarah's Mortgage Nightmare Begins

Speaker 1 1:11

a moment they had been dreaming about for years . The loan officer typed their information into the computer . He looked at his screen , looked back at them and then he had five words that made Sarah's blood run cold I'm sorry , I've been denied . Confused , Sarah asked why . The loan officer explained that her credit report showed a brand new car loan taken out in her name just three weeks prior from a dealership in California . Sarah had never been to California . She hadn't bought a car . It was the first sign that a digital ghost was now living her life .

Speaker 1 1:48

While Sarah was frantically trying to prove that she was in fact herself , a press release went out that shook the country . One of the nation's three great credit bureaus the silent keepers of our financial identities announced that they had been the victim of a cybersecurity incident . They didn't say much more . The announcement was vague , clinical . They assured the public they had the situation under control and directed everyone to a special website to see if they had been affected . But when people like Sarah visited the site , the mystery only deepened . The website looked amateurish . It asked for the last six digits of your social security number , which felt

Equifax Announces the Breach

Speaker 1 2:32

like walking into a trap . Worse , the website itself seemed to be guessing . It would tell a person they were likely impacted one day and not impacted the next . And then came the truly absurd . The company's own official Twitter account , trying to be helpful , began sending its scared and confused customers to the wrong website , A fake phishing site that a security researcher had set up to prove a point . The very institution that held the keys to their financial kingdom was now leading them astray , but the public still didn't know the full story . They didn't know it was stolen . The institution that held the keys to their financial kingdom was now leading them astray , but the public still didn't know the full story . They didn't know it was stolen and they didn't know how the thieves got in .

Speaker 1 3:14

Behind the scenes , a team of digital investigators was piecing together the timeline , and what they found was chilling . The intrusion hadn't just happened . It had been going on for months . They discovered that back in March , a known vulnerability in a common piece of web software had been announced to the world . A patch was issued . It was a simple fix , but for some reason , at this one company , the memo was ignored . The patch never applied . It was the equivalent of a bank being told about a faulty lock and then leaving the door wide open for the entire summer , and for 76 days , from mid-May to the end of July , hackers had walked right through the open door

The Untold Story: How Hackers Got In

Speaker 1 3:58

. They roamed the company's network completely undetected , mapping out the databases , locating the most sensitive information and then slowly , methodically siphoning it all out .

Speaker 1 4:09

And when the investigators finally determined what exactly had been taken . They understood the true scale of this disaster . This wasn't just usernames and passwords . The thieves had taken the crown , jewels Names , birthdates , addresses , driver's license numbers and , in most cases , social security numbers Everything someone would need to become you . And who were the victims ? The company's final analysis revealed that the number was 147 million people , nearly half of the entire adult population of the United States .

Speaker 1 4:47

This was not a sophisticated , state-of-the-art hack that no one could have prevented .

Speaker 1 4:52

This was a catastrophic failure of the most basic security practices A failure to perform a single routine software update , A failure to notice that nearly half of the country's most sensitive data was walking right out the front door for two and a half months . It was a breach of trust so profound , so complete , that it changed the landscape of privacy forever . For people like Sarah , the mystery car loan was just the beginning of a lifelong battle to protect her own identity . The mystery car loan was just the beginning of a lifelong battle to protect her own identity . The damage was permanent

The Devastating Impact and Aftermath

Speaker 1 5:37

and the name of this silent guardian , the keeper of secrets that failed . Its one single duty was Equifax . That brings us to the end of this episode of Digital Fallout . Thank you so much to the journalists and researchers who meticulously documented the failures and fallout of this historic breach . For a list of our primary sources , please check out the show notes . Until next time , everyone , thank you so much for tuning in to Privacy , Please , and stay curious and safe out there . No-transcript .