Hi , welcome back to Privacy , Please . I'm Cameron Ivey , and this is the second episode of our series , Digital Fallout . Before we begin , the story you're about to hear is a true story based on extensive public reporting . We've dramatized certain elements to bring the story to life . For a full list of our resources , please see the show notes . With that being said , let's get into the story . Let's get into the story .
Speaker 1Have you ever had the strange feeling , that prickle on the back of your neck that tells you something is wrong , A feeling that someone somewhere knows something about you they shouldn't ? For a 32-year-old woman from Ohio named Sarah , that feeling began in the summer of 2017 . Sarah and her husband had been saving for years to buy their first house . They had good jobs , they paid down their debts and their credit scores were pristine . They were finally ready . In late August , they walked into their bank to get pre-approved for a mortgage ,
a moment they had been dreaming about for years . The loan officer typed their information into the computer . He looked at his screen , looked back at them and then he had five words that made Sarah's blood run cold I'm sorry , I've been denied . Confused , Sarah asked why . The loan officer explained that her credit report showed a brand new car loan taken out in her name just three weeks prior from a dealership in California . Sarah had never been to California . She hadn't bought a car . It was the first sign that a digital ghost was now living her life .
Speaker 1While Sarah was frantically trying to prove that she was in fact herself , a press release went out that shook the country . One of the nation's three great credit bureaus the silent keepers of our financial identities announced that they had been the victim of a cybersecurity incident . They didn't say much more . The announcement was vague , clinical . They assured the public they had the situation under control and directed everyone to a special website to see if they had been affected . But when people like Sarah visited the site , the mystery only deepened . The website looked amateurish . It asked for the last six digits of your social security number , which felt
like walking into a trap . Worse , the website itself seemed to be guessing . It would tell a person they were likely impacted one day and not impacted the next . And then came the truly absurd . The company's own official Twitter account , trying to be helpful , began sending its scared and confused customers to the wrong website , A fake phishing site that a security researcher had set up to prove a point . The very institution that held the keys to their financial kingdom was now leading them astray , but the public still didn't know the full story . They didn't know it was stolen . The institution that held the keys to their financial kingdom was now leading them astray , but the public still didn't know the full story . They didn't know it was stolen and they didn't know how the thieves got in .
Speaker 1Behind the scenes , a team of digital investigators was piecing together the timeline , and what they found was chilling . The intrusion hadn't just happened . It had been going on for months . They discovered that back in March , a known vulnerability in a common piece of web software had been announced to the world . A patch was issued . It was a simple fix , but for some reason , at this one company , the memo was ignored . The patch never applied . It was the equivalent of a bank being told about a faulty lock and then leaving the door wide open for the entire summer , and for 76 days , from mid-May to the end of July , hackers had walked right through the open door
. They roamed the company's network completely undetected , mapping out the databases , locating the most sensitive information and then slowly , methodically siphoning it all out .
Speaker 1And when the investigators finally determined what exactly had been taken . They understood the true scale of this disaster . This wasn't just usernames and passwords . The thieves had taken the crown , jewels Names , birthdates , addresses , driver's license numbers and , in most cases , social security numbers Everything someone would need to become you . And who were the victims ? The company's final analysis revealed that the number was 147 million people , nearly half of the entire adult population of the United States .
Speaker 1This was not a sophisticated , state-of-the-art hack that no one could have prevented .
Speaker 1This was a catastrophic failure of the most basic security practices A failure to perform a single routine software update , A failure to notice that nearly half of the country's most sensitive data was walking right out the front door for two and a half months . It was a breach of trust so profound , so complete , that it changed the landscape of privacy forever . For people like Sarah , the mystery car loan was just the beginning of a lifelong battle to protect her own identity . The mystery car loan was just the beginning of a lifelong battle to protect her own identity . The damage was permanent
and the name of this silent guardian , the keeper of secrets that failed . Its one single duty was Equifax . That brings us to the end of this episode of Digital Fallout . Thank you so much to the journalists and researchers who meticulously documented the failures and fallout of this historic breach . For a list of our primary sources , please check out the show notes . Until next time , everyone , thank you so much for tuning in to Privacy , Please , and stay curious and safe out there . No-transcript .