The Equifax Hack and the Need for a Self-Sovereign Identity System

Massive Data Breach

Recently Equifax, one of the major U.S. credit bureaus, disclosed a huge breach of its centralized database. In a cyber-attack reported to have occurred on July 29, 2017, personal information of 143 million Equifax customers were stolen, exposing them to identity theft. The number of accounts hacked represents more than 45 percent of the population of the United States.

Further, not only Americans were affected by this data breach. Equifax operates in over 22 countries worldwide, and it is reported that a large number of non-American accounts were also compromised, including those of up to 44 million U.K. citizens.

The stolen information includes names, date of birth, address, social security numbers and driver’s license. Even credit card numbers of more than 209,000 Americans and dispute documents of more than 182,000, could have been stolen.

Given the type of business of Equifax, many people could not know that their data is stored in the company’s database and that could have been potentially stolen. Even if you are not their customer, they probably have a lot of information about you.
Before revealing the data breach, curiously, three Equifax’s directors sold about $ 1.8 million in shares they owned from the company. After its disclosure, shares have fallen more than 15%.

As expected, they have not clarified why they waited more than a month to make the data breach public.

Other major US credit report agency, Experian, has launched a campaign to enroll those affected from Equifax to sign up for identity theft protection, promising protect their personal information. Well, Experian was hacked less than two years ago and exposed personal information of more than 15 million people.

Large identity management companies have shown negligence in safeguarding customer data and have consistently broken the trust given by Internet users to safeguard their identities and financial information, which leads us to ask ourselves:
Do we currently own and control our digital identity?

The Solution: Self-Sovereign Identity

As has been demonstrated empirically, centralized identity management systems have failed to meet the basic pillars of an identity system: security and privacy. Which has lead to data breaches, threats, loss of privacy and identity theft.
Moreover, they are operated by for-profit companies, allowing access and selling our personal data to third parties without our consent, and what is worse, without our knowledge.

They store millions of identities, attracting cybercriminals who see in these giant databases an attractive loot to sell on the black market.

The solution is a Self-Sovereign Identity system, a decentralized digital identity system capable to return the digital identity ownership to its rightful owners.

A decentralized identity system distributed among all users reduces the attractiveness for cyber-criminals to attack it, since the reward is tiny.

Furthermore, it is a fundamental human right that an individual, not an outside company, decides what information to share, when to share it, and with whom to share it.

These are some critical reasons on why a decentralized Self Sovereign Identity System is absolutely indispensable and must undoubtedly replace inefficient and insecure traditional identity management systems.

Self-Sovereign Identity Implementation: SelfKey

The SelfKey Foundation is developing the first integral implementation of the Self-Sovereign Identity concept, the SelfKey ™ ecosystem.

The system is built on an open source platform with distributed design, using blockchain technology.
You can store your identity attributes and identity documents, such as passports on your desktop or smartphone, and access them through the SelfKey ™ Identity Wallet.

The fact that are stored in your personal device and not in a centralized database, (or on the blockchain) dramatically reduces reward for hackers to penetrate the network and therefore reduces exposure to identity theft risk.

You may choose to have your identity attributes and documents processed, such as through verification through a notary, or clearance against a blacklist for Know Your Customer (“KYC”) regulations.

Finally, you can choose to share your information securely with parties such as banks, in order to access to their products and services. You decide what information to share, when to share it, with whom to share it and for how long.

SelfKey puts natural persons and organizations at the center of their identity management process, where they can truly control, manage, and own their digital identity.

Unlike in Equifax and Experian, in the SelfKey ecosystem, you have full control of the identity management process.
Unlike Equifax and Experian, your data is stored in your device and not in a database.

Unlike Equifax and Experian, SelfKey does not store any user data (only the user stores the data).

Unlike Equifax and Experian, SelfKey will never sell your identity data. (it can not, it does not store it).

Unlike Equifax and Experian, the SelfKey Foundation is a non-profit organization that has been established for the advancement of human rights and fundamental freedoms related to data and digital identity sovereignty.

SelfKey databases holding user data cannot be hacked, because there are no databases with user data to be hacked.

The SelfKey ™ Network is more than just an identity system for secure, encrypted P2P, structured data and file sharing over the Internet. SelfKey ™ matches the current and future needs of evolving modern societies and the global Internet, ensuring human rights and fundamental freedoms of identity are met.

We invite you to read the SelfKey whitepaper to learn more about the SelfKey Ecosystem, how it works, its advantages and benefits over current Identity Systems and why Self-Sovereign Identity Systems are the future of Identity Management.

This article contains and incorporates by reference certain statements relating to future events, SelfKey’s intentions, beliefs, expectations, and predictions for the future. Any such statements other than statements of historical fact are forward-looking statements within the meaning of the Securities Act of 1933, as amended, and the Securities Exchange Act of 1934, as amended. Words or phrases such as “will likely result,” “are expected to,” “will continue,” “is anticipated,” “we believe, we expect, estimate, project, may,” “will,” “intend,” “plan,” “believe,” “target,” “forecast,” “would” or “could” (including the negative variations thereof) or similar terminology used in connection with any discussion of future plans, actions or events generally identify forward-looking statements. These statements are based on the current expectations of management of SelfKey. There are a number of risks and uncertainties that could cause actual results to differ materially from the forward-looking statements included in this article.