Pluralistic: The reason you can’t buy a car is the same reason that your health insurer let hackers dox you (28 Jun 2024)

Metadata

Highlights

Equifax knew the breach was coming. It wasn’t just that their top execs liquidated their stock in Equifax before the announcement of the breach – it was also that they ignored years of increasingly urgent warnings from IT staff about the problems with their server security.

Just like with Equifax, the 737 Max disasters tipped Boeing into a string of increasingly grim catastrophes.

Equifax isn’t just a company: it’s infrastructure.

This witch-hunts-as-a-service morphed into an official part of the economy, the backbone of the credit industry, with a license to secretly destroy your life with haphazardly assembled “facts” about your life that you had the most minimal, grudging right to appeal (or even see).

There’s a direct line from that acquisition spree to the Equifax breach(es). First of all, companies like Equifax were early adopters of technology. They’re a database company, so they were the crash-test dummies for ever generation of database.

There’s a reason libraries, cities, insurance companies, and other giant institutions keep getting breached: they started accumulating tech debt before anyone else, so they’ve got more asbestos in the walls, more sagging joists, more foundation cracks and more termites.

The reason to merge with your competitors is to create a monopoly position, and the value of a monopoly position is that it makes a company too big to fail, which makes it too big to jail, which makes it too big to care.

The biggest difference was that Boeing once had a useful, high-quality product, whereas Equifax started off as an irredeemably terrible, if efficient, discrimination machine, and grew to become an equally terrible, but also ferociously incompetent, enterprise.

Every corporate behemoth is locked in a race between the eventual discovery of its irreparable structural defects and its ability to become so enmeshed in our lives that we have to assume the costs of fixing those defects. It’s a contest between “too rotten to stand” and “too big to care.”

Remember how we discovered this? Change was hacked, went down, ransomed, and no one could fill a scrip in America for more than a week, until they paid the hackers $22m in Bitcoin?

Well, first Unitedhealthcare became the largest health insurer in America by buying all its competitors in a series of mergers that comatose antitrust regulators failed to block. Then it combined all those other companies’ IT systems into a cosmic-scale dog’s breakfast that barely ran. Then it bought Change and used its monopoly power to ensure that every Rx ran through Change’s servers, which were part of that asbestos-filled, termite-infested, crack-foundationed, sag-joisted teardown. Then, it got hacked.

Good luck with that. There’s a company you’ve never heard. It’s called CDK Global. They provide “dealer management software.” They are a monopolist. They got that way after being bought by a private equity fund called Brookfield. You can’t complete a car purchase without their systems, and their systems have been hacked.

What happens next is a near-certainty: CDK will pay a multimillion dollar ransom, and the hackers will reward them by breaching the personal details of everyone who’s ever bought a car, and the slaves in Cambodian pig-butchering compounds will get a fresh supply of kompromat.

But on the plus side, the need to pay these huge ransoms is key to ensuring liquidity in the cryptocurrency markets, because ransoms are now the only nondiscretionary liability that can only be settled in crypto

;)