The Equifax Data Breach

[Guest]

On September 7, 2017, Equifax, one of the three main credit reporting agencies, announced a massive data security breach that exposed vital personal identification data — including names, addresses, birth dates, and Social Security numbers on as many as 143 million consumers, roughly 55% of Americans age 18 and older.¹

This data breach was especially egregious because the company reportedly first learned of the breach on July 29 and waited roughly six weeks before making it public (hackers first gained access between mid-May and July) and three senior Equifax executives reportedly sold shares of the company worth nearly $2 million before the breach was announced. Moreover, consumers don't choose to do business or share their data with Equifax; rather, Equifax — along with TransUnion and Experian, the other two major credit reporting agencies — unilaterally monitors the financial health of consumers and supplies that data to potential lenders without a consumer's approval or consent.²

Equifax has faced widespread criticism following its disclosure of the hack, both for the breach itself and for its response, particularly the website it established for consumers to check if they may have been affected. Both the FBI and Congress are investigating the breach.³ In the meantime, here are answers to questions you might have.

1. What's the deal with the website Equifax has set up for consumers?

Equifax has set up a website, equifaxsecurity2017.com, where consumers can check if they've been affected by the breach. Once on the site, click on the button "Potential Impact" at the bottom of the main page. You then need to click on "Check Potential Impact," where you will be asked to provide your last name and the last six digits of your Social Security number — a request that was widely mocked on social media as being too intrusive when the standard request is for only the last four digits.

Equifax has stated that regardless of whether your information may have been affected, everyone has the option to sign up on the website for one free year of credit monitoring and identify theft protection. You can do so by clicking the "Enroll" button at the bottom of the screen. Note: Just clicking this button does not mean you're actually enrolled, however. You must follow the instructions to go through an actual enrollment process with TrustedID Premier to officially enroll.

More wrath was directed at Equifax when some eagle-eyed observers noted thatenrolling in the free year of credit protection with TrustedID Premier meant that consumers gave up the right to join any class-action lawsuit against the company and agreed to be bound by arbitration. But an Equifax spokesperson has since stated that the binding arbitration clause related only to the one year of free credit monitoring and not the breach itself; Equifax has since removed that language from its site.⁴

2. What is TrustedID Premier?

Equifax's response to the data breach is to offer consumers one free year of credit file monitoring services through TrustedID Premier. This includes monitoring reports generated by Equifax, Experian, and TransUnion; the ability to lock and unlock Equifax credit reports with a credit freeze; identity theft insurance; and Social Security number monitoring.

Consumers who choose to enroll in this service will need to provide a valid email address and additional information to verify their identity. A few days after enrolling, consumers will receive an email with a link to activate TrustedID Premier. The enrollment period ends November 21. After the one free year is up, consumers will not be automatically charged or enrolled in further monitoring; they will need to sign up again if they so choose (some initial reports stated that consumers would be automatically re-enrolled after the first year).⁵

3. What other steps can I take?

It is always a good idea to monitor your own personal information and be on the lookout for identity theft. Here are specific additional steps you can take:

• Fraud alerts: Your first step should be to establish fraud alerts with the three major credit reporting agencies. This will alert you if someone tries to apply for credit in your name. You can also set up fraud alerts for your credit and debit cards.
• Credit freezes: A credit freeze will lock your credit files so that only companies you already do business with will have access to them. This means that if a thief shows up at a faraway bank and tries to apply for credit in your name using your address and Social Security number, the bank won't be able to access your credit report. (However, a credit freeze won't prevent a thief from making changes to your existing accounts.) Initially, consumers who tried to set up credit freezes with Equifax discovered they had to pay for it, but after a public thrashing Equifax announced that it would waive all fees for the next 30 days (starting September 12) for consumers who want to freeze their Equifax credit files.⁶ Before freezing your credit reports, though, it's wise to check them first. Also keep in mind that if you want to apply for credit with a new financial institution in the future, or you are opening a new bank account, applying for a job, renting an apartment, or buying insurance, you will need to unlock or "thaw" the credit freeze.
• Credit reports: You can obtain a free copy of your credit report from each of the major credit agencies once every 12 months by requesting the reports at annualcreditreport.com or by calling toll-free 877-322-8228. Because the Equifax breach could have long-term consequences, it's a good idea to start checking your report as part of your regular financial routine for the next few years.
• Bank and credit card statements: Review your financial statements regularly and look for any transaction that seems amiss. Take advantage of any alert features so that you are notified when suspicious activity is detected. Your vigilance is an essential tool in fighting identity theft. 

4. How can I get more information from Equifax? 

Consumers with additional questions for Equifax can call the company'sdedicated call center at 866-447-7559. The call center is open seven days a week from 7 a.m. to 1 a.m. Eastern time. Equifax said it is experiencing high call volumes but is working diligently to respond to all consumers.⁷

1, 3-5, 7) The Wall Street Journal, September 8, 2017, September 10, 2017

2) CNNMoney, September 8, 2017 

6) The New York Times, September 12, 2017

[Guest]

With any massive data breach that jeopardizes the personal info of 143 million Americans, someone has got to pay. That someone is Equifax (+0.91%) CEO Richard Smith, who will pack his bags and leave without a bonus. First world, chief executive problems…

Smith took the wheel in 2005 after 22 years at GE and quickly turned into a Wall Street war vet, boosting Equifax’s market cap from $4 billion to $18 billion. In Atlanta (the home of Equifax HQ), Smith even became a hometown hero, spearheading the city’s winning bid to host the 2019 Super Bowl.

But that celeb status appears to be disappearing overnight. Now, the spotlight will shift to interim-CEO Paulino do Rego Barros Jr. (president of Equifax’s Asia-Pacific region). 

[Guest]

 

[Guest]

IRS Hires Equifax In No-Bid Contract!

 

[TheWorldNewsOrg 1,104]

“This is one of the largest data breaches in history”: Four members of China’s military have been indicted by the U.S. government on charges of hacking into the credit-reporting agency Equifax Inc. https://t.co/sYf0G9luO1 pic.twitter.com/2OG6oP9rfH

— CBS News (@CBSNews) February 10, 2020