The nation’s oldest credit bureau Equifax recently announced that it suffered a massive data breach (also known as a hack) that compromised the data of up to 143 million American consumers. This is a hack of historical proportions and so there’s a very good chance that you may have been affected.
According to Equifax, this is what happened:
The breach took place from mid-May through July and they discovered the “intrusion” on July 29 (but waited over a month to inform the public). The data accessed included names come vital information, such as:
- Social Security numbers
- Birth dates
- Driver’s license numbers
- Credit card numbers for about 209,000
- Dispute documents with personal identifying information for about 182,000 people
- Personal information of people in the UK and Canada
The response from Equifax
While the security breach is bad enough, Equifax has had a horrible response to the problem.
Equifax set up the following website for consumers to check if they were affected: www.equifaxsecurity2017.com.
But there are several problems with the website.
For one, it requires you to input the last six digits of your social security number which is what some of the breached data included. So now we’re supposed to trust Equifax with that information after that same information just got hacked?
This is especially problematic given that some have pointed out potential security risks with that website. Moreover, there are reports of people inputting fake social security numbers and names and receiving a message that they were affected by the breach and other reports of the website not functioning properly or as expected, so clearly this website is not performing as it was intended.
If you were affected, Equifax would offer you the option to sign up for a free credit monitoring and identity theft protection called TrustID. The only problem was that the terms and conditions included language that would arguably waive one’s right to any class action lawsuit against Equifax. I had my doubts about the legal enforceability of those terms but Equifax has updated the terms to state that this is not the case and that the arbitration terms apply to disputes related to the TrustID service. (If you signed up for TrustID, I wouldn’t worry about being excluded from a class action.)
And to top all things off, there’s even some evidence to suggest some very shady and possible illegal practices that took place, such as insider trading. Although the senior Equifax executives that traded almost $2,000,000 worth of shares claim they weren’t aware of the breach, many people are not buying that.
In the meantime, class actions have been brought against Equifax (one in its hometown of Atlanta) claiming damages under the federal Fair Credit Reporting Act and state statues while another class action is seeking $70 billion in a federal court in Oregon. I have no doubt that Equifax will take some serious hits with these class actions, though I don’t think they’re going to be anywhere near the $70 billion range.
What should you do?
I would suggest for anyone who thinks they might be affected to make extra efforts to monitor your credit reports, credit card statements, and bank accounts for suspicious activity. DOC has some good ideas on how to go about monitoring your credit reports and there are some good ideas here as well so you can look into those. Personally, I’m already pretty vigilant about monitoring my credit reports so I’ll continue to do that and just wait it out to see how this all plays out. This is the type of threat that could linger for months or even years.
Overall, Equifax has done a horrible job dealing with these issues and has reminded the world and PR teams of how important it is to promptly respond to major problems with reasonable solutions that don’t make the problems 10X worse.
I do think it’s funny that back in the 1960s when Equifax decided to move toward computer systems for storing their data there was widespread outrage due to security concerns. Back when Equifax was known as the “Retail Credit Company,” a 1968 New York Times article stated that, “transferring information from a manual file onto a computer triggers a threat to civil liberties, to privacy, to a man’s very humanity because access is so simple.” Turns out they might have been on to something.