The Equifax breach has potentially led to nearly half of U.S. citizens’ private, personal information being stolen. Like a potential data breach victim does, I moseyed on over to Equifaxsecurity2017.com. I entered the last six of my social security number, my last name, confirmed I’m not a robot and then received this lovely message:
Based on the information provided, we believe that your personal information may have been impacted by this incident.
Well that sucks. Next, I checked on the wife’s status. Same thing.
Somewhere out there someone potentially has mine and my wife’s name, date of birth, social security number and credit profile. They could use this information to buy a car, take out a loan, get a credit card, charge medical bills, open a brokerage account…pretty much destroy my credit profile at will. All because of Equifax’s inability to protect consumer data. I hope the company is shut down. This is my rant on Equifax.
Problem #1 – Equifax is Profiting from My Personal Information
We’ve all heard of the three consumer credit reporting agencies: TransUnion, Experian, and the evil Equifax. These companies serve the purpose of providing banks and financial institutions our credit history and credit scores when we borrow money or apply for credit.
Until this event, I never really thought about this process. I never gave my information to these agencies. When I’ve applied for a loan or credit part of the process is authorizing the lender to access my credit report. That is something that we have to sign off on as consumers. But, again I never gave my information to these agencies directly. At what point did Equifax acquire my SSN# and personal information? The first time I took out a loan or opened a credit account? I really don’t know (and haven’t bothered to find out).
So there’s my first issue. Equifax is a public company benefiting and selling a product (my credit profile and personal information) that I never actually provided them. Is it possible to “stay of the grid” and never become part of the credit agencies database? Can I borrow money without being subject to a credit check? Maybe by posting collateral?
Problem #2 – Equifax Management Sold Shares Prior to Announcing the Breach
Three executives sold shares shortly after the data breach was discovered in July. Was it poor timing or are these guys just that dumb to think they wouldn’t get caught?
It has since been revealed that there was a separate breach five months earlier than the date they originally disclosed. If these “executives” claim they didn’t know about the first breach that was announced, surely they knew about a breach that happened five months earlier. Otherwise, what are they actually managing if they were unaware of a clearly defined risk to their company. In fact, this risk was outlined in their annual 10-K statement:
Security breaches and other disruptions to our information technology infrastructure could interfere with our operations, and could compromise Company, customer and consumer information, exposing us to liability which could cause our business and reputation to suffer.Source: Equifax 2016 10-K
It’s safe to say their business and reputation have suffered greatly judging by the stock chart. The company lost about a third of its value this month.
To top it off, these executives get paid handsomely to oversee the company that allowed the largest breach ever to take place.
John Gamble (VP/CFO) – 2016 Total Compensation: $3,095,107
Rodolfo “Rudy” Ploder (President Workforce Solutions) – 2016 Total Compensation: $2,760,317
Joseph Loughran (President U.S. Information Solutions) – 2016 Total Compensation: Undisclosed by he owns 39,314 shares of Equifax for a value of about $3.7 million
They have some explaining to do but I’m sure they will be ok even if they end up doing some jail time (not likely). Afterall, most Americans will spend their entire lives working and saving what these guys make in just one year. Clearly, they deserved it. Yes, I am bitter but frankly it’s because I know these guys will receive a slap on the wrist while millions of Americans have to deal with the mess they created.
Problem #3 – Equifax Has No Clue What to Do Now
Equifax is in damage control and trying to “help” consumers who may have had their information stolen. In the process, they could have potentially done even more harm by tweeting out a link to a phishing website by mistake.
The correct address was equifaxsecurity2017.com but they linked to a false website. The fake website was set-up by Nick Sweeting to show the potential security issues Equifax and consumers are still faced with. The lesson, be very careful when entering personal information on the web – especially when it comes to this Equifax breach. Make sure the web address is correct on webpages and e-mails you receive in relation to this data breach.
— Nick Sweeting 🚲 (@thesquashSH) September 20, 2017
That’s not all. They have also failed to provide solutions for those who have been impacted by the breach. First, they offered to provide certain services for free but required users to agree not to join a class action lawsuit to sue them. Now they are saying that rule only applies to users of their TrustedID Premier service. They need to do much more.
Problem #4 – What should consumers do about the Equifax Breach?
I looked into freezing my credit accounts with Experian and TransUnion. According to Experian:
A security freeze is designed to prevent credit, loans and services from being approved in your name without your consent. In addition, adding a security freeze to your credit report may also delay or interfere with or prohibit the timely approval of any subsequent requests or application you make regarding new credit, loans or services. When you add a security freeze, you will be provided with a Personal Identification Number (PIN) which will be required in order to remove the freeze from your credit report, either temporarily or permanently.
That seemed like a pretty good solution since I don’t expect to need to borrow any time soon. Unfortunately, there is a fee to do this. The fees range from $0 to $10 depending on the state you live in. Once you place a freeze, then you have to pay another fee to either temporarily or permanently remove the freeze.
Once you freeze an account with one agency they are supposed to notify the credit agencies. It’s just $10 and maybe I should just do it but it is the principle that bothers me. Why do I have to pay a fee to protect my personal information and credit? Why am I paying fees to companies I never provided this information to?
I suppose the $10 could potentially save me some headaches if the hackers ever decide to use my information (if they actually have it).
One thing I have done is use the free TrueIdentity protection at TransUnion. All you need to do is sign-up and then you can lock your TransUnion report manually without paying a fee. This at least takes care of one agency. Who knows if it will actually work but it’s a step in the right direction.
Lastly, the only other option is to monitor our credit reports. Since we get to view reports from each credit agency one time a year for free, I suppose I will need to set-up a reminder on my phone to check my credit report every 4 months to space my free uses out equally. Why can’t we access our own credit reports for free any time we want to?
Rant Over. I’m sure those affected by this are just as angry as me. Hopefully we will get through this with limited damage done. Unfortunately, if our information is stored in the “dark web” we will never know if and when our information will be used. All we can do is be proactive in monitoring our credit report and consider freezing our credit reports. Hopefully Equifax will pay for the mistakes they have made.