Equifax Data Theft

Oops? This is way more than oops.

No Gravatar

I apologize. This is a long post (almost 1300 words)- but I need to provide vital information so you can be protected. And, I didn’t want to split this over 2 posts.

You knew I was going to make some statement about Equifax and their nefarious (yes, that’s the proper adjective) response to being hacked.  Waiting six weeks to tell the folks who have NO choice but to let Equifax (or Experian or TransUnion- or all three of them) have every private detail of their lives?  But, then Equifax even let its executives to sell their stock after they found out they were hacked- but hadn’t told the public.  Really?

It wasn’t a small hack either.  143 million folks had their private information divulged.

Equifax Data Theft

And, Equifax still hasn’t told anyone what they do (OK, what they don’t do) to protect all this private and personal information they collect on American (and European) citizens.  So, I can’t say what else they should have been doing. (Of course, given the fact they let their security breach go on for months (from May until 29 July!) and waited 6 weeks to tell everyone, it’s easy to suggest simple things- and consider the fact that they had no compunction about leaving all this data insecure.)

I’m guessing their “protection” was akin to what the GOP contractors used to protect the voting data (which probably included social security numbers, and certainly includes addresses, phone numbers, dates of birth, etc.) of some 190 million Americans.  And, that was considered to be NOTHING by our government (currently under full GOP management, of course).  As I reported then, our data (we ARE the voters in America) was kept in an unencrypted, open to the world, csv file by this GOP contractor.    (There is a sample csv file below, for you to see how easy it is to cull information from such a file.  Don’t worry- no names or vital information is contained therein.)

A CSV File

And, any mickey-mouse (i.e., not very sophisticated) surveillance system would have picked up that data was being stolen from their servers.  But, it’s clear Equifax cares not one whit about the data it maintains on us.  (Of course, if their data is wrong- then, they take great care to argue that the data is perfect and the consumer must be wrong.  Because they are infallible.  As if this data breach proves, as we all knew already, that they were and are far from such a  state of perfection.)

The big problem is that our government does not consider it to be vital that Equifax, Experian, TransUnion (there’s no guarantee these other two firms were not hacked, as well)- or any credit reporting agency-  keep our personal data encrypted and protected.  Because they are too worried about repealing Obamacare to protect the citizenry of America.  Despite the fact that the release of this information creates more havoc than a dozen category 4 hurricanes crossing the US.  And, we can’t forget how many dollars companies spend to ensure that they get all the benefits (of no regulation) and consumers get all the risk.  Consider that Equifax spent more than a half-million bucks in the first 6 months of 2017 alone to convince legislators to not increase regulations on their business model- especially their legal liability should they screw up.

(Let’s not forget that one remnant of Obama’s imprint on the US is the CFPB [Consumer Financial Protection Board] .  It has a regulation that will take effect soon to overturn the clauses companies insert in their fine print- that we can’t sue the heck out of them, but must rely on arbitration [which means no class action suits, no appeal of decision, limited evidence, and limited ability to consult an attorney- in other words, a stacked deck for the company against the consumer].  And, that’s why the GOP wants to kill the CFPB!)

And, do you know the definition of chutzpa?   It’s simple.  A boy kills his parents- and appeals to the mercy of the court because he’s an orphan.   Or, Equifax, having the unmitigated gall to charge folks to freeze their credit- which they have to do now that Equifax let all their personal secrets and vital information be stolen.  (OK.  That’s no longer true as of yesterday.  Mostly because Equifax figured out that if they did that, Congress would finally act and regulate the crap out of them.  It should- anyway!)

What do you do if you were hacked?   The first thing I would do is sign up with a class action suit.  Because you- and I and every other consumer- have NO relationship with Equifax.  So, there’s no arbitration clause in effect.   And, we are going to suffer damages.

Then, we need to choose one or more approaches- a security freeze, signing up for fraud alerts, and/or credit monitoring.  (All three may not be a bad approach for starters.)

A security freeze (or credit freeze) means no new creditor can access your credit report.  That’s why it’s also called a credit freeze, since most (OK, all) lenders or creditors won’t allow credit to be issued without knowing what kind of risk you are.  Any business with whom you already have a relationship will still be able to access your credit; only new relationships are frozen.

Security (credit) freeze

These freezes must be initiated at EACH of the credit reporting bureaus- Equifax, Experian, and Transunion.)   This is not free (but it is cheap- less than $ 10 bucks).  Note, if you do this, you won’t be able to get a new credit card, a car loan, a mortgage, etc.

You will also  have to contact each of the credit bureaus and unfreeze your account, when you want to borrow money or get a credit card.  That will take about a week (and probably require you to use a very weak pin that the bureau provides to “protect” yourself [NOT]).   Oh, and the bureau will charge you that same fee to unfreeze your account. 

Fraud Alerts are different.  Arranging for these is a free process (by Federal law)- and you only have to pick one credit agency.  It’s their job to make sure all three keep you informed if someone checks your credit history.  Note that this information does not tell you anything but who is requesting the credit information- and if you don’t know that business, then it’s your job to call them up and tell them, “Stop, do not pass go”.  (Yes, I know the rule stipulates that the third party requesting your credit is supposed to take steps to ensure they have the proper party requesting credit.  But, since Equifax leaked your SSN (social security number), DOB (date of birth), addresses on file, etc., you can bet whoever is using your credit history has a ton of information to prove they are you.  Sorry for the plain facts.)

Now, for the down side of fraud alerts.  These alerts only last 90 days.   They can be renewed, which means you have to be vigilant, renewing with a credit bureau every 89 days.   (It is possible to get an extended fraud alert, but that requires you to file an identity-theft report with the police [or IRS]- and then contact each of the three credit bureaus with said information.

The last option is credit monitoring.  This is NOT free, running from $ 100 to $ 350 or so a year- and up.  These services include identity-theft protection (by scrubbing public databases and the dark web [the criminal element of the internet]) and determining if your credit history is being hit.  (Note:  you may be able to add this as a rider to your homeowner’s or renter’s insurance; that would be less expensive.)

And, as I mentioned above, Equifax is now offering this service for free for 1 year.  This special (yeah, real special, since they are the ones who screwed you in the first place) service is called “TrustedID Premier”.   For this free service (if you sign up by 21 November), they will check the three credit bureaus, provide copies of your Equifax credit history reports, the ability to freeze and unlock your Equifax credit report, identity theft insurance, and supposedly checking the internet to see if your SSN appears.  However, you also should read the fine print.  I think that this free service requires you to agree to NOT sue them.  (See my first recommendation above!)  Moreover, this is not a complete service as would be offered by LifeLock, myFICO, or IdentityGuard.

Moreover, I can guarantee you that the free (sic) dark web search Equifax is offering is NOT really free.  They will sell your name.  And, you agree to binding arbitration for anything wrong they do or have done.  This is a very costly free offer.

Welcome to Credit Hell.    It may last as long as the purported Purgatory period.Roy A. Ackerman, Ph.D., E.A.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter
Share

5 thoughts on “Oops? This is way more than oops.”

  1. Supposedly, the arbitration clause has been removed or at least they’ve said publicly does not apply to claims arising out of this breach. WHY THE HELL would I trust them with more information? And why should I have to pay one penny for extended alerts or credit freezes or monitoring services (by someone OTHER THAN THEM)? No, not happening.

    1. I understand exactly how you feel. It’s why the FIRST thing I recommend is to sign up with a class action lawsuit. Not for the money- but to force them to start taking care of our information, to be forced (under the rule of law) to keep confidential and secure the data they agglomerate.

Comments are closed.