Making Sense of the Equifax Breach
Earlier this week Equifax, the credit reporting giant, announced that hackers wandered inside their systems between May and July of this year. 143 million records were compromised. In addition to that, credit card numbers on 200,000 people were compromised and personal identifying information on 182,000 people were also released.
Information compromised includes names, Social Security numbers, birth dates, addresses, credit card numbers and driver’s license information.
Equifax said that the hackers got in by compromising a web application.
The did say that they are going to notify certain people who are affected and also are offering their own credit monitoring service to anyone who wants it, whether they were affected by the breach or not.
Beyond that, Equifax has not said much.
Ultimately, there are going to be a lot of investigations – the states, the feds, Congress, the CFPB and out of them we may find some answers, but if we do, it will be a long time coming.
143 million represents pretty much anyone in the United States that has any credit in their name.
Equifax is offering people a year’s free credit monitoring, but your Social Security number doesn’t expire in twelve months. All that means is that the hackers will wait a year before they start exploiting your data.
There are some things that you can do.
- First, Federal law allows you to get a free credit report from each of the three national credit bureaus once a year. If you spread that out, you can get a copy of one of your credit reports every four months for the rest of your life for free. You should do that. You can do this by going to a web site set up for this purpose. WARNING: There are lots of sites that are designed to look like the free government coordinated web site. The site to go to is AnnualCreditReport.com . You can also call 877-322-8228 to obtain one. In addition to the free annual report there are several other situations in which you can get a free report in addition to the annual report, such as if you are turned down for credit due to the contents of your credit report. Some states also allow you a free annual credit report (like Colorado) in addition to the free Federal report, so if you live in one of those states, you could get a free credit report every other month.
- Check your bank statements regularly.
- Sign up for your bank’s free text messaging service. The features vary but most of them will text you if there is a deposit or withdrawal to your account.
- Sign up for the free text messaging service for each of your credit cards. You will get a message every time the card is used.
- Monitor your medical bills and insurance information to make sure that someone is not obtaining health care pretending to be you.
- If you get a notice from the IRS, do not ignore it. It is possible that someone used your information to file a fraudulent tax return or something like that.
- Consider signing up for Equifax’s free credit monitoring service. You can do that by visiting www. EquifaxSecurity2017.com . Note that there is a clause in their terms of service that forces you to arbitrate disputes. After a “visit” from the New York Attorney General, Equifax issued an announcement that those terms did not apply to the breach, but only to people who bought the paid version of their service. If you do go to that site, you will be put in queue to sign up (they could not handle 143 million people signing up in one day). One source reported that you have to provide them with a credit card which they will bill after the free period is up if you don’t cancel. If this is true, I WOULD NOT sign up. You can pretty much do most of what they do with more effort by yourself and the principle of having to give them a credit card after they screwed up – well it kinda, sorta upsets me.
- Issue a credit freeze. This is free and asking one bureau to do it will affect all three bureaus automatically, but there is a downside. If you want to open an account like when you buy cell phone service, they do a credit check and if you have a freeze in place, that will fail. In that case, you have to remove the freeze, for which they charge you and then put it back in place. Equifax announced today that they have tripled their call center team to 2,000 agents and continue to add more. That, alone, is pretty expensive.
One thing that makes this breach more interesting is that three Equifax executives sold stock in recent days. These sales were outside normal scheduled sales that are reported to the SEC in advance. The three are:
- CFO John Gamble – $946,000
- Rodolfo Ploder – $250,000
- Joseph Loughran – $584,000
These sales were not scheduled and occurred within 2-3 days after the breach was discovered but before it was announced. I am sure that this will be part of at least some of the investigations.
Normally, when there is a breach, you know that you have given a business your credit information. For example, after the Target breach, you could rest easy if you didn’t have a Target credit or loyalty card and you never used your credit card at a Target store. In this case, you are not the customer. The banks and stores that issue credit are Equifax’s customer. You never gave Equifax your information. This means that you have no business relationship with Equifax. It is an unusual deal.
It also means that, unlike the Target breach, you cannot close your account in a show of disapproval. You can’t take your business to another company because you are not their customer.
Since there are only three major national credit bureaus, businesses will likely continue to do business with them.
What is likely is major lawsuits and regulatory fines. That is probable. In fact, the first lawsuit has already been filed.
But this is not the first time a breach at a credit bureau has happened. You may remember the T-Mobile breach from 2015. That was at Experian. And there have been others. Not many, but some.
It is just a mess. Stay tuned for details.