Equifax admitted yesterday that it had been hacked over the period from the middle of May to July of this year and over 143 million accounts were breached. Considering that the US population is 323 million, that means that potentially 40% of the country is affected by this breach. Among the data stolen are Social Security numbers, driver’s license information, birth dates, names, and addresses. In addition, 209,000 customers had credit card numbers stolen and another 182,000 involved in ongoing disputes also had their information compromised.
Needless to say, a breach that provides hackers with Social Security numbers opens up millions of Americans to identity theft, bank account theft, and the illegal use of their medical histories. The impact will be devastating, probably for years to come. Probably in an understatement, a fraud analyst at Gartner said, “On a scale of 1 to 10 in terms of risk to consumers, this is a 10.” Another privacy expert said, “This is about as bad as it gets. If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.” That would pretty much mean that anyone who has ever taken out a loan of one kind or another should assume their critical personal information has been stolen. Now, millions of Americans will have to spend enormous time and effort making sure their identity and/or money has not been stolen. The first step to protecting yourself is apparently to order a freeze on your account from all three credit reporting bureaus.
Equifax is part of the credit reporting oligopoly of three that also includes Experian and TransUnion. This is not the first serious hack of Equifax either. Over the last year, Equifax or its subsidiaries had W-2 and salary history information stolen by hackers. Equifax and TransUnion were fined $23 million by the CFPB earlier this year for openly deceiving their customers by claiming the credit scores they were providing to customers were identical to what lenders and businesses would also see. That was a lie. In addition, both companies were also guilty of deceptive advertising, claiming that credit reports were free or only cost $1 while hiding the fact that customers were not properly informed that those prices were only for a trial period only, after which they would be charged $16 or more per month. Equifax was also cited for violating the Fair Credit Reporting Act because it forced customers to watch advertising for Equifax before they could receive their free annual credit report.
A massive and devastating breach like this should mean the end of Equifax as a viable firm. Apparently, at least three senior executives, including the CFO, agree with that assessment, selling nearly $2 million worth of Equifax shares that were not pre-planned after the breach occurred. The company released a statement that the executives had not been informed of the breach before the sales occurred. I’m assuming that means there is no official email or chat trail showing that the executives were notified. But having worked in a firm that lost nearly $150 million overnight, I know that disastrous news travels within the firm long before any official announcement is made. Hopefully, these three will be prosecuted for insider trading and maybe, just this once, actually convicted.
Equifax, like most companies these days, requires you to agree to forced arbitration in order to use their services. Those customers who have signed up for Equifax services may be forced by the company to go to forced arbitration in order to be compensated for the losses that are sure to come. Wells Fargo pulled this same stunt when customers tried to get compensated for the fees from the millions of fraudulent accounts that the firm set up in their names. After enormous public pressure, the bank was forced to back down. That may be the case for Equifax as well. On the other hand, the fact that Wells Fargo continues to exist even after nearly two decades of perpetual fraud should give Equifax hope.
Back in July, the CFPB finally issued a new rule that banned financial firms from using forced arbitration, allowing victims of financial companies’ wrongdoing to join in class actions. Needless to say, Republicans in the House immediately voted to repeal the rule. Fortunately, the Senate has not acted on the House bill and hopefully after yet another massive failure by a financial firm, they never will.
Lastly, keep this Equifax breach in mind the next time someone tells you that government is the problem and the private sector is so efficient. Yes, the private sector is increasingly efficient in ripping you off but, as this disaster shows, they are not so good at providing the services they promise. The inefficient and “can’t do nothing right” government has managed to keep most Americans’ Social Security numbers protected for decades. And I’ll also point out that the useless government has kept Donald Trump’s tax returns under wraps as well. But maybe we’ll all glean some information about Trump’s business if and when his stolen credit report leaks.