On July 29, 2017, Equifax discovered a data compromise which affected 143 million people. They informed the public on Sept. 1.
Last night, many of us (143 million of us, precisely) had our dinners ruined by the revelation of Equifax’s huge data breach.
Equifax is one of the “big three” credit reporting agencies (CRAs). Lenders, insurers, and utility companies rely on its data to make decisions to give people money for loans, insurance coverage, and services, respectively.
According to the Wall Street Journal, “The size of the hack is second only to the pair of attacks on Yahoo disclosed last year that affected the information of as many as 1.5 billion customers.”
And, yesterday’s breach also involves nearly twice the number affected by a financial firm, the last being the cyberattack at J.P. Morgan Chase & Co. about three years ago.
3 Reasons to Be Angry About the Equifax Data Breach
There are 3 reasons to be really pissed off about the way Equifax handled this situation.
First, they waited 41 days after the fact to tell us:
Second, three high-ranking managers, including the company’s CFO, were found to have sold around $1.8 million in Equifax shares after the data breach on July 29, but before the public was informed.
These guys will chalk up their actions to being one big coincidence, but there’s no “wink” in “co-inky-dink.” (Or maybe there is, phonetically.)
Third, Equifax has kindly requested that you enroll in its proprietary credit monitoring service, free for up to one year, for the damage control to your credit profile in the months ahead.
The irony here is that in order to enroll, consumers must first provide personal info, including their own social security numbers. Uhm, thanks but no thanks?
Equifax, you’re supposed to have protected our information, but you’re going to have to understand if people don’t want to be involved with any security or monitoring products that you’re peddling.
To bury the knife deeper in the wound, there in the fine print lies the condition that if you enroll in Equifax’s monitoring service, you will opt-out of any future legal action against them:
Look’s like the Attorney General is on it:
For those who did take them up on their offer, it only seems to imply whether your data was compromised, and I say “seems to” because the answer is still unclear. You get one answer if it was, and another if it wasn’t:
Key Pieces of Data Stolen
What’s so unsettling about this breach is that Equifax holds the very data needed to apply for new credit applications and loans.
It was reported that in one swoop attackers gained access to the following: an applicant’s name, address, social security number, and driver’s license information.
How to Protect Your Credit and Identity Following Equifax’s Data Breach
The best way to protect yourself in the months ahead is to vigilantly monitor your credit activity.
You can do this with dedicated identity-theft monitoring services like Lifelock, or with services such as Clarity Money, Credit Karma, or Credit Sesame, which disclose credit scores and offer ancillary credit alert features any time your scores change.
It’s also a good idea to get your free annual credit reports after the dust has settled, to ensure that your credit lines are accurate, and to look for any odd inquiries for new credit applications.
Remember that credit inquiries factor approximately 10% of your overall credit score. Recent, frequent inquiries can not only negatively impact your score, but may also signal that someone attempted to apply for new credit using your personal information.
Corrections: The title of one executive selling shares was corrected from COO to CFO.
Follow Shindy Chen: Facebook (shindychenwrites) / Twitter (@shindychen) / Instagram (@shindychen) / Snapchat: realshindychen