At Equifax, a Cat­e­gory 5 data breach en­dan­gers con­sumers

USA TODAY International Edition - - NEWS -

As if it weren’t bad enough that Equifax ex­posed sen­si­tive fi­nan­cial data of nearly half of all Amer­i­cans to cy­ber thieves, the credit bu­reau has bun­gled just about ev­ery at­tempt to rem­edy the mess.

In an epic breach dis­cov­ered July 29, hack­ers got away with the So­cial Se­cu­rity num­bers, birth dates and ad­dresses of as many as 143 mil­lion Amer­i­cans, put­ting them at se­ri­ous risk of iden­tity theft.

The com­pany then waited al­most six weeks to re­veal the hack. Its in­un­dated web­site has pro­vided con­fus­ing and con­flict­ing in­for­ma­tion. Its call cen­ters have been too short of agents to an­swer the del­uge of calls. Its ma­jor reme­dies — a credit freeze and free one-year credit mon­i­tor­ing — won’t fully pro­tect vul­ner­a­ble con­sumers.

And, ini­tially, it looked as if any­one who signed up for credit mon­i­tor­ing was, un­der a clause in the fine print, giv­ing up the right to sue over the breach. (More than 20 class ac­tion law­suits have been filed.) Only af­ter a so­cial me­dia outcry did Equifax fix that prob­lem.

Oh, and there’s this: Three se­nior ex­ec­u­tives sold shares worth nearly $1.8 mil­lion days af­ter the breach was dis­cov­ered and weeks be­fore it was made pub­lic, when the stock tanked. A spokesman said the three did not know about the breach. If that’s true, you have to won­der about a com­pany whose chief fi­nan­cial of­fi­cer and pres­i­dent of in­for­ma­tion ser­vices aren’t told im­me­di­ately about one of the gravest com­mer­cial data breaches in U.S. his­tory.

It’s hard to give Equifax the ben­e­fit of the doubt, con­sid­er­ing that the credit re­port­ing agen­cies don’t give you the ben­e­fit of the doubt if you paid your mort­gage late one month five years ago be­cause your kid was in the hos­pi­tal. Nope, that’s just a black mark on your credit scores, which af­fect your abil­ity to se­cure a loan, get a job, or rent an apart­ment.

Though news of Equifax’s breach was over­shad­owed by Hur­ri­cane Irma, the im­pact is hard to over­state. A breach at one of the na­tion’s three ma­jor credit bu­reaus is far more dan­ger­ous than the typ­i­cal re­tail credit card breach.

It’s easy enough to get a new credit card, but you can’t change your birth date or eas­ily get a new So­cial Se­cu­rity num­ber. Armed with th­ese data, thieves could open credit cards or bank ac­counts in your name that you know noth­ing about. Or try to file a false tax re­turn and make off with the re­fund.

Be­cause this in­for­ma­tion has no ex­pi­ra­tion date, a thief could hold onto it and strike many years down the road. Yet with so much at stake, Equifax was in­ept at pro­tect­ing the data it com­piles about you and just as clumsy at try­ing to help cus­tomers.

Credit bu­reaus are sup­posed to safe­guard in­for­ma­tion, but no govern­ment agency has author­ity to go in and re­view their se­cu­rity prac­tices. Tighter fed­eral over­sight of the bu­reaus is needed. States could help by en­sur­ing that credit freezes are free; seven states al­ready do.

Equifax’s busi­ness is based on har­vest­ing sen­si­tive fi­nan­cial data about you. The com­pany has proved it can’t fully pro­tect that data. Now it needs to prove that it can at least do a bet­ter job of pro­tect­ing mil­lions of peo­ple from the dam­age that its in­ep­ti­tude un­leashed.

Equifax web­site USA TO­DAY

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.