The news that Equifax has been hacked and that 143 million Americans have had their private financial data exposed sent ripples of frustration and fear through the credit card-carrying public. Equifax is one of the three largest credit bureaus in the country. When its security protocols were compromised, the data thieves swiped names, Social Security numbers, birthdates, addresses, and in many cases driver’s license numbers – in short, all the identifying information that someone would need to impersonate you. In addition, 209,000 credit card numbers were also compromised.
What Can Thieves Do With the Stolen Data?
The stolen information could potentially enable Bad Guys to ruin your financial life. For example, they could open checking accounts in your name and then bounce checks off them, effectively ruining your credit rating. They could also open new credit cards in your name, max them out, and then default. They might even be able to use your identity to get a driver’s license, divert your tax refund, or swipe your Social Security check.
And the potential consumer impact goes beyond the financial realm. Using the driver’s license situation as an example, someone could run up tickets and other motor vehicle infractions, and leave you stuck with the fines – or a warrant for your arrest. Criminals could also use your health insurance to get prescriptions in your name. This would mess up your medical records and even make it difficult for you to access your own insurance benefits, or to obtain legitimately prescribed medications.
What is Equifax Doing in Response to the Hack?
The Equifax breach is the largest and most serious data hack in US history. And to make matters worse, the company waited for six weeks to tell the world about it, giving criminals plenty of time to do serious damage before the public was aware of the danger.
When Equifax finally did own up to the problem, its response did not inspire confidence. It initially offered people “free” credit monitoring, but it also asked people for their credit card information and said that it would start charging for the monitoring once the free trial period ended unless the customer proactively canceled. Faced with public criticism, the company has now stopped taking credit card information and has deleted the payment language in its credit monitoring contract.
If this wasn’t enough, Equifax also inserted a mandatory arbitration clause into the credit monitoring user agreement that many people interpreted as requiring them to give up their right to sue the company for negligently ruining their financial lives. In fact, the arbitration clause only applied to Equifax’s credit-monitoring subsidiary, not to Equifax itself, but even the Attorney General of the State of New York demanded that the company remove the arbitration clause. The company complied and “clarified” that consumers will not give up any right to sue by electing the company’s offer of credit monitoring.
What Can Consumers Do to Protect Themselves?
Since Equifax has done little to inspire consumer confidence, either in its data security or in its response to a crime that could seriously affect half of the people in the country, what should a smart consumer do?
Consumers who wish to be proactive in dealing with the hack should consider signing up with one of the various identity theft protection companies that monitor your credit, alert you to new activity on your credit report, and take immediate steps to scrub inaccurate information from your credit history. The New York Attorney General's office also has an excellent summary of other things people affected by the breach can to do protect themselves. While it’s certainly galling to have to spend money to protect your good name from the effects of Equifax’s inadequate data security, this is a case where spending a small sum now many well prevent you from far more serious losses later.