It’s pretty much agreed – the Equifax breach is maddening. Headlines scream out “Dumpster fire,” “Equifax has no excuse,” and “CEO should be fired today.” The leak of sensitive data (including social security numbers) of 143 million Americans, plus “certain UK and Canadian residents,” according to Equifax, has people steaming. And it’s no wonder. A breach affecting half the population of the US is going to provoke outrage. On top of that, the company’s response has been cited as a textbook case of what not to do. Here are six exasperating things about the Equifax breach:
1. We never control over Equifax getting our data in the first place.
With most breaches, like Target, Home Depot, or TalkTalk for example, you know if you’ve shopped there. You’ve chosen to do business with those companies. And if you don’t trust their IT system, you can avoid them. You can avoid using social networks, online banking or other online services. But no one signs up for Equifax services. The only way to avoid them is to never own a credit card or apply for a loan.
I never asked you to gather all of my financial data so hackers could steal it through your negligence. You have made millions from our data
— Lisa Nielsen (@NielsenLisa) September 11, 2017
2. The only way to (maybe) know if you’re affected by the breach is to give more data to Equifax.
Equifax’s tool to check whether your data was involved in the breach asks you to enter the last six digits of your social security number. Many people are rightly asking why they should trust Equifax with even that. To make matters worse, the tool’s reliability is in question, with reports that it spits out conflicting information and validates made-up credentials.
I tried the tool and received a message back saying my information was not affected. But given the skepticism around the tool, I’m not breathing a sigh of relief yet.
3. A year of free credit monitoring is nothing.
Equifax is offering a year of free credit monitoring to every US consumer. But credit monitoring doesn’t stop anyone from exploiting your identity – it merely alerts you when it fraudulent activity is detected. To get it for free, consumers must sign up for this service by November 21. That means criminals only need to wait a year from November 21 before they start using the data. Some consumers are asking why they should trust Equifax to monitor their data when they couldn’t be trusted to keep it safe in the first place.
Not to fear! Equifax is offering free credit monitoring for all 143M Americans affected by its own breach! The madness has to stop.
— briankrebs (@briankrebs) September 7, 2017
4. We have to pay to have our credit frozen.
Experts say the most important step to take in the wake of the breach is to freeze your credit with the three major credit bureaus so criminals can’t open new accounts in your name. In response to public backlash, Equifax has now waived their $30 fee (for 30 days) to freeze your credit. But consumers need to place freezes with Experian and TransUnion too – and those companies do charge. Hopefully that will change soon – Sen. Ron Wyden has introduced the Free Credit Freeze Act.
5. Equifax isn’t notifying affected consumers directly.
They’ve issued a national press release and have established an informational website about the breach, but seems like notifying affected consumers directly would be an important step to take on top of that. If I’m affected, I’d like to know for sure.
Why are you not directly contacting those of us who have had our data compromised? If any of us defaulted on payments, you'd contact us.
— Robb Smith (@robbsmithideas) September 11, 2017
6. Company executives sold their shares after the breach was discovered.
Three Equifax executives sold shares worth nearly $1.8 million just days after the breach was discovered by the company. The execs claim they didn’t know about the breach. A group of US senators is demanding the stock sales be investigated.
The upsetting thing about data breaches in general is that no matter how much care you take of your digital identity, or how hard you work to protect your credit, it can all go south when a company gets compromised. That’s why it’s so important that companies take cyber security seriously – because the threats don’t stop, and it only takes one exploited flaw (in this case an Apache Struts vulnerability) to get millions of consumers seeing the company in a negative light.