The massive financial-data breach made public just over a week ago by the Equifax credit monitoring agency was bad. It ought to send a strong signal to U.S. policymakers tempted to loosen consumer protections in the law: Don’t do it!
Though some consumers are already resigned to thefts of their private data by crooks, identity theft is no joke for victims.
The breach exposed sensitive financial data including Social Security numbers for as many as 143 million Americans to hackers. That is half the adult U.S. population, and their exposure to fraud can last a lifetime.
Equifax’s clumsy handling of the incident shows why corporations handling our sensitive data need more incentives — or threats of penalties — to take immediate responsibility for damage their carelessness might inflict on others’ financial reputations.
Initially, Equifax offered sign-ups for credit-monitoring protection from the Trust ID Premier service, but it did so with a fine-print caveat: those signing up would waive any right to sue and be required to use arbitration to settle claims.
The company backed off. Already an estimated two dozen class action lawsuits have been filed on behalf of consumers affected.
There are galling aspects to this breach story. Equifax was among companies that pushed to kill the new rule from the Consumer Financial Protection Bureau — adopted in July and scheduled to take effect in mid-January — that bars companies like it from requiring arbitration instead of lawsuits to settle damage claims.
Then there is the timing of the breach disclosure. The hacking was discovered in July, but Equifax took several weeks to announce it while working with security experts to repair the vulnerability. Meanwhile, three company executives reportedly sold shares of Equifax stock in the days after the breach was discovered. That was well before the general public knew of it.
Members of Congress — including U.S. Sen. Patty Murray of Washington — are making a stink about that. Though Equifax’s many stumbles are an easy piñata for politicians to strike, strike it they should.
How much damage was caused to consumers is yet to be discovered. Federal regulators need to look over the company’s shoulder and monitor the assurances it makes to consumers.
Meantime, our state’s attorney general, Bob Ferguson, is advising consumers to check their credit accounts via https://www.equifaxsecurity2017.com.
Due to reports that the site may be providing unreliable information he’s also suggested putting a freeze on credit accounts with all three major companies including TransUnion and Experian. Those with a freeze make it harder for others (and themselves) to open a new credit account in their names.
All that sounds like reasonable advice.