When will American's wake up and realize that the rest of the developed world doesn't function in such a manner? Other governments regulate their important businesses such as credit in a way that doesn't screw over everybody. Only in America do we get disasters like this...
45
So many aspects of this case make your blood boil. A just punishment would be for Richard F. Smith and a few more of the company's officers to be sentenced to applying for credit freezes and dealing with bank customer service reps on behalf of every person whose data was stolen, one by one. They spend the rest of their lives on the phone, pushing the digits, "if this is correct, press 1," etc., and die on hold with the phone in their hands. Failing that, maybe this is an industry where we need to make management and board members personally liable for some of the losses company negligence causes. The beach house sold, a bare patch on the wall where the Basquiat used to be, their children in public school. The board of directors could at least strip Richard Smith and a few others of their parachutes, so that epically screwing up doesn't turn them into ten-figure millionaires. And we can only hope that enough evidence can be accumulated to send John Gamble, Joseph Loughran, and Rodolfo Ploder, who sold stock after the hack, to prison for insider trading.
39
I've just written to Senator Elizabeth Warren asking her to further expand investigations into Equifax. I get madder and madder every day about these credit reporting bureaus. Just yesterday I got a scary letter from an insurance company saying. "now that you own two properties, you may need...". I only own one property, so I immediately had to check my credit report to see what the hell was going on. It turned out that one of the bureaus was listing my former, paid-off loan. Whatever algorithm the insurance company was using to read my data led them astray. Must I be the responsible person to daily make sure my data is not only safe, but also accurate? This is infuriating.
29
Yes, we need to regulate this industry. I would at the same time plead with my fellow Americans to become more educated within the domain. I'm a scientist who has worked in corporate America for many decades now. I began to notice that the younger folks did not have a good understanding of "credit", so I put together and now teach a lunch-time seminar titled, "What the Hell is Credit and Why the Hell Should I Care?" Any individual or institution lending money to someone takes the risk of payments not being made 1) in the agreed amounts and/or 2) on the agreed dates. The lending party requires information to help them decide whether the risk is a reasonable one to take with that particular individual. In times (way) past, people approached their local bankers to ask for loans, and those bankers knew pretty much everything there was to know about that individual, allowing them to make an informed decision. This is no longer the case. Credit scores take the place of that banker with personal knowledge. Learning about the various components of the credit score, and what can make these go up or down, is something that should be required education for every high school student! Everyone should monitor their credit scores on a regular basis. When something like the Equifax debacle happens, it's much easier and less stressful to find out what your situation is.
7
Flogging would be too good for them. With Citi, Wells Fargo, and Equifax as examples of how GREED dominates corporate America, I'm not sure they deserve to be freed of regulations.
Instead I want to know what can be done to help consumers under water to get lower rates to help them get ahead. Instead they are like payday lenders preying on the weak. There is a special level of hell waiting for all of them.
15
Excellent thinking and reporting!! Just excellent. Ultimately, we are to blame for being the lazy sheep we are in ever letting these criminals take control of our lives (most sensitive information and finances) in the first place. I'll give us all one escape clause in that in the beginning before the 70s credit act, we might not have projected out the potential for harm. However, now that everyone in the world has had the opportunity to read articles like this, to see these idiots at Equifax thumb their noses at us and be lax in their security with OUR lives and we do not call our congressmen, senators, bankers, whomever is in this loop and complain and cajole and write more letters and carry signs and take control of our privacy and our futures---we deserve every live skinning we get. We are lazy sheep in general. We feel we have no say, so we don't do anything. Take control, take action. Stop these maniacs now! Get off your couch and do something. The only safety is in large numbers of disgruntled angry people voicing their demands.
Robert
7
Would be so like joining the rest of the 1st-world with respect to the whole credit score system if it could be all handled in government rather than by a bunch of pathetic morons. But we in this great land of capitalists are forced to put up with this amazing & ever-worse incompetence because we dont want any of that scary bad socialist-type stuff that Europe or other 1st-world countries have which is much safer & secure where people arent subject to such unnecessary risk. Yeah, lets keep the great capitalist credit bureau "system" that we have & continue to be screwed over, so awesome. Hey Mr Trump, got any tweeting planned on the equifax breach or for some reason in this case you need some time to generate a tweet on that?
10
Just another step forward towards the corporate fascist country that we live in.
They win. We ALWAYS lose. Always.
11
I believe that any credit reform should include a) explicit agreement by customers for the use of their data, b) private notices to each customer in any event occurs that modifies the data and what business and/or agency ha made the inquiry , c) payment by reporting bureaus to customers for the use of their data. If you are going to make money from my data, pay for it.
Furthermore, the credit bureaus should be made totally liable for any frodulent losses incurred by customers due to this current or any future data breaches. ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll,llllllllllllllllllllllllllllllllllllllllllllllllllllllllll
3
Not only was there a breach of security, Equifax's site pointed people to a fake site for two weeks afterwards:
https://gizmodo.com/equifax-has-been-sending-consumers-to-a-fake-phishin...
8
I always agree with the top reader's picks!
The Fed's and most any state attorney general seems to have nothing to say about this.
Check Clark Howard's website about freezing your credit with these companies. Very helpful and informative
3
Make the default that all credit files are locked, and force them to develop a way to unlock them on demand. In addition to stopping fraud cold, it would have the added benefit from stopping people with poor impulse control and financial education from applying for those cards at the store checkout.
Wall Street is a casino, not an investment vehicle. The average American has little to no education in managing money or the details of how the system works. Just about everybody needs an injection of "save for it" and stop with all the debt. Since the Great Recession, we made strides, but consumer credit is back to record levels. It's all so idiotic.
10
Regarding credit freeze costs, if you happen to live in IN, ME, NC or SC, you can add/lift/remove freezes for free - all agencies. CO, NJ and NY get to add/remove for free, and pay $5 ($10 in CO) to lift. DE, DC, MS, NM, TN, VT and VA, pay $10 to freeze ($7.50 in TN), and have free lifts/removes for life. That’s right, folks. States set these costs, not the Feds. To get fees changed, look to your State Reps. (ref: transunion.com/credit-freeze/credit-freeze-information-by-state)
Once our data has been used and we incur a loss, then we can file a police report and all States provide for free credit freezes once we have actually been a victim. I don’t understand this reactive strategy – do nothing until a disaster occurs, then pay more to fix the disaster. In this case, all we need is for the States to label this event as Identity Theft, provide us access to a “report” to attach to the freeze request at all agencies. All free, all done. Too simple?
Credit freezes are not the solution, of course. I don’t expect any changes in how this game is played, so I’ll play the hand I’m dealt. Costco & USAA members have access to reduced cost ID Theft protection & monitoring. I’ll file my taxes early. At some point, our SSNs will be meaningless at some other method will be used. Until then, I’ll do what I can and put this event behind me. Apparently, Equifax investors have already forgotten, since their stock price is up 13% over the last 5 days.
4
These businesses simply need to be totally abolished, and the risk for lending put back directly on the lenders. But the day Republicans lift a finger to protect consumers over their political donors will be the day pigs take wing.
9
Long list of Americans corporations abusing their power thru their greed, mismanagement and lack of integrity.
This will not stop and it will not be adequately dealt with by Republucans in hock to the companies.
Time for the government to take over the companies. American corporations have proven wothout a doubt they can not be trusted. Social Security is properly managed, as is the PostOffice, Medicaid, Medicare. ... our education systems work better without the for profits; outsourced services such as programming (Snowden) can nit be trusted to corporations. Republican lie about small government, is nothing more than that-a lie to allow big corprations to rip us off.
4
Who needs physical walls built? I'd like to see the Great Deal Maker make this a priority.
Soon enough violence is all this "civilized" country will be left with. And if you must resort to that, please start by hunting and beating these selfish virulent creatures down before they hop onto their private aircraft. As for me, well, I'm a pacifist.
3
This is interesting. A few days ago I tried to request a freeze on my Equifax account only to have the web site tell me that it was unable to complete the process and to try again at a later time. I went into the the site again today after reading the NY Times article online. This time when I reached the second option, the prompt that would allow the freeze was no longer displayed and the prompts for removing and temporarily removing were listed. My assumption is the freeze was applied but Equifax did not provide to me the PIN, on my first attempt. I chose to temporarily remove the freeze for one day to prove my assumption. It asked for my ten digit PIN that was never provided. So now I have the freeze but cannot remove it.
3
How much do these companies spend annually to educate the public about how credit and credit ratings work? I am guessing it is about zero dollars other than some slick PR efforts they might make on the side and self congratulatory brochures they might put out about what great corporate citizens they are.
Guess what! Paying your bills on time is NOT the measure of someone who handles credit well and deserves a mortgage or a loan. I am 100% on time, but when I was at 97% (one disputed payment date years ago), that was rated as "average". What's 99%? "Okay"?
The credit scoring punishes you for using the loans and other companies have granted. They recommend using 30% or less of available credit. Why did you get it? What is it worth if it harms you in future transactions for using it? It is the same old game, if you need credit, you can't have it, if you don't need it, here's $100,000. you can use for your vacation.
Some people think you start out with perfect credit and then get demerits if you do something wrong. It doesn't work that way. You start out with zero and build credit by having more credit. The more credit you have, the more card companies and others want to make loans to you. If you don't want to use a lot of credit, you'll be punished. If you have, say, one card and a car loan, you'll be lucky ever to reach average on your credit report.
This is a perverse system. When you build credit, you run the risk of being trapped in debts and ruined financially.
7
Like it or not, our economy is highly dependent upon credit, and the need for a creditor to efficiently determine a customer's credit worthiness is the reason why these agencies are s necessary evil. That being said, there are several things that can and must be done to protect consumers from misuse of this data. First, every account should be frozen by default. No one should ever be able to access my credit information without my consent. Period. Second, all of the information should be de-identified. My actual account numbers should NEVER be transmitted to these agencies, simply the fact that I have an account and am paying on time is all of the information that should be needed. The same with my specific employer and all of the other myriad data that these repositories collect. Finally, they must be required to respond in real time to consumer queries and requests to correct misinformation. Yes, the agency's profits might take a hit if they can't sell your information to third parties without your consent, but they at least would gain some credibility and potentially forestall even more draconian regulations.
6
We have become data commodities and willingly exchanged information about us for free search, free socializing, and easy credit. There are costs to this in terms of privacy and security but in general most people seem fine with this. I'm not sure whether people even see data about themselves as their 'property' and may even feel that the exchange is a net gain. The fact that most people see very little of the tremendous economics of the world that transacts their data also seems to have little impact. There is a surge in focus and anger when these breaches occur, but typically they fade and the companies that traffic in this count on that. Does anybody remember the response to gmail 'reading' email to deliver ads? It was a shock for a little while, but the momentary frisson had no effect.
A possible solution to the credit bureau/Fair Isaacs privatization of the asset which derives from us may be a public trust company that performs this important economic function (like the FED managing the money supply). See https://www.nytimes.com/2017/09/21/opinion/get-rid-of-equifax.html for example.
Do people want to do anything about the rest of the vast data economy? I doubt it but there are consequences there too. If I know you really need a car based on your searches and social posts, I will charge you more. But we are enchanted by what we get for the easy exchange of our data.
For an easy, free way to check your credit reports and credit score, you can sign up with a service called Credit Karma. You see basically what the finance companies are seeing when they check up on you. I think there other similar services out there.
2
Good column. I have some follow up questions: Has there been any evidence to date that any of the stolen data has been used? Any reports of false tax returns or other identity theft based on what Equifax revealed? Any idea whether the perpetrators were just common criminals or a foreign government?
2
Liberals do not get it. As long as they consent to be a part of the system they have to bow to this kind of inconvenience. What consumers suffer is small next to the immense profits the owners and managers enjoy. This is capitalism. It is either this or the Soviet Union or Afghanistan. There is no in-between. This is what the GOP represents and are elected year over year to oversee.
And thank god the system has seen in its wisdom to elect the GOP and Trump to make sure our All American Oligarchs can continue to profit from their rule. GOP Congress 19 of the last 25 years. Keep the American Aristocracy going. They are better than most of us anyway.
1
The determination of whether these "so called agencies" should be converted into a government "agency" rests on the issue that they have a conflict of interest with US Citizens due to their profit driven mandate.
Until that is remedied, we are just re-arraging chairs.
2
Frankly I think it absurd that for profit companies are allowed to maintain files on me without permission. I see no reason why a person might want to opt into credit reporting companies, but the default should be not to track a person. Ascertains by these companies that these are somehow our IDs and the veracity of the data is somehow our responsibility are absurd fallacies: input data is assumed to be valid data until proven otherwise.
Now we find that the very goals of these credit agencies, establishing the credit worthiness of individuals, is utterly undercut by their very existence--as the "keys to the kingdom" they are too attractive not to hack. And as a retired IT profession with considerable experience in international banking systems I have to wonder if this is not a case of apprehending the last looter leaving a ransacked store. At a minimum there should be Federal Judicial and Congressional investigations initiated to determine not only the specifics of this intrusion but a determination of all previous intrusions and abuses of the credit agencies' data systems and business operations. Any compromised customer of these agencies has the potential to become a Trojan Horse into the files maintained by the Credit Agencies.
Furthermore, these agencies must be held liable for all future fraudulent as a result of this intrusion.
A few commentators have mentioned the threat to savings accounts. This is true. A credit freeze won't stop someone from draining an account. However, there are obviously a few things you can do to help alleviate the risk. The weakest method is the security question model. What's the name of your childhood pet? That sort of thing. Banks generally require these by default but they're mostly useless. A phone call to the bank with the right information is usually enough to circumvent the security.
A different approach is to use token authorization. Most banks will have this service available for free if you opt-in. Token authorization is when the company sends you an encrypted password each time you want to access the account. The token is sent to some device you physically possess like a cell phone or dongle. The password is good for 30 minutes and then you have to get new one. An impersonator is going to have a hard to beating the token system. Existing protections sort of cover debit cards.
Signing away legal rights is probably the most insulting part to me though. The breach is a massive financial liability. Equifax expects me to sign away my right to sue for damages in exchange for a few pennies worth of services. That makes me really mad. I now advocate government intervention in the credit agencies. You better believe my representatives are getting a strongly worded letter in the mail. These companies can no longer decide what to do. They will be told what they will do.
Nobody will go to jail. Nothing will change. Business as usual. Promise.
5
Let us start by making Social Security numbers public! They practically are! Every employer that an individual has ever applied to has it and by law in some states has to keep that information forever. Every financial institution one has ever dealt with, banks, insurance companies etc. Many colleges used it as a student id number. Any medical facility has it, hospitals, doctors drug stores, etc. Any utility has it. Beside all credit-reporting agencies if you have ever applied for any life or health insurance, MIB has it with all your medical records in the application process.
They all have in a database or in paper easily accessed by most employees. So why do any firm use it as proof of identification?
I have been trying repeatedly for well over a week to establish my freeze, and get the password, the Equifax site, still does not work.
1
I can make this promise, there will be no justice for the insider trading and corruption at the dark, greedy heart of Equifax. Just as there was no justice when Wall Street insiders profited at the expense of a well coordinated plan for financial meltdown in 2008 that lowered everyone's standard of living and decimated our minority populations.
The rich are consuming us with insider trading, and a pay-to-play Congress, White House and Supreme Court. During our last election, a disenfranchised middle class was left with two grades of gasoline to pour on the fire.
Meanwhile, Tom Price is shoveling tax payer money into his insatiable appetite for private jets.
We need to all join forces to demand justice for those who are profiting at the suffering of others - insurance executives, hospital executives, bank executives, Congressional politicians and cabinet members.
Many of our richest Americans obtained their wealth by thoughtless abandonment of morality and ethics. When unable to achieve results based on merit, they turned to bribing our politicians for legislative favors.
Millions are suffering as the rich fill their pockets with wealth from the lower classes. Congress is allowing them to do so without any checks or balances on their Government purchasing power.
The rich will walk. Wealth has its privilege. Meanwhile, non-rich Americans have lost another civil liberty, the right to justice, in the process.
2
Perhaps. By treating it like a utility, does that imply that utilities are especially good at internet security? Is there evidence to support that?
Credit scores are what allow you to get a car or home loan, in the absence of discrimination based on race/class/gender/age as was done in the past. Credit scores are actually a good thing for social justice.
Lets think about what your situation looks like without credit scores. No car loan. Extremely high interest home mortgages. And many people can forget about college. I think living within your means has great benefits. But I do have a mortgage. I earned a high enough credit score by paying my bills on time over a modest number of years, 7 years to be exact. I had a card default 8 years prior. The system is a compromise that works. The real issue here is not credit scores, but the assembly of your personal data everywhere, and the breakdown of your privacy. Credit bureaus are only minor players in the overall data market about you.
2
This will never happen because if you follow the source of all this, as always, you will find that greed is at the very heart of it all. Everyone from the high level managers who very OBVIOUSLY are lying about their insider trading, to congress, who should put an immediate stop to all this insanity, are only looking out for their own self interests. I'll admit, I do not know what would motivate a senator or congressman (they have credit issues too) not to act and set up very, very strict regulations on this industry immediately, but I can see why bankers and corporate America do not want to rock the boat....all the benefits acrue to them, not to us. The three credit bureaus are essentially autonomous, dictatorships who do and act as they please with everything that can be known about us. We let them. We are wimps. I wouldn't be surprised if the five major banks actually owned these three companies through hidden corporations. Stranger things have happened. Follow the trail. Who stands to benefit most by unfettered, access to our credit lives? Who makes the most power, has the most power? Once that is known, the door must be slammed shut on them forever.
My son sold a condo 3 years ago. But his credit report shows him “behind” in paying the mortgage.
These Robbers of Info are unreachable. And he’s had to employ a lawyer to try and get the falsehood removed. He’s engaged to a wonderful woman, but they can't marry yet, because her credit will then be affected too! He wants to buy her brother out of the house the siblings own together, but can’t do that either.
Who knows if his identity will now be stolen as well?
For ourselves, we long ago froze our accounts at the 3 credit agencies. So we, apparently, were somehow protected.
But people are panicked about this!
Meanwhile, the GOP is bent on deregulation....
3
These agencies need to be put out of business. The Consumer Protection Agency can't do anything because it is fighting to stay alive in the current administration. The reporting agencies usually have data that is way out of date & a nuisance to correct. There is no reason why any business should need to check one's credit before a purchase, even a car or mortgage. The contract is what counts and most people know what they can afford, barring a financial disaster. Getting your data is free only once a year. I have excellent credit (at least until this breach; God only knows what it is now and I am not worried about it until I need it) and am not using credit cards anymore. I have been on a cash only except for emergencies for several years now. If I can't afford something, I don't buy it. These leeches have no business accessing our personal data. They usually require one's SS number & that is NOT supposed to be used for identification. I want to see the entire financial services industry regulated and/or put out of business.
2
The solution: nationalize these companies: their employees become federal staff in a federal credit rating utility.
It's not just credit reporting. That's a mechanism about which the individual has no control. But, there are numerous other data bases built upon the willing participation of the individual. Facebook mines gigatons of data about you whenever you sign up, like, or otherwise interact with other participants. The current fad of DNA testing marketed by several companies has large data holdings about individuals who WILLINGLY send in their saliva so that the testers can respond about where in the World ancestors came from, but also allows them to build a treasure trove of ancillary data about the physical makeup of the submitter.
None of these companies, Facebook, Ancestry, etc, have any mechanism to allow the individual to exert even a modest amount of control over the acquisition of data nor how it is stored and used. The only defense the individual has is to choose NOT TO PARTICIPATE when there is a choice. Of course, there is NO choice about the credit reporting businesses and that needs to be remedied.
Welcome to the cloud.
2
Not only should Equifax not charge a fee for freezing our accounts, it should pay for our freezes at the other credit agencies.
Equifax and its sister Credit Reporting organizations are Orwellian: they control ones access to jobs, reputation, home ownership and even health care they operate with nearly zero regulatory oversight. The good news is that all citizens have to do to regulate them is to elect lawmakers willing to do so, and then poof, we control them not vice versa. The bad is news is, voters consistently refuse to elect leaders willing to do so.
As the best teacher is trauma, the only way to reach this tipping point of turning the tables -- is for enough people to be personally harmed by the 143 million person data breach. Anxiety about the uncertainly of whether one's life may be compromised, is a personal harm. Let's see if its enough to turn Equifax's puppets out of office. I'm not holding my breath though. . . .
Nothing but headaches this week trying to freeze our accounts with all three agencies. Hours of waiting on hold; trying to set up three different "gatekeeper" accounts, those gatekeeper websites subsequently overwhelmed by this breach, and Equifax is ill-equipped to handle it all. Very frustrating, and don't we have a Consumer Finance Protection Agency that is supposed to help?
Mandating free credit freezes would be a pathetic legislative response within the parameters dictated by the credit agencies.
A Congress that actually acted in the interest of the people would implement true data protection laws. For example, see the European Union Data Protection Directive.
I tried unsuccessfully to sign up for TrustedID at Equifax. After all the steps, and finally creating a login, I ended up with an error message telling me to contact customer support. Good luck with that! 3x2 hrs on hold (after which you are disconnected), 3 weeks waiting for the return email promised in 24-48 hrs. This is shameful and fundamentally dishonest.
1
Your data is your data, just as your face or your fingerprints and your papers are yours. Further, in the digital realm much of your data is Content, including texts, emails, pictures, recordings, posts to social media, etc. Content is eligible for copyright protections in most cases. (Facebook and others claim that copyright!)
The growth of the web has created a piratical view of who owns your data and how such 'owners' are entitled to share it. If companies, governments, and hackers can get it, they treat it as their property. They study and analyze it (Big Data), share it, sell it, steal it and fence it. 4th Amendment be dammed. Thus they know more about you than you do.
By what Warrant? I never agreed to share my personal info with hundreds of companies that show me they have it, use it, and sell it. So what's mine isn't mine. Taking my property or my data without my knowledge or consent is theft. Analyzing it and selling the results in ways that can be used against me is digital assault and battery.
Where is our Digital Bill of Rights and legal protections?
Amendment 28: "The right of the people to be secure in their persons, houses, papers, DATA, and effects, ..."
Senate Bill 001.001: "No person or corporate entity shall obtain from others their data or content without expressed permission, and shall protect such data obtained, and shall compensate the data owner fairly for any value obtained from the use of personal data ..."
2
Why has this firm not be shut? More importantly, why is senior management still in place, especially the lying ceo?
1
Every once in a while, we are viscerally reminded that corporate America is running the show. Answerable to nothing but profits, it views we the people is a product, a commodity, and just a large mass of addressable market. No matter the friendly, cutesy, inoffensive advertising messages bombarded at us every minute like pellets out of a shotgun, pixel by pixel we are reduced to simpletons with no other purpose than to open our wallets. Now that's what I call freedom!
2
Just read an article in the Guardian advocating putting a "Notice of Correction" in your file requiring a thumbprint on all credit applications to prevent ID theft. (A thief would have to leave his thumbprint on any applications.)
Would this work in the US?
Why isn't the onus on Equifax to contact all those whose files have been breeched and repair the damage? Why should consumers have to take the initiative? This is ridiculous.
3
it's more than past time to reign in this cowboy environment. I find it appalling to look at a credit agency report and find that my financial history has been sent to dozens of companies with which I have no dealings. Every piece of junk mail offering you a "great" credit card deal indicates a company that pulls your credit report. That has to stop. I want a secure pin, that I can give to a company I WANT to do businesses with, that allows them to pull my credit history. No pin with a credit report request, no report. Period. This generally works well with our bank accounts, so no reason not to apply it to our credit history.
My wife and I just enacted a Credit Freeze at these three agencies, Experian, Equifax and Transunion.
At this point this is the only way we can punish these credit reporting agencies; in the short term they won't generate any revenue by selling our credit history.
Even this process was excruciating, with all three sites trying to sell us their "Credit Monitoring " services..with products like "Experian Credit Lock" and other garbage.
These Credit reporting agencies have no shame, trying to make money off this data breach. I hope the CFPB will introduce new regulations to protect our data, but the horse has left the barn..
It’s not just credit agencies. It’s every quiz or personality test you take Online that gets attached to a college or job application. It’s all combined with your whereabouts, your credit card information, your TV viewing, etc. A complete and perfect layer cake. Influencing countless decisions made about your life. On petition above, unchangeable.
1
Not to mention that if they have wrong information, like a medical bill in Tulsa, when I've never been to Tulsa, that is impossible to get rid of.
I expect no regulation of the credit reporting industry. Nor, do I expect Mr. Smith to lose his job. A handful of elected officials and regulators may have made some vague promises about looking into this breach, but their interest will fade. This story will also fade from the news soon enough and all will go on as before. If a few people actually do become victims of fraud as a result, they will deal with it the same way identity-fraud victims have dealt with it in the past--frustratingly attempting to correct all the incorrect information in their credit reports. Call me cynical, but I just don't think that a couple of thousand people writing to a NYT writer is going to change the giant credit reporting industry. No help is coming, so just freeze your credit files and hope for the best.
I work in tech, and I also contract to the government, so I understand data security best practices better than most. Most developers get mandatory training on data security in almost any environment, corporate or federal, not just because there are laws, but because we need to keep up with the latest guidelines and standards.
But you’d never know about those standards, or any of the industry work on improving security when you hear about these hacks. It is as if Equifax, The Office of Personnel Management etc has no knowledge that these standards exist. Even though they’ve been in practice for a while now. I’m just going to be blunt, it is an unfortunate reality that companies need to spend a lot of money to maintain security, when these breeches happen, it usually means these companies took shortcuts, they didn’t hire the right people, with the right knowledge to prevent a breech.
The people who will be worst affected by Equifax’s mistake are more affluent people. Which is really unfortunate on many levels. And does not bode well for the economy especially if Congress continues to turn a blind eye to this problem. Do lawmakers care? Do they even understand the problem?
1
This is why we need a functioning government that protects people from capitalist predators. Why doesn't the Consumer Protection Agency have any teeth?
I'm with Mike (below). A credit freeze should be automatic. No one gets to see our credit info unless we grant that right. Simple step in the right direction
2
Why do we refer to Equifax, Experian, TransUnion (and Innovis) as credit reporting "agencies" or "bureaus"? They are not government entities. Rather, they are private, for-profit corporations. We should refer to them as "credit reporting companies," for that is what they are.
3
The article misses the greatest issue. Our personal identification information is not secret any more. The entire system of personal identification has to be trashed and rebuilt upon an entirely new system. And it has to happen NOW!
All the talk of the breach itself is sorrily too late and too little. Everyone is in danger of financial fraud FOREVER.
1
Guess it would be heresy to suggest people stop living on credit, permanently in hock and paying usurious rates, meaning usurious prices, on everything they buy. It's what enables the comfortably wealthy to persuade themselves they are "middle class" when they are nowhere near the true middle, the median U.S. household income: how can we be anything but middle class when we never have any money left at the end of the month? My wife lends money to a friend often in desperate straits who, with her husband, makes five times what we do.
Stop shopping as entertainment. Pay off your cards monthly. Reserve credit for big ticket items, such as a home or cars, where it is unavoidable. (My wife and I buy cars for cash.) Then, when thieves use your credit, it will show as the anomaly it is and be caught. Every year, I upgrade my work machines by buying one additional state-of-the-art computer; every year, the purchase triggers a fraud alert and I must call my credit card company (singular!) to clear it. Thieves wouldn't get anything much even with my information. My credit rating is stellar. I don't think about it. I only know it because my wife looked.
So much whining and anger and wringing of hands here over flaws in a system that keeps people enslaved to consumerism. Relax, don't worry so much. These breaches hurt them more than they hurt you. And if current mechanisms prove insecure and untrustworthy, have no fear: they will find surer ways to profit off your debt addiction.
1
This is why government regulation is so sensible and important, and why people who proudly vote for those who fight against regulation are truly worthy of the slur "consumer".
A real democratic government would require the permission of both customer and seller to report credit history, even its flaws, to a third party. It would also ban use of the SSN outside of government Social Security business; supply a temporary, computer-generated ID number or age confirmation where such personal info is absolutely required (whether for employment, housing, dangerous products like alcohol and some medicines, or adult entertainment); and ensure that any "free markets" either are both "free" and "markets", or are seized by the state, which would do far better until non-evil competent groups step up to the task.
Don't even bother asking the current government to rein in the credit-history cartel, or any of the myriad others. Just wait until 2018, and repeal the corporate-friendly GOP and replace them with Something Terrific from the Democrats or elsewhere. Make sure those new Congresspeople commit to impeachment, or better yet full overturn, of the current stolen White House. Then, we can seriously talk issues.
The IRS even informs these credit rating agencies of unproven charges of tax evasion and unwarranted demand letters. My own credit rating was just substantially degraded simultaneously with the issuance of a letter to me by the IRS claiming that taxes had gone unpaid on an exercise and sell of employee stock options subject to mandatory withholding and reported on a W-2 filed with the challenged return.
This from an agency that shields Trump's corruption from the voters.
You know, trying to pretend that credit rating information is some sort of secret nefarious platform is unhelpful. The optimum phrase for credit is due diligence. No sane lender is going to give you credit for a 'dream home' or 'dream car' is you have a history of defaulting on credit. Similarly, if you are over leveraged, then extending you more credit than your income can justify would also not make sense (this is precisely the kind of reckless behavior that created the last financial meltdown). It's not rocket science, and its not exactly a secret.
With more and more consolidation in the corporate world, with less spending on the basics of customer service - getting simply problems fixed quickly is a problem when dealing with almost any large corporation. There is a need for a quick vetting process in lending, and there is certainly room for improvement in the current system - but it is extraordinarily unhelpful to demonize the market factors that created the need for credit ratings or that due diligence in lending is somehow bad.
The reality is that the game is not rigged, and if you do what is necessary to build good credit ... you may very well gain access to credit for a 'dream home' (and what dream is not worth working for?). Conversely, if you do things that tank your score, no sane lender will reward that behavior with a 'dream home'.
During most of the 20th century, the great fear was to be trapped, conquered, by ideologies like fascism or communism or, for blacks and women, to be trapped in limited social/economic roles by racism or sexism. During the 21st century, our concern should focus on being trapped by corporate power and the capacities of technology to take away choice, human agency.
Rule by corporations is the gathering storm. Whereas once citizens of many nations feared the dossiers gathered by governments, now those lists of who is good and who is bad are held by the three credit reporting agencies (there is even another, less known listing of people who should never be granted credit, but this more or less underground effort has not received much public notice). You are not presumed innocent. You have to, step by baby step, prove that you can handle credit and money. The less credit you have, the less worthy you are seen of getting more credit.
This system holds back millions of people who might otherwise start businesses, buy a house or a new car. Those on the lower end of the economic scale, thinking they can't qualify for a new car, get pushed into "buy here/finance here" used car lots where they get an inferior car at an inflated price with very high interest rates. The poor are thus continually driven into more poverty.
The right says fear the government. Their buddies, their payment officers, amassing more and more corporate power over our lives, are the ones we should fear.
3
Thank you, Republicans and corporate Democrats -- for leaving us defenseless against these credit agencies. What the law has yet to grasp is its recognition that the credit information belongs ultimately to the consumers -- not the information's users and collectors -- as in the current state of law. Until Congress makes that leap, we will continue to at these credit agencies' mercy.
1
Is there any reason that we cannot direct merchants to ask only one credit agency? Then we could freeze the other two and lose the passwords. That way we would have only business to mess with us.
I would like to know the genesis of these companies. How did they start and how do they get individuals' personal information? I have NEVER checked my credit report. My last employer (a law firm) checked before they hired me 10 years ago and found nothing. Anyone?
What I fail to see mentioned in any of the stories on this particular breach (among so many) is the underlying fragility of the applications, systems and network that make all of these hacks relatively easy. In the end, you cannot fireproof a paper house; and regulation will not fix that- not unless it mandates scrapping most of what has been put in place over the last 30 years. The various building blocks of the Internet and Web were developed for the amusement and gratification of academics, they were never meant to be taken seriously. That our entire economy now resides on PlaySkool computing really should be keeping all of us up at night.
I tried to put a freeze on my credit reports on the 19th. First I tried Equifax. My request timed out. I went on to Experian, I had a previous login and password put they didn't seem to know me so I went on to TransUnion. After deciding I didn't want the "lock" they were pushing, I was able to quickly apply a freeze at no cost. Today I went back to Equifax, but I was stymied because they have applied a freeze but I don't have a PIN since the message I received is that my request timed out. Not sure where that puts me other than enraged.
A simple fix here would be credit price control. Remember the housing bubble collapse of 2007-9? Suppose lenders were constrained to lend at the same interest rate to all customers, but not in their choice of who to lend to? A principle value of the current system to lenders is their ability to charge loan shark rates of 3X or more to those least likely to pay off the loan. Thus, houses, cars and credit cards rake in billions while bankrupting the most financially vulnerable, which works great until the next recession is aggravated by the next wave of lay-offs.
Responsible lenders should not lend to those unable to pay, and lenders should not be bailed out when they do. Loans are another product being pushed at consumers, and extra expensive 'sub-prime' interest rates increase the likelihood of loan failure. Perhaps governments should be allowed to make such loans to buyers with special qualification, and at low rates like VA and FHA mortgages.
It is our data, not theirs. The credit bureaus should be required to ask explicit permission from us before they sell it to any business (or individual).
It's not just that their entire business plan consists of profiting on the personal data of people who never give permission or even have the ability to opt out. Or that this affects the interest rates that people pay for mortgages or consumer goods (which is the only understandable thing about the whole proposition).
No, it is that they also rule over people's ability to MAKE money to pay for all of those things. No matter how competent a worker may be unless they can build a business on their own without loans, they are locked out of the employment market if Equifax says so.
Now Equifax has managed to lose the data of half of all Americans who had never given them permission to have the data, to begin with. Oops! But hey, accountability doesn't matter. The only thing that matters is that Equifax gets to continue to run all of our lives.
"...the wish that came up most often was that Richard F. Smith, the company’s chief executive, be pushed out the door."
The door of his private jet. At 30,000 ft.
39
It is no secret that the dark nature of these credit reporting agencies has for decades been the highly animated subject of many of our family's holiday and informal dinner conversations and on more than one occasion one of us has invariably and presciently used the term 'soylent green' to compare these agencies to the level of unseemly and faceless power they truly have been allowed to accumulate, at the expense of- all of us.
Sadder still, this is how the capitalistic business world wants it, loves it to be. There is huge money to be made, billions, not only on the data mining, and great credit ratings scorers, but probably moreso for those with horrible ratings in the form of fees, legal representations, etc., you name it.
This is why many of us are not kidding ourselves that any of the politicians will lift a finger to not only regulate these dark knight cabals of data collection, but better yet, to break them up into much smaller agencies in which consumers have actual access to how their data is used. Data of 147 million customers at one agency is downright - and outrageously too big to fail.
Until that happens- nothing will change. We're all sitting ducks waiting for the next big data shoe to drop. I'm glad I'm getting old. What a world.
24
We all should keep checking with our political representatives to see what they do about this and to let them know that this is a factor in our votes.
Brian Krebs's Krebsonsecurity(dot)com probably is the best blog on problems with the Equifax SNAFU, and how to deal with it. Mr. Krebs has pointed out that Equifax has an astonishingly poor method for its customers to recover from a lost freeze pin, and has proposed a fix for that, if Equifax has the smarts to adopt it. It's well worth reading his posts on this breach.
5
The underlying nature of the beast is that we are induced into a self-inflation that steals power by deceit of free sweeties or More, New and Improved! And under such indenture are then required to sell out on (sacrifice) your own - to 'save our self' - and yet what it actually delivers is you sold out on yourself, your fellow beings - and your world and cannot escape in the frame of what now operates as self-conflicted struggle to regain power or security. So a sense of powerlessness aligns within a power that operates by deceit as 'survival' under tyranny of fear in which illusions of freedom are invoked (marketized and weaponised) to lubricate or make bearable subjection to a self-betrayal.
The 'economic hit man' does not apply only to peoples who seek to break from insidious tyranny. It operates pervasive and systemic dominance. It is the very idea OF dominance or power OVER - rather than power of aligning WITH.
The 'thinking' of a 'command and control' or 'getting' mentality is that of an illusion of power that actually delivers powerlessness - and yet this winds up the mechanism to give ever more 'trust' or indeed sacrifice of conscious responsibility to 'protection rackets' by effect - if not by knowing intent.
contd... http://willingness-to-listen.blogspot.com/2017/09/reflections-on-powerle...
3
"The underlying nature of the beast is that we are induced into a self-inflation that steals power by deceit of free sweeties or More, New and Improved! And under such indenture are then required to sell out on (sacrifice) your own - to 'save our self' - and yet what it actually delivers is you sold out on yourself, your fellow beings - and your world and cannot escape in the frame of what now operates as self-conflicted struggle to regain power or security. So a sense of powerlessness aligns within a power that operates by deceit as 'survival' under tyranny of fear in which illusions of freedom are invoked (marketized and weaponised) to lubricate or make bearable subjection to a self-betrayal."
Don't tell me. You write the small print on Equifax's user agreement.
I find the comparison of Wells Fargo and Volkswagen with Equifax misplaced. Wells and VW employees took deliberate actions to invent customers and circumvent emissions tests respectively. Equifax had a large computer security breach despite the best efforts of their IT department to prevent one.
1
"Best efforts of their IT department"???? By any standard they were grossly negligence in failing to update a known security flaw for months and months. There is a thin line between intentional conduct and gross negligence.
I know people who work there. They say their security is negligent.
There's no excuse for the response following the hack.
These criminals get richer every day while they run this country into the ground.
16
We need to nationalize all of the credit reporting industry
14
Equifax should notify those people who have been exposed and give them free life time credit freeze with no hazels .
8
You correctly point out that one of the great frustrations of the Equifax debacle is “the resentment [people] feel over being trapped in Equifax’s vast web of data, with no recourse and no ability to opt out.”
You’re right about that. But Equifax isn’t the only company that co-opts our data without our knowledge or permission for profit, and with no ability to opt out. Consider the following:
“In the future, we may sell, buy, merge or partner with other companies or businesses. In such transactions, we may include your information among the transferred assets.”
That’s from the New York Times privacy policy. The Times monitors every article we read on the paper’s web site, and every link we click. And, as the above policy indicates, the newspaper reserves the right to do just about anything they want with the data they collect, in a manner that’s thoroughly opaque. Importantly, there’s no way for readers to opt out. Welcome to the Internet.
Subscribing to the Times is voluntary, a big difference from Equifax. We’re free to cancel our subscriptions at any time. In which case, the Times promises to destroy our data. Maybe. After “15 years.” (The Times policy states “As a matter of course, we will delete personally identifiable information associated with accounts that have been inactive for at least 15 years.”)
Here’s hoping you provide a copy of your column to the folks that run your newspaper.
38
Since there is no way to put the digital genie back in the sand, I suggest a public flogging. Perhaps executed on the steps of the Capitol for all to see.
6
Fake election, fake news, fake credit, FAKE FAKE FAKE...good job guys, you created a completely false society!
4
Agreed ... except that the word "fake" has virtually lost all meaning. Would "illegitimate" be a more useful one? This is the real issue, behind the charade we're all playing out. Anything, anything at all, to pretend that we have legitimate government, businesses, and a society in general. Please, please don't say that the U.S. empire has no clothes!
When we still had a U.S. Attorney General, about a year ago, I commented on the DOJ web site that the FBI had destroyed the legitimacy of the Presidency. How do you "Special" FBI folks feel today, now that your handiwork has led to an illegitimate federal government ... in all THREE of its branches? Thanks Comey! And thanks, FBI traitors! I for just one, will NEVER let this betrayal go. NEVER!
2
Our only hope now is for Paul Ryan or Mitch McConnell to be hacked and their credit information and that of their families be stolen. Then watch how fast these phonies in D.C. get off their butts and do something.
15
way back in the late 80s and to 92 I had a little IRS problem...
like: the IRS sent me a refund check for $1668.89 that I never signed any 1040 for. (I have my own theory as to why, & I think I would have found out had I, as many might, gone "free money!" and run off to cash the bogus beast). That led to a 5 plus years fight with the IRS once they started to assess penalties and interest, though the check never cashed, running up some $5000 "debt" (maybe 3x the nominal value in current $$). Mentioning the IRS collection action ended three interviews in that time period.
How does Equifax deal with such contentious "errors" by reporting parties, or more likely not- as Equifax is not responsible for such "mistakes"- come into play these days...
inquiring minds might like to ask...
5
Didn't 60 Minutes do a program on how lame these companies are a few years ago? And nothing changed. Congress, even if they could set aside their devotion protecting Big $$$$, isn't capable of much more than naming post offices these days. We are in a sorry state that slogans and bombast and campaign rallies can't fix. We need a green-eyeshade kind of president and a Congress that works for all of America, not just the dark money donors. In other words, enact sweeping campaign finance reform and return Congress to regular order.
8
I sacrificed and obtained a high credit rating, taking 7 years. Now because of thieves it could all be wiped out. A sobering thought. Some of the blame is clearly on un-transparent, unaccountable rating agencies like Equifax. Some of it on the data thieves. Some of it on the rush to put everything on the public internet. Some of it on the cowboy internet police like Mandiant who are now 0 for 2 in internet data breaches.
3
This is the inevitable result of "self-regulation" aka "no regulation".
95
The painful irony in all this is that this news comes to us on the heels of the GOP's renewed effort to gut the Consumer Financial Protection Bureau. You might distrust or hate any Federal Government "Bureau" but the sad fact is -- they are the only group at this point who is with us in these shark infested waters. There's blood in the water & things aren't looking good.
122
WE THE PEOPLE have been turned into digits by The International Mafia Top 1% Global Financial Elite Robber Baron/Radical religion Good Old Boys' Cabal through the digital world they control. They managed to buy enough lawmakers at every level to ensure their digital world is not regulated, they buy and sell companies to strip the assets and cause contracts to be null and in the case of the workers OUR governments, using OUR hard-earned taxpayer dollars, have to guarantee and pay for pension plans and other worker benefits that have been thrown out by the Robber Barons. They are the worst of humanity - insatiable greed and no social conscience.
The Con Don shows how arrogant these detestable human beings are. They think they have "won". They think they can't be stopped in their attempts to destroy democracy in America.
WE THE PEOPLE have news for them. They have won nothing but our disdain and WE are going to elect/hire socially conscious people who will tax back all the wealth they have stolen from us over the last 40+ years of their attempted hostile financial takeover of OUR governments. Those same socially conscious people will act with extreme haste to reinstate many of the safeguards meant to protect WE THE PEOPLE - 90% of us - from these and future Robber Barons.
This must not stand in America. Not now. Not ever again.
8
We are such fools. On the one hand, we shriek with horror when someone hacks into a database.
On the other hand, the Department of Defense invites hackers to break into their systems -- and offers prizes -- to point out vulnerabilities.
are hackers criminals? or are they heroes? either way, we should be spending more money securing data. it can be done, but it costs more.
What regulations are in place to require data security? not much.
3
I wonder how many of those people who are outraged and shocked (shocked, I tell you!) by Equifax's breach voted for the Republican "Regulations are Bad!" Party.
Please, bring in more government regulation--of the finance industry, as well as others such as food, agriculture, pharmaceutical! Republican opposition to regulation of industry by government (government being the only body we have that is designed to act in the public interest, not for profit) is a thinly-veiled lie to cover up the desire by corporations to make money money money money (none of which trickles down to us), our health, safety, and privacy be damned. If you vote Republican, you are partly responsible for the fact that Equifax ever even got access to our private information in the first place. I know I never gave permission (except probably in some entirely unreadable fine print) for any institution I have ever done business with to give my personal info--including SSN!--to Equifax. Tight and pro-public regulation of the finance industry would have prevented that. I'm sorry for anyone who gets their info stolen, but if you vote Republican, shut up and stop whining about it.
19
Businesses like Equifax have declared war on us. On consumers. On people. But strike "like Equifax." Big businesses are all like Equifax, until proven otherwise. One of the handful of megabank, Wells Fargo, opened accounts for "us" when we did not request them, 'Oops. I slipped on a banana peel, and accidentally opened an account in your name, using your personal information ... that you entrusted to us.' In yesterday's mail, I got a recall saying that my Versa also has a dangerous Takata airbag, and maybe I should just consider not driving it until next spring. (Cute.)The recall mail literally was on top of an Antwerpen Nissan item asking if I wouldn't just love to come in and trade for their new Leaf model. 'They,' big businesses, want us to just roll over and take it. Capitalism! (And Covfefe!)
Yesterday, David Brooks tried to tell us that some sort of populists are declaring 'war on business.' Just the usual Brooks misdirection. Look over there! A squirrel! No, businesses have been attacking us, with any tool the can ... even exploding Pintos ... for decades. John Roberts' Citizens United lets businesses pretend to be 'people,' and continue to attack us with all their best tools, Welcome to Hell, LLC.
11
Biggest eye-opener in this article:
“I’m not very tech savvy, but I’m very tech wary."
in other words -
"Computers have been an essential part of living in our society since the late 90s, and I haven't learned anything beyond turning it on and off despite the mountain of educational and free YouTube videos simplifying the most basic aspects of computer terms for people like me. The software manufacturers have to come around to my willful ignorance, but still I refuse to educate myself.
Got no sympathy for ya, darlin'.
https://www.youtube.com/watch?v=Lu3qzZ1Ck9g
Well folks who write code and work with data, like myself have been warning about this for years, I'll give you a like back to 2012 that tells it all. This is what we call operation perception deception and we all lose as folks simply didn't want to believe all of this was taking place. Time to wake up, use more cash let credit cards and keep what little privacy you have. Don't be a dupe and try to out guess folks who have worked with data and written code, you'll lose every time. I know it's hard because you can't see it and corporations know this and work it for big profits.
http://ducknetweb.blogspot.com/2012/11/big-dataanalytics-if-used-out-of....
1
A good article for anyone interested in the cures, they are not what they appear to be.
http://www.latimes.com/business/lazarus/la-fi-lazarus-experian-dark-web-...
Congress is too busy lapping at the trough of largess of these companies to do the right thing. (Thank you SCOTUS for Citizens -- i.e., Corporations -- United.) So the only answer is the courts. The attorneys-general of the states that are suing should add the banks that share data with Equifax as co-defendents. When a company (a bank) knowing shares personal data with an entity having historic problems in accurately and safely managing that data (the credit agencies), they share culpability for the damage that wrecklessly is done.
6
Ask not for whom Congress and the White House works -- it's not for you.
16
The boot that Equifax, Transunion and Experian deserve is the kind that led to the demise of the likes of Enron and Arthur Andersen.
11
My experience with credit-rating agencies has been generally good, but the bar is low. We accept that they manage big data and that the incentives are perverse. And we are complacent because they are all-powerful. So something needs to be done about that. But probably the best, and most realistic fix, would be to improve the agencies' responsiveness. My biggest fear is not the breach - that's inevitable (though it shouldn't be) - but rather, it's the recognition that you won't be able to fix any resulting credit report damage (or worse ) without expending huge resources just to get the agencies' attention. Stories abound of people spending years - years! - struggling to clean up their credit reports of bad marks applied for no fault of their own. And the minor stuff - say, a $15 late payment to Sears ten years ago - sticks like glue to your report for far too long. The Feds can impose customer service standards with enforceable metrics to get the agencies to focus on fixing problems. That is not a heavy lift.
59
Freezing credit? That's your goal? Why not deflect a shark attack with a waggle of your finger and a polite request not to tear you to shreds? They are predators, and everyone knows it.
Abolish them. All three.
I have no hope this will actually happen. We live in a country where citizen is another word for prey.
15
At least prey animals have a chance to escape. Citizens are only waiting for the financial abattoir.
2
I hope some day soon all these idiotic institutions will be replaced by Cryptocurrency and Blockchain.
The republicans' constant harangue about over-regulation in the business world looks pretty toothless after this abomination. This is what you get in the wild west world of naked capitalism.
15
We the people... have lost control of so many personal choices... and we are constantly being sold as valuable data... Selling personal data of any kind should be illegal... but, it is just to profitable to stop!
7
I've been saying for years that I was less interested in my government's protection from daesh and Al Queda than I was in protection from the credit bureaus. They deserve to become extinct.
14
Three days ago I googled the 3 companies + "freeze" and was immediately linked to sites where I was able to freeze the respective accounts. https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp, https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp, https://www.experian.com/freeze/center.html. Since these are all prefaced with https I am hoping they are legit. But either way, I feel more secure. And none of them asked me to pay anything.
Good luck to us all!!
2
They also produce incorrect information based on incorrect and incomplete data.When you contact them to complain they act as if they were God.Time to close these useless arrogant companies down
9
Republicans don't believe in regulation or consumer protections or consequences for businesses.
The Equifax breach is a mirror on our society. You get the government you vote for
Show up and vote America! Ask more questions. Be active, engaged, and participate-every day
9
When the hackers first breached the Equifax system it was 2 1/2 months
before it was discovered. So this is not like someone leaving the door open to Fort Knox while they go to lunch for an hour, a 2 1/2 month breach is akin to leaving the door open and going on vacation. How is it possible that there were no alerts or alarms that the system had been breached for 2 1/2 months??! Then it gets better, once the breach is discovered Equifax waits another 1 1/2 months to alert the public!! Really!! So the hackers
had a full 4 months lead time with our data to open accounts and steal
using our information. Great job Equifax! Someone call Aaron Sorkin
for a movie script.
The sheer magnitude of the breach and the potential harm is beyond description. And sadly, little to nothing will come of this. We elect our spineless Congress but they are owned by the corporations who fund their campaigns. We are just whining citizens who they will largely placate until the next election. And we will be left on our own to try and figure out how to mitigate the damage and get our feet out of this bear trap that Equifax and Experian and Transunion has us in. The only good thing about the breach is the hackers have the private information of people in congress also.
8
Mr. Lieber, please keep talking about this issue. Equifax and the others will be counting on people's short memories and lack of understanding to let this blow over without any real consequences.
At a minimum we need free and easy freezes/unfreezes, and a requirement that any breaches are immediately reported to the public.
9
Will these executives see their credit scores destroyed, held against them in future job in interviews, and follow them for years causing immense damage? Nah, they will get their golden parachutes and live happily ever after.
7
When I told one of my adult daughters I'd frozen my credit, she said, "I don't have to worry because I've never done business with Equifax." I was shocked and mortified at what now seems to have been a basic parent fail. How many otherwise smart people think this way? The power these companies - and other data aggregators - have over our personal information and its use is something the EU has thought about and addressed. It's time we in the US had the same kinds of protections.
99
Congress is going to twiddle their thumbs just like Equifax has been doing and for the same reason - money.
Donations, aka bribes, to Congressmen from the financial industry are sure to pour into their coffers to ensure protection from new legislation that would hold them more accountable and protect us.
That's just the rigged American system we have and it will not change until we get our Democracy back.
7
Why have these thieves and grifters been allowed to steal our most personal information? We do not accede to their accumulating our data, we are not paid for it, we have no contract with them, and we certainly never agreed to arbitration in lieu of legal remedy. No one should be forced to give these criminal enterprises their most private information, ever. Any collection of our data should be with our permission only. The records should be frozen as default mode, and only released with our explicit permission to a specific party for a specific time, then re-frozen.
9
Protection money? Nail on the head right! They vacuum your data without permission, sell it without your permission and then charge you to look at your own stuff. For consumers, navigating thru all 3 websites is like a maze. But for hackers, now, because all 3 services have basically the same data, hackers have the keys. Paying for a freeze is as insulting as feeling the need, back when, to pay for Caller ID just to screen against dinnertime cold callers and robo-dialers (read: you are charges twice, or more). The real protection money went ... to Congress!
5
Equifax is only the latest... Volkswagen, Uber, Wells Fargo, Zenefits, Google... lots of giant companies break the law and violate the rules of ethics and nothing ever happens. The CEO might resign, but he never goes to jail. Martin Shkreli, Gordon Gekko, Bernie Madoff, greed is good... these people shock the conscience and Wall Street applauds their shrewdness.
Until recently, we might have believed government is our watchdog, protecting us from the worst practices. But the president and his son-in-law have operated with little regard for ethics rules and regulations both in their personal businesses and in the White House.
The reason things seem worse is, with Trump, business has now brought its disdain and disregard for honest dealing into government.
The fox now holds the mortgage on the hen house. And we are the chickens.
8
As far as I can tell, there is no other way to determine a person's creditworthiness. Do they pay their bills? Do they pay their bills on time? Have they ever paid a mortgage late? How many times, and how late? Have they ever declared bankruptcy? How often do they declare bankruptcy? Do they pay their utility bills? Etc. etc. etc.
When I was young and newly married, my wife and I were very lucky to have somehow learned the ropes of the credit ratings industry. It's not rocket science: Pay your debts on time and never stiff a creditor, and you will do fine. For us, it has worked like a charm. We have never had an error creep into our ratings, knock on wood. I learned a long time ago what heppens when you make a late mortgage payment.
So what's the alternative? Can the data be controlled more carefully? Maybe. Can we have better access and control over what appears in our credit history? Surely, up to a point we should be able to remove erroneous data easily. But what else should change? The credit bureaus are the only thing that let us demonstrate our honesty or lack thereof. They are essential to life as we know it.
1
Here's what else should change: all credit reports frozen all the time as default setting and released only at our request to specified parties for a specified timespan.
If these "bureaus" must exist, then the default should be your credit is frozen all the time and only you can unlock it and only when you give written permission to the bank or furniture store or car dealer or landlord, etc. to pull your report that ONE time. If the Equifaxes of this world need to make money (and whether they should exists at all is questionable), then charge the requesting agency a nominal amount, which will no doubt be passed on to the consumer, but that's ok. That would end a lot of the problems. Simple fix. Just do it, Congress.
At the very least, this should happen to Equifax and should happen now. Why should we have to take the time and go to the trouble of freezing our accounts because of THEIR error?
And throw the bums heading up this organization in jail for insider trading.
9
The breach at Equifax doesn't just "sting," it stinks. The concept of a central credit rating agency may be sound, but its implementation has been, and remains, legal highway robbery.
My reputation, from a business's perspective is completely at the mercy of these reporting agencies. Equifax, Experian and TransUnion sell access to their assessment of MY reputation to businesses where I wish to purchase something over time. I should get a percentage of the fee, at the very least. They got the information at no cost to themselves, and now it's for sale? And if I don't want anyone snooping around in my financial affairs, I have to fork up cash to keep that information private? And, on top of that, when I decide to allow a peek into that data, I must pay yet again? Hogwash!!!
Your money was much safer when the only way you could get to it was either by writing a check to a business or going to the teller's cage and making a withdrawal in person. If you wanted to make a large purchase over time, you gave the seller permission to call or visit your bank to ask about your credit-worthiness. There was nothing wrong with this process. It slowed things down, allowing you time to be sure you really wanted go through with the deal in the first place.
The problem with instant credit is it leads to almost-instant bankruptcy. You are greedy for a shiny new toy and the toy seller is greedy for your cash. It happens every day.
3
We need to do what our grandparents did. Avoid credit, use/hoard cash. Form co-ops. Eschew national chains. Basically, "opt out" of the corrupt system. Because you can't win playing by their "rules." Elect people with the express goal of doing something about "Big Money." Elect trustbusters. People who enact Glass-Steagell type legislation. Because all the laws money can buy have been bought. And all the sponsored legislators have been sponsored.
"A Republic, if you can keep it." We cannot keep it.
7
Insider trading by Equifax's top officials, enticements to hand over protection money from all three bureaus - how can they be considered anything other than criminal enterprises?
9
GREED is truly the most terrible challenge of our times, and capitalism is its tool, its means to power and more greed.
Greed is a (contagious) mental illness, an unfillable hole, a hunger that denies justice, a brutal expression of broken egos.
Greed is having a million times as much as the poor and still feeling you don't have enough.
Greed consumes the earth without respite, and is a cancer on humanity. Greed destroys us and our children and their future.
Greed is death.
2
Kick these fakers to the curb. They should immediately be stripped of all power over our lives. They don't help or protect us; they use us. There is a better way, that doesn't involve scams.
2
Simply one more example of an unregulated industry that fits the Republican cry to eliminate any and all governmental regulations as overly burdensome. Forget MAGA, let's make America one big Love Canal managed by Enron.
1
As if we aren't suffering enough anxiety. Equifax is nothing but a huge scam.
1
This is just one more reason we 'little people' (as defined by Leona Helmsley) are fed up - these criminals are rarely held accountable, much less sent to prison (a real prison, not a white collar country club with bars). I completely understand now why French peasants took such pleasure in parading the aristocracy to their fate at the guillotine.
1
If you are in the process of applying for a new job or any kind of credi transaction, you should insist that the prospective employer or lender check your credit rating with Transunion or Experian rather than Equifax.
1
We now live in a world where to be prudent you must have a credit freeze on your accounts. What I am concerned with is how the credit reporting agencies deal with the temporary lifts in order to do something as simple as get a new cell phone. Will anybody answer the telephone? will they have any idea what they are doing? and how much will they charge? can I trust they will put the freeze back?
This is the thing, you cannot trust the very agencies that have been entrusted with your most personal information and we also have a just as useless and corrupt federal government
61
We’ve had our credit frozen for years. When it’s needed to be lifted, we did it for a hour or two only. You receive a password code, which can be used only by the party you designate. You then provide it to the creditor, and they have to act within the set limited time you’ve chosen.
It costs $10 each time. But in 2 cases, as I recall, the cost was eaten by the party needing the info.
1
When I tried to sign up for a credit freeze at Equifax, I was told by the customer service representative that there was already a credit freeze on my and my wife's accounts. I have never placed one in the past. A check of their website confirms this. How can this be? Has someone with our data placed a freeze, perhaps to remove it later for their purposes? I was able tp place freezes with the other two companies without problem.
1
All true, Americans have realistic reasons to be weary of their credit ratings in the hands of the big three. But Americans are their own worse enemies in regard to personal information they willingly post on Facebook and their ilk.
4
Some suggestions for remedies. First, Equifax needs to put a freeze on all accounts immediately. They should be required to do so. Second, the major banks should stop doing business with Equifax until they provide satisfactory evidence of their ability to protect sensitive data. Banks and other businesses are the real customers, not us. The "credit agency" companies will respond to them. Since banks have direct contact with us as consumer, they are more responsive to our needs. We might encourage the banks to act responsibly by boycotting those who turn a blind eye to this sort of abusive.
11
We deserve this mess. Republicans are anti-regulation and anti-consumer, and Democrats - who 40 years ago would do the right thing - are now tempered by Republicans calling them anti-business. As long as Republicans make up more than 40% of any legislative body, we are guaranteed to be victims of this type of corporate recklessness.
15
How about some reporting on root cause, i.e. why the credit rating business exists in the first place? Because Americans borrow and lenders lend excessively? (see 2009). Compare to Germany, perhaps. A German business colleague working in the US division for 2 years told me it works differently there. To borrow money requires a solid job and money in the bank there , which he has but not good enough in the US to get his Utilities turned on!
5
The people who need to bear the brunt of the leak are the shareholders of Equifax (ticker symbol EFX, $105.04, up over six percent from prior day). The shareholders are the corporation. Their action or inaction at shareholders meetings elected a board of directors which allowed the firm to arrive at this disgusting point.
Every action which consumers can take to make their data useless to banks, utilities, and other purchasers of Equifax data are actions which can turn this company from a reckless custodian of our most precious information into a Bear Stearns. Their failures need to be a painful object lesson to the financial industry and their executives need to find far less lucrative subsequent employment.
9
By all means, as the senior executive in charge making the big bucks, at the very least the CEO should be dismissed for incompetence if not outright negligence. I'd also purge the head of IT Systems, the Director of Security and all of those who sold stock following the breach but prior to the announcement. Word of these disasters spreads like wildfire throughout organizations as soon as they happen and/or are announced publicly, and it simply is not credible that key top execs "were not aware" of the incident. Until accountability for these types of massive debacles is once again ingrained into corporate conduct and standard operating procedures, top executives in this country are going to continue to enjoy their perks and positions without suffering the consequences of the downstream and ongoing negative effects on consumers of their fiduciary failings.
6
There are so many incredible facts to absorb here, it's dizzying.
Such as Equifax having little knowledge of whose data was leaked. If they knew, they would have contacted us in writing and their website wouldn't be saying, "your data may possibly, perhaps (who knows?) have been compromised".
Even if we forget about loan frauds and their nasty long-term consequences, the potential for hackers to break into every single of our accounts is breathtaking. No credit freeze will protect us from this. Somehow, when companies or the government receive a call from a customer, or get an online request for a new account or a password reset, they'll have to tell us apart from hackers that know about as much about us as the company/government does! How are they going to do this?
We are talking about hackers being able to pry into basically everything that can be accessed online or by phone. How depressing is it that our main form of protection appears to be anonymity in numbers: so much information was leaked, hackers don't have the manpower to hack everyone, they'll have to be selective. Is that what we have to settle for, being boring enough that hackers will go after someone else?
Lawmakers, companies, step up! As other readers said, there are solutions for certain problems (e.g. multifactor identification), they need to be implemented, we can't spend the rest of our lives looking over our shoulder. One would think the OPM breach would have been a wake up call. Doesn't seem so.
1
"Financial responsibility" is what the credit agencies claim they are providing lenders etc.
Ok, so where is the "responsibility" for senior executives and the company in this mess ?
Assuming Congress ignores the credit lobby (big assumption ) :
Forced resignations of all the senior execs - with no golden handshakes or better yet a specialty tax assessment on any payoffs
free credit reporting etc. for 5 years ...let them eat there profits
government over sight of all the operations for these companies complete with fines for misreporting etc.
7
It would be great if we had a statutory right to privacy and companies wishing to buy and sell information that would be considered private had to seek our consent.
2
I'd theft protection to my understanding is not in real time. In fact it takes at least two weeks to a month for the so called protection agency to alert you to a breach. Not bloody well good enough. FICO and credit rating scores are unfortunately another banking scam along with mortgage insurance. Nothing was learned from the collapse and its musical chairs for the rest of us. Put your money under your mattress and get out of the stock market. That is about to go south any day now.
2
And this is a prime example of why we have those regulations that business hates. rsgulations come about because of bad choices business makes. Whenever the choice is between money and the right thing, most business will opt for money. It's why they exist. And it's also why when you hear the statement, "It's good for business," you can bet it's bad for people.
5
Well done on this article. It really brings together what we all have been seeing only pieces of. Quick example in my own life for those out there that have not had to deal with this corrupt industry. I went to buy my most recent house and my credit report came back 500 something. Now, I have never missed a payment on anything in my life. Flawless credit history. However, Florida Light and Power had sent me a bill for $61 months after I have moved out of my house in Florida and the bill was never routed to my new address. I literally never saw it or knew about it. That unpaid bill of $61 dollars sank my credit from 820 to mid 500. $61 dollars vs. a lifetime (I'm 46) of perfect credit. The real estate agent just shrugged and said you'll need to pay a bad credit penalty of $2,700 to secure the loan. I called and emailed Equifax and no response, no email back no direction, no accountability, and really no interest.
7
You need to contact Florida Light and Power, since they reported you delinquent.
I did. And I paid it off. Although it took over a year to get to just 700. The equifax call was to understand how that small amount could affect my lifetime of good credit.
I can't fathom why these credit rating companies even exist. It should be the responsibility of the individual lender, be it a bank, a car dealership, or whoever, to determine the viability of a loan. Furthermore, nobody asked me if I wanted Equifax or either of the others to have my information. The concept is clearly a breach of privacy. Liquidate Equifax to cover securing the accounts of those affected, and outlaw credit rating companies in general. They're simply giant consumer scams apparently in league with the government which let them have the data in the first place to benefit rapacious corporations.
5
Can someone explain to me the danger described here and elsewhere of Social Security and investment account theft? Equifax let go of enough information for a thief to steal your identity at any point as long as you are alive and can go in and relieve you of your life savings? And a credit freeze will not prevent this, am I right? Would like to have this explained on a first-grade level as that is what my critical thinking is when experiencing rage and helplessness and exploitation.
89
If you put your money at Vanguard, they will not send a check to anyplace except your residence. If your address changes, they will mail a letter to you about that. So no one can change your address without you knowing.
Also, for your protection, Vanguard has voice recognition that you can establish with them, so no one can impersonate you if they call Vanguard.
Put your money in the safest possible place!
1
Is anyone paying attention to the root cause, which is the American addiction to borrowing for everything? It used to be you borrowed to buy a home, had a down payment saved, and thought long and hard about affordability. The local Savings and Loan thought about your eligibility long and hard as well.
The Reagan revolution forced students into borrowing big for college, the offshoring of Wall Street decimated middle class wages, the merging of all local banks into a few large multi-nationals meant savings accounts pay nothing, discouraging what saving people still do and forcing them into the rigged casino that is the stock market.
The Equifax Breach stings so badly because the root cause is a normalization of massive personal debt.
2
A password associated with social security numbers, one that the owner of the social security number controls, enabled for two step verification, would help solve many of these problems. All my other important accounts are controlled this way: why not social security? It should be optional, so that those who do not want to use the technology can opt out easily.
1
Companies are getting their sites pinged by hackers every day. When you have thousands of employees, all it takes is one person clicking on a bad e-mail to give the hackers access to company and customer information. The problem is how to respond to the breach and also containing the damage that a hacker can do (information permissions, tracking data flow within an organiaiton, etc.). Equifax deserves criticism for its response, but breaches can happen to any organization.
Credit freezes, credit monitoring and fraud alerts are ineffective. Any credit reports released should require authorization by the consumer.
No authorization, no report. Problem solved.
2
"to step out of the system unless you can live a life completely free of the need for credit, mobile phones and many jobs." I don't need credit, I don't need a job, I own my phone - how do I step out of the system? Would love to do that.
1
I did not buy a home til I was 47. I paid for it 2/3 in cash and paid off the mortgage in less than ten years. I bought my second home at 64, and paid cash. I drive a 23-year-old car that works just fine, thank you. When it goes, I will buy a new one with cash. I pay cash for virtually all purchases. Rich? No. Frugal? Yes. I deeply resent being put at risk by some capitalist vulture company I do not need and have never needed. I have frozen all my credit scores and plan never to unfreeze them again, barring medical necessity. I suggest this is a wake-up call to go back to the monetary ethics of those Depression grandparents who knew not to risk or waste money on junk.
2
Such is the nature of US-style capitalism - everything is for sale. Any opportunity to transfer wealth upward is fair game, even health care and medicines.
4
Nothing will happen to Equifax.
Remember the misleading ratings given by Moody's and others to stocks that led to the financial crisis in 2008.
The rating agencies were pilloried in the press for a while and then public attention shifted to the next candle.
The top people in the regulatory government agencies mingle socially with the top guys at these firms. The personal connection and sympathy is stronger than the public duty to go after the wrongdoers.
2
"[T]here does not appear to be any way to step out of the system unless you can live a life completely free of the need for credit, mobile phones and many jobs..."
My father did exactly that. Upon retirement he moved back to the very rural and tiny community where he was born and raised. He paid cash for everything, either in the form of currency, check or debit card, the latter two accounts being with the credit union of the company where he had worked, the only employer he ever had after graduating college on the GI Bill.
During his entire life he held perhaps 3 or 4 credit cards, total. This was back in the day when oil companies issued their own credit cards, good only at their filling stations and perhaps for restaurant or motel bills. Once he got the debit card, all other forms of wallet credit went into the trash.
Then one day he and my stepmother found themselves at the airport in Tampa, trying to rent a car to drive to his stepson's home near Sarasota. Rental car company after rental car company refused to provide him with a car. The reason? They accepted only credit cards. A debit card offered the company no protection if the renter decided he wanted to abandon it or just take off and keep it, was the explanation he was given.
As a result of this, Dad applied for a credit card. It took some time and, despite his cash assets in the high 6-figure range, the maximum credit he was given was $2,000.
He died, some years later, never having used it.
2
I know Republicans loathe government interference of any kind, but forget them. Why don't we push for a law requiring credit reporting companies to give free access to individuals, any time they wish, of the individual credit reports they generate about them? I can log in to see my bank accounts, credit card debt, medical records, etc., any time. Why can't I see the data that's been collected on me?
1
Well now, NOTHING has changed after our 2008 meltdown! Money talks and no corporation has responsibility for their product. Wall street, banks, bond rating agencies, credit reporting agencies are free to do anything with no accountability. Just wait until the GOP and Trump are done with regulations protecting Americans!
1
Equifax has shown a distinct level of incompetence in this manner. They knowingly left a vulnerable piece of software in place while other companies rushed to repair their systems. After the breach wade made public, they directed people to seek help from a fake site.
It's clear the Equifax IT group has not developed a culture that values the integrity of their processes.
Banks and other companies that pay Equifax for their services need to re-direct their business.
1
Equifax doesn't care about reaching out to us because WE are not its customer. We do not choose it, it's not like we can choose another company, as with Wells Fargo. It takes our data and turns it into a product for other companies, and those users aren't hurt, so they don't care. At least WF had skin in the game, Equifax does not. That should change.
1
A company like Equifax
That with data is way too lax
Should pay through the nose
When it starts to doze
And lets us all fall through the cracks.
2
Elizabeth Warren began reporting on the credit reporting "agencies" years ago. That 'agency' moniker has given consumers the misguided impression that Equifax, Experian and TransUnion actually have governmentment-granted consumer-friendly legitimacy.
In countless interviews, she exposed the cruel hoax that is the foundation of these publicly-traded credit reporting firms. For instance:
Consumers have often wondered how a payment check to a utility or retailer was marked for late payment when the payment had been mailed more than a week in advance of the due date. Or, why their credit card interest rates doubled despite making timely payments. I have experienced this con and it is a painful, endless exercise to correct it.
And here is the credit reporting con:
According to Ms. Warren, a small percentage of payment checks are put aside, despite receiving them on time, for late payment charges. The credit reporting firms are notified of the late charges; they forward that information to the credit card issuers. Interest rates are hiked in secret along with "commissions" paid to the credit reporting firms. In the system, everyone in the loop gets their "touch" while the consumer remains mystified about rising interest rates on their credit cards. The con is on.
Those firms and their Wall Street enablers have been attacking Elizabeth Warren because they know she knows how they make their money. She "knows where the bodies are buried" in the financial industry.
2
And the Republican mantra is always less regulation. Obviously this breach happened because of Obama. I don't know how, but whenever something goes wrong the Republicans blame it on Obama and their base believes them.
1
The simple way to avoid the credit reporting businesses from determining how much you pay for purchases is to just use cash. Get off the credit card treadmill, pay any balance in full each month, save for major purchases such as an auto and then pay cash for all the major purchases. Create and stick to a budget for yourself and your family. The credit card becomes just a convenience when paid in full each month. Don't forget to put freezes on your credit reporting agencies accounts.
This may scare you to death at first but after awhile you will love the independence and peace of mind it affords you.
2
The amount of power the credit agencies wield is disturbing. Essentially, the underpinnings of our modern lives revolve around credit - as explained by Ron Lieber. Too big to fail? It turns out thatthis doesn;t just apply to the financial institutions but to these credit agencies which feed them data. There must be more oversight, and more protection for we peons.
1
As someone in their later years working to build my retirement nest egg, this incidence has created an ever present sense of doom and despair. Seeing my name as one of 143 million who "may have been impacted", I now am told...for the rest of your life... check your accounts every 2 weeks and hope that no one has stolen your savings. If that occurs, I will have to then fight with the bank or whomever to get it back. It is difficult to express how angry I am. Many solutions exist it would seem (alternative ID technology, consumer ownership/rights for data) but this would require the federal government to actually regulate a business,so, we will all remain living in fear.
123
ID theft protection firm LifeLock (Symantec's subsidiary) is a big winner from this breach. They charge up to $29.99 monthly for your credit alerts and reports, etc. Their website says “A major credit bureau just experienced a breach... Don’t wait to get identity theft protection.” Their executive told Bloomberg that their enrollments shot up 10 times after Equifax breach. What makes me furious is that they are still sending subscribers data to Equifax and paying part of the revenues to Equifax for obtaining annual credit monitoring reports. What a conspiracy! Don't let the fox watch the hen house!
65
In 2015 LifeLock paid a $110 million settlement with the FTC for, among other things, falsely claiming they were protecting people's identity. They were doing absolutely nothing to help anyone except collecting more information about more people and storing it.
If corporations are "people" under Citizens United, I continue to ask why, then, the corporate CEOs, CFOs, board of directors, are not in jail.
We need a Congress with a sense of consumer protection to strictly regulate all the so-called "credit" agencies, as well as all America's corporations who excel at data mining and storing. That includes all the industries like health care, pharmaceuticals, insurance, vehicles (CarFax), grocery/box stores, everyone who collects our data.
Would that some of the tech folks so competent at advertising, marketing and hoarding data could apply some of their smarts to stopping hacking. But there's no monetary return for that investment.
2
This is a big case of pot stirring. Perhaps some people will be harmed, but it is hardly the crisis it is portrayed. Those who will benefit are the class-action lawyers and state AGs, who see money on the ground. We seem to have zero tolerance for any mistake a corporation makes (Wells Fargo and Equifax being the best examples), but forgive and forget when the government makes similar mistakes. I am not opposed to reasonable regulation, but the hot-house of a media storm is not productive, except to those stoking and profiting from the blaze.
1
Really? Do you work for Equifax? They and the other credit agencies need serious regulation and must be held accountable. They currently serve only their corporate clients and totally disregard the damage they to individuals. People must be allowed to control the personal data that these leaches use to generate their profits. It is long past time for regulations that hold them accountable. We should be able to freeze and unfreeze our credit and have appropriate access to correct errors without charge or undue hassle. The best outcome would be if Equifax is driven out of business and the executives who are likely guilty of insider trading do serious jail time. That might be sufficient to get the attention of the other two credit agencies. I have never seen a reasonable explanation of why we need three of these leaches.
1
This comment makes no sense. We all rely on credit reporting bureaus to be accurate, protected sources of "objective" (ish) information for all major purchases in our lives. The fact that Equifax had such a breach and their complete lack of appropriate response to all of us who directly rely on them is inexcusable, and frankly, I don't think people are upset enough. This comment just reads as fanning the flames of conspiracy thinking, and all that does is dilute our ability to get these companies to be accountable.
Perhaps you have not been affected, yet, but I have. In the course of one day, three different credit cards were applied for in my name, my checking account was hacked and money diverted (causing 'real' payments to bounce, incurring costs and requiring that a new account be established, resulting in the inability to make payments and placing the obligation on me to contact every entity that either deposits or withdraws funds to this account to change their records), purchases were made on my existing store credit cards which then required closing long-held accounts, and generally causing this senior citizen a lot of stress. So, yes, a little regulation and recompense would be nice and not too much to ask for. I worked hard all my life to obtain and maintain my credit rating and my financial security; Equifax did not protect me.
2
Nice job, Ron Lieber.
Thanks for your help through this mess.
49
Make your Equifax freeze permanent. If you apply for credit, tell your lenders they must use one of the other agencies. You will not lift your Equifax freeze under any circumstances. Lenders need business as much as you need credit. They can use one of the other agencies. Tell the lender that if they can't get info from one of the other agencies, you will find a lender who can. Equifax should go out of business because every consumer imposes a permanent freeze. After that happens, the other 2 agencies will be a little more sensitive to the way they screw up our lives, and new competitors may emerge.
178
It doesn't work that way. Lenders do not pick and choose which of the three credit agencies' data to rely upon. They have no relationship with the credit agencies. What lenders rely upon is a FICO score generated by another company, Fair Isaacs. The FICO score is the result of a bunch of proprietary algorithms applied to all the agencies' information resulting in your credit score of poor, fair, good, excellent, etc. this score is what your car lender, for example, uses to decide whether to extend you a loan and if so, what interest rate to charge you.
Great idea. Turn the tables on them!
Dear credit agencies and banks. You are ending yourselves. And you will end or severely cripple the big businesses that depend on your game. Don't let the door hit you on the way out.
Dear car buyers. Do you need a new car? Maybe the answer is no. You do not, and you can get by with what you have. Don't buy a car. Just say no.
Dear home buyers. Do you need to buy a house? The real estate business desperately wants you to buy one. To keep their revolving scam going. But buying a house is a loser. Just say no. Rent. Just say no.
Collapse these business monstrosities. Don't ask. Tell them ... that their game is up.
And, by the way, these same big businesses are what's behind the whole Trump mess. They're his backers. But this guy got a bit out if hand. Oops, Say no to Russian-aligned businesses and politicians. Take your country back.
30
I think the landlord will check your credit before giving you the keys.
1
Given that all of this was Equifax's fault, the burden should be on them to reach out to us and notify us if our credit reports were compromised by their failure to secure out data. Every time I rejected for a credit card because credit agencies all of a sudden have some bogus data in my report that was not there last year, I am doing their work for them and ps I am not getting paid for it, are you? No, none of us are. They use us, our data and ask us to fix their errors. I get that this whole situation is without justice for us, the consumers, but enough already! Will someone please make Equifax step up and do the right thing. Senator Schumer, are you listening???
59
This is how the big banks used to operate, I agree with Reader. Why isn't Equinox obligated to mail each of us a letter, snail mail, to inform us if our credit history was breached? Why do we have go to their website to find out? What about the people who don't have access to a computer?
2
This is the right approach. And by the way perhaps it really should go a step further. Every request to credit reporting service should only be done after the service gets explicit authorization from the person whose information this really is. Then it really becomes a service to the people by letting us know who or what is happening out there that we should know.
1
Basically they have made trash of all their data. The others will be peddling trash too, because whatever they say is unreliable, having been so badly compromised. End of business plan.
15
What prevents the Social Security Administration from issuing new SSNs following a data breach? it should be similar to reporting a lost credit card. Otherwise, it is up to the financial institutions to come up with better security than typing in 4 digits or mother's maiden names to authorize illegal access to our money.
11
The current administration does not believe in consumer protection.
It does not believe in protecting anything or anyone except the right to pillage the land and tame the labor force so as to secure for the already powerful their lucre and their spoils.
There will be a lot of posturing in Washington with blowhards in Congress scoring hot air points over the Equifax breach, but no legislation will be passed to protect the honest Joes and Janes, no executive orders written in righteous scorn.
Yes, the Congress is going after the influence-peddling and deal-seeking Russian scandal in a bipartisan manner, but the only reason why there is even a Russia investigation in the Congress is that there are sufficient numbers of older former Cold Warriors still serving who continue to think of Russia as a bogey-word and because Russia is known to have meddled in our elections, other Republicans have to pretend they care.
But no Republican will agree to rein in the credit reporting bureaus, because these are businesses and business is sacred to the GOP, more sacred even than the God they so frequently invoke to vouch for the lily white purity of their--to borrow a phrase from their dear leader--sacred souls.
73
Welcome to the new millennium.
"Equifax has not directly informed people who may have been affected by the breach. "
Exactly.
They should not be putting this on us.
They should inform us, the other 2 agencies, and automatically notify anyone who checks our credit with them in the future that this information was compromised.
We should be notified of each request and Equifax should pay a reliable team to come up with a secure way of determining whether the request came from us or the thief before a new line of credit or change of address is allowed.
All costs from successful identity thefts, including the cost of cleaning up credit scores, should be born by Equifax.
We were unwilling passive actors. We should not be forced to become active actors now.
69
Is this the tipping point where people begin to realize that loosening regulations until they are meaningless is the wrong answer?
37
I'm angry that I have to pay ANY reporting agency to freeze my credit report. And like everyone else, I am worried that my hard-earned credit score has fallen into the dark web economy.
24
Why does the rest of the world find credit rating agencies unnecessary?
24
Could we just fine the companies $1 per account breach? Could we make credit reporting companies personally and criminally liable for not reporting breaches? This would make people not so willing to gather data.
19
$1000
Equifax will get off scott free. The government either doesn't care or can't be bothered with regulating these companies. They are allowed carte blanche to sell peoples private information.
20
Please don't say "government doesn't care". The culprit is "The Republicans in government doesn't care about consumer protections"
1
We need a federal control agency that can assure us that our records are ;
1) as true in reflecting our credit history as possible
2) safe to use
3) can be easily challenged by the customer
4) held by private vetted agencies wishing to participate
15
I called the Equifax help desk phone number when the email link they provided to enroll in their “protection” program didn’t work. The customer service representative’s first question was to ask for my full social security number. When I refused, the second question was for my date of birth.
In what universe do people still think this is a reasonable approach to personal information security? Maybe that’s why we are where we are, without any recourse.
24
Any who remembers Neil Bush and Silvardo Savings and Loan
SHOULD remember the ONLY reason we EVER had this 'credit rating' applied to consumers - was AS IF it was the consumers fault.
I was a senior developer for community banking software - and I checked data from multiple community banks - none of them engaged in Sub Prime lending - it was Goldman tradings Triple A Collaterlized Debt Obligations - to this DAY - gone unchallenged by US DOJ...
Just as community banks were not the problem with the 2007 financial crisis ? Consumers were never the problem with Savings and Loan - and yet ?
The solution from Savings and Loan was to say - ah - yes - let's give everyone a credit score.
I REEL at age 49 to figure out the deal on this rigged deck.
Elizabeth Warren has a WONDERFUL point about how you can't even FIND work at times because of 'credit score' PICO.
I've been denied ability to rent on this - and work.
Black bird fly
Into the light of the dark black night
7
Mr. Lieber, didn't you know? This is the United States, where business can do no wrong. And where white collar crime has not disappeared but the prosecution of it certainly has.
I predict either bonuses or retirement with huge golden parachutes for the Equifax executives. And no one will flinch. Truth is, that's the new normal here in the good old USA.
29
That's exactly what has already happened. The two IT execs who media reported "left the company" didn't get fired. They retired with their golden parachutes intact.
1
The total cycle time to put a credit freeze on at Equifax was about three days, including about an hour on their website this morning as it timed out numerous times going from screen to screen. I think I might have a credit freeze on now, but I have very little confidence that this is the case, or that it will help much. And of course this does nothing with respect to the other two Blind Mice.
Equifax deserves the death sentence for this. Unfortunately, it won't hurt those really responsible, just the ordinary workers who will be out of jobs and wind up with their own credit ratings in the toilet.
21
If enough of our legislators are personally inconvenienced, then perhaps something will change.
12
It's amazing how all of a sudden "our representatives" can act when an issue affects them personally. When the "family values" Republican finds out he has a gay child, all of a sudden he is sympathetic to the problems of the gay community. Since this breach will affect rich and poor, powerful and powerless -- maybe some of them will be personally affected and moved to action. Sad that it has to come to that, but that's how it goes.
Why is it I can't freeze my credit at American Express,Discover, MasterCard and Visa? They are the ones primarily under writing our borrowing.
5
A credit "freeze" from a company whose credit files have been hacked - wonderful! Really makes one feel secure.
11
Think about a bank metaphor. They keep the valuables in a safe. They don't keep everything at the teller window where anyone can grab it.
9
I notice there are only 23 comments to this. There should be 23,000. I was astounded that, in order to freeze my credit, I had to hand over more information than I have ever handed over. Where is the Consumer Protection Agency in this? You know, that agency that Trump wants to close down?
18
still unable to make their freeze website work. printing out the attempts and error messages as evidence if i sue
1
Thank you for writing exactly what millions of Americans are feeling. First I was angry then I started crying because I felt so helpless. Now it's fear.
2
To paraphrase Ronald Reagan, corporations are not the solution, they are the problem. Here is another example of Republican abhorrence of government regulation at work. The resulting scenario is to just trust that these entities will do the right thing for their consumers and the public; and as Sarah Palin would say" how is that work in' for ya" ? We need to abandon this ideology immediately and force the government to crack down on these corporations. They are profiting off of us as parasites or for a more apt analogy; a cancer on our economy where we are left as victims of their greed and indifference.
5
It's a scam.
Over the years I have trashed my credit after job loses and a business failure. Each time it bounced back. Why? Because it's a scam to sell us on debt.
Once I figured that out after my business failed during the financial crisis I felt a weight lifted from my shoulders.
I fixed my credit by calling all my creditors speaking with and or writing to their credit departments.
Lesson learned... they need me more than I need them all were eager to work with me and stop reporting to the troika of agencies, as long as I kept up my end of the bargain.
After I refi my house next month, I could care less about my score because I mostly use cash now.
3
It's time to get back the security of our social security numbers and not allow them to be the used at all for identity purposes with the exception of the Social Security Administration. That would help curtail a lot of the identity theft. Secondly, no business or reporting agency should have the right to cull your information and use it without your permission. If the credit reporting agencies are forced to ask your permission, they will be forced to offer incentives to join. Ultimately, it's up to the consumer whether they want to part of the credit reporting system or rely on other means, like cash only. the blockchain may change all of this, but that's a long way off.
2
Unfortunately, the Internet is set up for convenience, not security. It is the world we live in.
People should have placed security freezes on all four credit bureaus long before now (Equifax, TransUnion, Experian and Innovis). They should also monitor their credit reports on a regular basis, at least every quarter.
Triple AAA has free identify monitoring, but if you want to upgrade it costs a few dollars a year. These are relatively simple steps people can take until the security aspect catches up to Internet use, as someday I believe it will.
Until then, as Thomas Jefferson once wrote, eternal vigilance.
5
Len, Triple AAA does offer free ID theft monitoring and you can upgrade for more service but the service is provided by EXPERIAN!
Equifax is in the extortion business. Their top executives in charge of data and security were shockingly underqualified. It's time to hold congressional hearings, determine the adequacy of federal regulation of the industry, and put Equifax to death.
11
Like so many others, I, too, am very concerned about the lack of oversight of the "black hole" known as the credit reporting industry. However, knowing that my credit score is very important, I make sure to pay my bills on time. The credit reporting industry becomes a strong motivator to pay bills on time. In addition, as the owner of a small apartment building, I depend on satisfactory credit scores before I lease an apartment to a prospective tenant. I'm afraid to rent to anyone whose credit score and credit history are questionable. Thus, I'm caught in the middle. I abhor the black hole of the industry as a consumer yet I depend on the industry before I lease an apartment.
2
I wish someone would write about the moral hazards credit reporting agencies have to inflate the risk profiles of consumers. Lenders want to reap the maximum profit from borrowers and can justify higher interest rates by claiming higher risk premiums based on flawed credit reports as a justification for doing so. The fact that the reports are flawed to *all* lenders means that the added risk premium they charge isn't a competitive factor among lenders, in fact it almost looks like a lending cartel coordinated by a third party.
This ends up being a tax on all consumers, but especially lower income consumers who are more likely to have debt and heavier use of credit, and thus more likely to have erroneous credit reporting.
Furthermore, the credit reporting agencies' desire to use non-credit related lifestyle factors (driving records, marital history, etc) seems mostly driven by a search to find non-credit related rationales for lowering credit scores, which helps lenders sell loans at higher interest rates than they could otherwise extract based solely on credit use. It's a fantasy to believe that lenders want to loan cheaper to poor credit users with good driving records, they're more interested in justifying higher interest rates to good credit consumers with worse driving records.
5
How about we do away with them entirely? I never authorized any of the credit agencies to have my data, and the data they have is astounding. Yet they have it, they profit off it, they judge me by it, and, most important of all, they incompetently and arrogantly make me incredibly vulnerable through their cavalier use of it. If a lender or an employer want to know my credit history, I can give it to them or authorize my bank and my credit card company to print it out, allow me to show it to them, then take it back and destroy it. In today's world, that is the only satisfactory solution. Equifax's combination of insouciant incompetence and untouchable size will inevitably lead it to putting profit over security, because it is at our expense and actually increases their revenue. They must be gone. The concept has outlived its usefulness.
9
I put freezes on my accounts years ago. I decided that I will determine my need for credit and if I did not have the cash to buy something, I didn't need it. The whole idea of these companies should be illegal. Who authorized them and why? When did the collection of all personal data become a way to make money, and to allow everyone to be cheated and robbed? Why are these folks not in jail for life? And you can include all members of congress and all state legislators with them!
2
Oh please! A breach should cause us concern? Nonsense. Equifax and other credit "bureaus" were free to sell our privacy to anyone at any time. The only issue with the breach is Equifax didn't profit from the breach.
It really makes Equifax to recover that lost profit by charging us -- extortion money as the article quotes -- to freeze our credit? Americans needs a much better credit clearinghouse. Credit agency should be accountable as fiduciaries and stewards of our privacy. Our privacy doesn't belong to these "bureaus."
1
I recall a 60-Minutes segment on the giant credit reporting companies that interviewed people, who had had their lives turned upside down due to errors in reporting. These people had been fighting for years to straighten out database errors, with slow to no response from the companies that were ruining these people's lives. These "credit scores" affect insurance rates, the ability to buy or sell homes, and can cost you a good job if there are errors. As I recall, the companies require written correspondence and can't be reached by phone or email.
5
I've had this experience. Random nonsense showed up on my report (one of my former employers addresses showed up as my address), and I got into a dispute with Wells Fargo because they didn't send me a monthly statement for a couple of months, and started saying my mortgage was delinquent after I signed up for them to directly withdraw from my account (which they failed to do, but still shut off my monthly paper statements, so I had no idea they had screwed it all up).
It took *months* to get the false address off, with multiple back and forth paper exchanges in the mail. The mortgage screw up was even WORSE. They *refused* to remove it, even after I provided a signed document from Wells Fargo ADMITTING that they screwed it up and *shouldn't* have reported my account as delinquent. The three bureaus allowed me to put a *text* explanation in the report, but my *score* still went down. What kind of racket is THAT?! They KNOW they have false data, refuse to remove it, and then act like they're doing you a favor when they "allow" you to put human-only-readable text next to an error?
These 3 companies should be regulated out of business. In other countries people somehow manage to get credit without this nonsense. What makes the USA special? Is it manifest destiny that we *must* be subdued by nameless bureaucrats in giant megacorps? I ask die-hard neo-conservative Republicans, how is this better than bureaucrats in DC? At least I can *influence* the ones in DC.
It's probably too much to ask but since the only thing that matters to these 3 companies is $, fines in the 5 figures per person per breach would get their attention. However asking congress for this? Ha. They will posture a bit about the breach in the hearings but let it go as soon as the influence money rolls in.
5
How to be cyber safest in our materialist, indulgent society?
Have:
- as little debt as possible
- one email account, perhaps 2, a private and a public
- one bank account
- one credit card
- limited social media use
- strong passwords for financial accounts
- the common sense not to open email attachments without lots of scrutiny as to their origin
The more you put yourself out there the more vulnerable you become. It's a big world with lots of different kinds of people.
10
I had frozen my credit reports about eight years ago as I approached retirement and reached the point in life when I would no longer need credit. Despite this proactive attempt to protect myself, I ended up on Equifax's list of people who likely had their data compromised. It would have seemed prudent for Equifax to have moved my data to a different database of frozen accounts rather than leave it exposed. Online financial management has become a miracle of modern life, but it is in serious danger if the security of private data cannot be assured. I am slowly closing electronic access to many accounts for fear of being electronically impoverished (except, of course, for the cash and gold I keep buried in the garden for emergencies).
3
It's time to rethink this "industry" from the ground up. In the Internet era, there is no technological need for centralization of credit information. It can and should be controlled by the individuals whom it concerns. Even more than copyright, there is a 'moral right' of people to control what is known about them, without the intervention of third parties like equifax, with all of the perverse incentives to work AGAINST the very people they're collecting data on. But alas, I dream: our government, which might affect change, does not represent people; it represents corporations like Equifax.
1
One need look no further than the neocon Republicans for the cause of that:
https://www.youtube.com/watch?v=KlPQkd_AA6c
Corporations are **NOT** people, neocons. And yes, the money they earn goes *somewhere*, but it's not to the *people* who are employed by those companies. By in large it is siphoned to the top of those companies, and the employees are just cannon fodder, barely making enough to keep up with inflation... and since most corporations are *NOT* headed by founders, there's absolutely **NO** moral justification for that arrangement. Those CEOs and their cabinets are *just* employees, like everyone else. It makes absolutely no sense that they're making 300 times the line worker. THAT is where the money goes, Mitt and you other neocon fools. Corporations are built upon an immoral assertion -- that there's some logical reason why we should limit the liability of people on one side of a wall, even when they do something immoral or illegal, which is *precisely* what's happening in this situation with Equifax. This pathetic company cavalierly leaks millions of peoples' most private data out to thieves on the dark web, and not a *single* person will be held criminally liable because of the LIE of a "limited liability corporation." Corporations are a *government* created LIE (government shouldn't *have* the right to limit someone's liability -- if someone wrongs you, you are *entitled* to be made whole.)
To echo several of the comments already posted, my first thought upon learning of the unprecedented scope of this data breach was that the CFPB (Consumer Financial Protection Bureau) needed to immediately step in and mandate a complete freeze on EVERYONE'S accounts. Then consumers who need the blessings of these three corporate extortionists (Equifax, Experian and Trans Union) would (with the assistance and strict enforcement by the CFPB) be required to "opt in" to get their loans or employment opportunities unfrozen and blessed by one or more of the Big Three - with the freeze automatically reinstated at the conclusion of each approval.
And all this would be transacted through a "single point of contact" process - with the three competing bureaus required to share consumer requests via such a "single-point contact".
Until further notice, this would be the process going forward indefinitely. No consumer data would ever released to the outside world by the Big Three without the expressed consent of each consumer - who would receive a record of every transaction between each credit bureau and their sources.
And all of this would cost the consumer nothing - except their considerable time and patience.
Yes, this would require a wholesale revamping of the entire business model for the Big Three. And maybe eventually put them out of business - to be replaced by a non-profit entity operating under strict government oversight.
That couldn't happen to a nicer bunch of vampires.
9
These three companies need to be disbanded and their functions - if they are even necessary - should be handled by one’s bank or by government. These “agencies” are incredibly dangerous. Quite aside from the data breaches, their data is invariably incorrect and/or incomplete and they have little to no interest in correcting it because their clients don’t really much care. More money is made from people with poorer than better credit ratings. Nothing these companies do isn’t a self-serving conflict of interest.
1
Fidelity credit card is requiring me to remove the freeze on all three of my credit reports before they will consider increasing my credit limit. They will not accept my pin. They say that they are only doing so out of concern for my security, but I'm guessing it't the opposite. They probably don't want to make the effort to ask for my pin number to unlock my credit report, at the risk that I expose myself to fraud. The problems in this system extend beyond the credit reporting agencies. I get the feeling that we're all just dollar signs to them, and they don't care whether we are put at risk.
1
Consider opening a new credit card account with a vendor that will accept your pin. Higher credit limits may increase your risk if that account is breached. Just a thought. Additionally, if the new account is more customer friendly, you would have some small satisfaction is canceling the original fidelity account.
Perhaps this is naive, but if everyone froze their credit report at Equifax, their business would shrivel. Could we turn the tables on them by saying that we, as consumers, only deal with Experian and TransUnion which will have to be good enough? After all, banks do want to lend money and two credit reports instead of three should suffice.
7
Every person reading this article must call, write or email their representatives in Congress to insist that all 3 credit companies come under strict regulations regarding consumer credit. This is the wild, wild West of an unregulated agency given free rein to destroy individual consumer rights and protections without consequence.
Start dialing and writing!
8
Let's review:
- Over 140 million people have their non-public, personal information compromised, the protection of which should be Equifax's top priority and fiduciary responsibility.
- Management reportedly delays informing the public, thereby increasing the risk that those people affected will be harmed. The board was reportedly informed but neither the Audit Committee nor the Corporance Committee, immediately disclosed this information.
-During that time Equifax executives reportedly make unplanned sales of company stock.
-Equifax initially guides worried consumers to a solution that would cause those customers to surrender their right to sue Equifax, should they select to use the recommended solution.
- The company initially treats the $5.00 charge for customers to freeze their credit reports as a revenue opportunity. The company agrees to a short term fee waiver only in response to immense public pressure.
- The company had reportedly been made aware of the datas vulnerability by a vendor this summer and failed to install a patch in a timely basis.
This situation represents a failure of management at the highest level. The forced retirement of two functional managers is a cynical attempt of Equifax's CEO, and Board, to dodge responsibility for a broad series of failures and bad management decisions that is clearly theirs.
10
Alas, with a Republican Congress, no meaningful reform will be possible. Our only hope is the Courts.
3
I give Ron Lieber credit for being constructive, objective, persuasive and dispassionate in his description of this debacle. If I was on the jury trying this bunch of criminals, I would vote for dissolution of these agencies plus 20 year prison sentences for their employees (without parole). Where is congress or should I say what's the point of having these feckless hacks in office since they protect the financial industry - and try to get control over our Consumer Financial Protection Bureau?
1
I believe there is no excuse whatsoever for the data Equifax lost. For me, I do not see the difference between their inability to protect everyone's data and any bank protecting everyone's money. The only difference is how to quantify the breach Equifax had. This should be done by the National Credit Union Administration (with oversight). Subsequently, the Treasury Department should prosecute Equifax.
Equifax is culpable; therefore, they should be held fiscally responsible to all who had their data divulged. I think they should pay with every single penny of equity they have; the sooner, the better.
Additionally, criminal prosecution should occur at the highest level. The last thing anyone wants to see is for the mass public have to absorb the loss (meaning bail them out); just as was done when all the S and L's got off without so much as a slap on the wrist.
4
We should have laws like Sweden does - that make executives personally liable for willful abuse of the public.
7
Weeks after the breach was made public it is still impossible to get on the Equifax page to freeze one's credit. After you fill out all the information (including SSN) and click submit we still get a message that they can't process it. If Congress doesn't do anything about oversight I won't vote to re-elect anyone.
2
One problem caused by the breach goes beyond just financial considerations. The nature of the data that was obtained could be used for spoofing people and create easy access of those to obtain even more info to the point that they could change ones identity to allow entrance of terrorists into this country with a fully digitally documented, albeit someone else, persona. It would mean that someone with all the documents and digital footprint could claim to be you, enter the country, blow something up, and you would be to blame!
1
Serious problem but tip of the iceberg. Facebook, Google, you name it reviews our e-mails, steals our contact lists (they say it's voluntary but no human being can read their fine-print disclosures), and undoubtedly raids our hard drives and then sells the information. Congress must provide protection. It has been a century since the Supreme Court read the constitution to give us a right to privacy. It should have some teeth.
5
This violation of our personal information is absolutely maddening on so many levels. How did these 3 companies get anointed in the first place? What have they done to earn the right to keep getting my personal data? Who do they report to? Who sets standards they have to meet to remain certified? How many times have they damaged a person's credit without penalty?
What is congress doing now? Who is investigating? Political leaders may offer a soundbite but no action. People understand healthcare is difficult; budgeting is difficult but monitoring a system that has been in place for decades should not be difficult and failure to do so demonstrates you are not entitled to run the government and my credit.
5
My dogeared SS card, issued in 1962, has the following proviso printed at the bottom of the card:
"FOR SOCIAL SECURITY AND TAX PURPOSES - NOT FOR IDENTIFICATION".
I don't remember getting an advisory when that changed.
8
@Michael McGuire - right, I never got that advisory either! And as I recall, when I got my card in 1960, no one, other than an employer, ever asked for your social security number - not even when you opened a bank account. (I remember my parents telling the kids that we were NEVER to give our SS #'s to anyone other than an employer. Colleges, for instance, issued their own ID #'s.)
3
I have an Equifax monitoring account. The contract is therefore that Equifax will protect my data. They did not take the steps needed to protect my data, and the data of millions of other people. That's clear. Therefore, this constitutes at best breach of contract and at worst, fraud. My thought would be a class action suit by persons who held monitoring accounts at Equifax. I did freeze all my accounts immediately, as suggested by this column--I need to unfreeze them temporarily the other day, which I did, after about fifteen phone calls: Transunion charged me to lift the freeze!
1
A complete scam. Since 2008 when has one of these eternally rich gone to jail, or had their pay taken? They may do what they please.
5
Clearly, this industry needs stricter regulation. Among the measures that are needed:
The right to require your approval before any request to see your information is fulfilled;
The right to see your credit report and score at any time, free of charge;
The right to receive a notification of any change in your credit status, free of charge;
Once informed via an easily-accessible website, significant financial penalties, payable to the consumer, for a failure to correct erroneous information within 24 hours, levied by a regulatory agency without the need for an expensive lawsuit.
In the meantime, since our corrupt Congress is unlikely to approve such penalties, I hope that there will be a whopper of a class action suit over this breech -- otherwise, the agencies will have no incentive whatsoever to clean up their act.
41
I'd add, Josh, that we should be able to demand to see the credit report on us that potential employers (and other folk) obtain. There's no reason why we shouldn't be able to know what they think they know about us.
4
Josh
One more - all data is automatically frozen and only released on contact with me to verify that they are giving it someone I want them to give it to.
And never going to happen, but how about this - I share in the profits they make from my data.
7
And the response from Congress?
Crickets.
21
Who knew? The US Congress is a wholly owned, bought and paid for, subsidiary of the financial services sector industrial complex. If your Senator or Representative has no problem siiting on his hands after two dozen first grade children are slaughtered by a nut with an assault weapon, don't expect he's going to lose any sleep over this relatively trivial issue.
1
I immediately put freezes on my reports at all three; TransUnion and Experian immediately provided written confirmation, but Equifax has not done so. The Experian phone system recites the unlocking PIN number so rapidly that I could not take it down. So now I can look forward to wasting even more time trying to straighten things out with Equifax.
I can only hope the damage to Equifax reputation is so great that they will be shunned and go out of business.
28
Don't overlook Innovis, which is the fourth credit reporting agency.
2
What makes me most furious is reports that they knew of the security weakness flaw whatever it is called and did not immediately fix it. They should be criminally liable for that if it ends up being factual and had been within their power to fix.
149
They not only knew of the flaws; they knew that they had been hacked and waited months before notifying the public. During that time Equifax executives sold millions of dollars of their company's stock: that's corruption.
I fail to see how Equifax is effectively significantly different from a voluntary data collection scheme, namely Facebook. I am appalled at how many times I encounter news article sources that offer only FB as a means to register to make a comment. If people actually read the Terms and Conditions I doubt it would be very popular at all. They are in the advertising business and taylor ads to individuals on the basis of their demographics, which is fine. But they are also in the data mining business where any personal details supplied by their subscribers is for sale to the highest bidder. If users were asked, "Do you willingly consent to have your private personal details collected and sold to third parties with no compensation or recourse?", I doubt many would agree. What concerns me more is that the modern world of the net is so accepting of the existence of a company that wants EVERYONE to be a subscriber. When aspects of the net are unavailable to people that choose not to comply then there is active censorship at a level that is completely unacceptable in a free society. I shun any "news" site that has not the competence or willingness to offer any other means to comment. If enough people did likewise, then they would slowly starve due to a lack of effective advertising on such sites. For those that use and "Like" their FB, I have no problem with that being a convenience for them to use. It is when one company can control access to the net that I worry.
58
I can choose whether I want Facebook to use my information. I don't get that privilege with Equifax, Experian and Transunion. Facebook doesn't keep my SSN, credit lines, credit history and a whole bunch of other financials. That financial information is now out on the dark web. Selling information on 'likes' and my totally irrelevant photos doesn't bother me in the least. I can choose to delete my Facebook account. I can't with these three. I spent hours trying to get hold of Experian to freeze my account. I can delete Facebook in a couple of clicks.
5
Yes. I'm technically "on" facebook, but I don't go there--and if that's the only way to contact someone, tough. If I should go there, however, I'd at least delete all my history, cookies, etc., immediately afterward. FB tracks everything you do. Not my cup of tea.
I completely agree, which is why I am not, and never will be, on FaceBook. What concerns me greatly is that I work in a profession, college admissions, in which it's almost impossible to hold a position unless you agree to be on FB. The overwhelming majority of colleges and universities require admissions counselors to be on FB and, often, Twitter as well, with zero concern for the privacy of these employees. The mandatory membership in and use of FB and other social media platforms means that admissions staff are required by their employers to sacrifice their privacy in order to hold the position. I am very lucky to work at a college with a significant privacy policy (and whose staff are unionized) so that I do not have to be on FB, but at other colleges and universities, this is an absolute requirement for admissions staff. These institutions therefore show little regard for their staff, essentially treating them like property rather than as employees. The most disturbing aspect of the whole thing is how little discussion there is within the admissions profession about this violation of the dignity and worth of admissions staff; everyone just shrugs and accepts it, which is, ethically speaking, a total failure.
2
Don't be naive. The longer they wait the more they make... at $5 a piece. I tried to fight the credit rating agencies for 10 years... they reporting false information that kept me unemployable with 3 kids to pay for. They work for the Banks, the Banks are thieves who use the Credit Bureau's to discredit whomever they choose. I really wish that wasn't so. It is what it is.
35
Nobody has signed an arbitration agreement with these companies, so everyone can sue them. If you can demonstrate a financial loss, you can file at your local small claims court for a $10 or $15 filing fee. Once served, they have to send a lawyer, or they will lose the case by default. If more people did this, then they'd start to wake up.
Of course, you have to act responsibly and show up on the court date with documentation of your financial losses, and proof that these loses are due to their negligent practices.
110
You might win, good luck collecting anything.
How did you get a green check mark? Neither side in small claims has to have a lawyer, and filing fees are more like $100 to $150. Small claims courts will allow defendants to appear by phone. To force them to hire a lawyer you will have to go to magistrate or circuit court (whichever it is in your county) either pro se or hiring your own lawyer. Remember you bear legal fees if you lose.
The amount of claims you can sue for in Small Claims Court is limited to, depending on the jurisdiction, $10,000 to $15,000. If you are damaged as a result of their negligence, which you have to prove, the amount is likely to be far in excess of the limit. Small claims courts often have limits on the types of claims they will hear. They were intended to provide a forum for the little guy when their suit is ruined at the cleaner, the roofer screwed up the roof he put on, etc. they were not intended to hear complicated financial claims.
Yes, that's the next installment in this mess. Executives of the three companies will be hauled before congressional committees and get their fair share of abuse by our elected representatives. The CEOs will hang their heads, promise to do better and make some cosmetic changes. Everybody talks about the so-called popularity of Trump. Why do you think Elizabeth Warren and Bernie Sanders are so popular now? It is because the big shots in government and business hold us in contempt.
214
I just spent 30 minutes attempting to put a freeze on my credit at TransUnion. It is literally impossible to do on their website. One is constantly and repeatedly routed to a page which insists that some sort of monitoring service is purchased for $19.95/month. These agencies are a scam, plain and simple. What is one supposed to do?
275
Gee, I didn't have much trouble with TransUnion or Experian. I'm still struggling to find my way through Equifax--doing my own credit freeze worked (at least, they SAID it worked!), but haven't been able to do my husband's yet.
I completely agree. We are at their mercy though. I have excellent credit . A few months ago I changed internet providers. For the first time in years they asked to check my credit. It was good but I thought I should check my credit myself. It knocked off 25 points because according to the internet company trans union decides how "hard a hit" it is to check for a utility. Ridiculous they have that kind of power. And like you when I called trans union not only could I not understand the person talking but they kept saying " no worries" which makes me well.....worry.
About a month ago I ordered a book online from a major bookstore chain. Gave my credit card and within a week had a letter from the bookstore chain ( on their stationary) offering me a credit card. There was a number on the letter to call if I didn't want more silicitation like this. I called the number and before it would connect me to a representative, asked me to enter my social security number. The number is trans union. I called the bookstore chains marketing department and they seemed surprised but said yes they were building their credit card department by orders placed online. I assured them this was my last order from them online.
I think of the time and money it is going to cost each of us straightening out our own issues because of this breach.
7
Max out your cards and DEFAULT! That's what I did, nothing ever came to it. I still get CC offers in the mail.
I see technology law and software development in the USA and Europe. One thing that is very noticeable is that the European Data Directive, both the 1995 version and the updated 2016 version has created a very different business coloured and software/database development culture in Europe as compared to the US. The existence of real legal rights in Europe with real “teeth” means that European businesss that handle “personal data” and “sensitive personal data” as EU law defines it are much more careful than in the US.
Indeed, when you talk to their US counterparts, you get the distinct impression that they regard EU data law as a quaint obsession in Europe. There are doubts in fact that the US-FTC is properly policing those US entities that have agreed to be in the EU-US safe-harbour arrangement, because despite thousands of US entities having signed up for this regulation (to be able to have EU sourced data), the FTC seems to catch nearly no one breaching the rules, which is inherently unlikely.
Interestingly, Equifax admits that the data of hundreds of thousands of European residents leaked in this breach - but it may be millions. This means that it may face consequences in several EU countries for this same breach. They may be much more severe than Equifax faces in the US. Perhaps it’s time for the US to copy EU data protection laws?
157
Great point - in the EU, Equifax could face significant consequences, which is why in there is some moral hazard.
In the US, it comes down to citizens suing the company, a valid but old-fashioned way of dealing with systemic failure. In the US, this speaks of a huge failure of regulation. Equifax has no interest in protecting the people it makes money out of because there is almost zero incentive to do so. This feels predatory.
3
Why would this Congress do anything to hurt their donors? The craven indifference of the credit reporting agencies to the public's privacy and safety is matched only by that of our elected representatives. Both groups clutch on to power, money, and information with an insouciant sense of entitlement.
215
Is our Consumer Protection Agency out to lunch? I know Congress has been, but still, are there no government actors with the authority to bring these data merchants to heel? Why should we have to contact them for a freeze? How about a mandatory freeze on all files beginning right now. To unfreeze, the big three would then have to contact each and every one of us for permission to unfreeze, with a detailed record of whom they actually contacted, where and when. Too costly? Too bad.
395
Well, Republicans are, and have been, in charge.
1
It's my understanding that the Consumer Protection Agency has been hampered by the Republican Congress.
2
I am guessing that Congress won't act because lobbyists for Equifax, and the other two, give lavishly to increase the wealth of Republican Congressmen via campaign funds. Their excuse for inactivity goes under the lying guise of their typical cover ploy - "There is already too much regulation stifling business".
121
Wealthy Congressional 'representatives (!)' exist because of the tolerance and ignorance of the American electorate.
The American electorate is our #1 problem.
2
Hmmm. Maybe the point ought to be driven home by telling them they THEIR and their family's SSN, DOB and other data has been sent to the dark web and is for sale right now at bargain prices.
We need to regulate this industry like a utility. They clearly are not responsible enough to set standards on their own. Users should have the ability to lock their data down as they see fit without being charged a dime. It is my data, not theirs.
475
How about making the "default" position a "lock" or a "freeze" of our data!? Perhaps that would represent, ever so slightly, that we in this country take a new approach to our taste for credit. Now that's really radical!
4
There is no accountability for a breach in security for the management of Equifax, Experian, Transunion: they say SO SORRY WE BLEW UP YOUR CREDIT AND YOUR LIFE and now that they are breached we cannot do the same to them
3
I earned my Bachelors in Computer Science 20 years ago and have several IT certificates. I have been working on large scale infrastructure support, mostly desktop users, for 20 years. I have a great interest and passion for the arts including music, theater, fine arts and more. While in college I wanted to major in the arts, however I found substantial work opportunities in Computer Science. I became passionate for many aspects of the interface between computers and human life, having supported computer systems in different types of organizations. For 10 years I have worked part time on weekends as a Security Guard. I would like to get my Masters in Cybersecurity and have a passion to contribute to this cause. All along I have wanted to study the arts and have learned a lot by reading and visiting arts institutions. I can relate to most everyone's comments on the Equifax phenomenon and agree that both a well rounded work/life experience is necessary and recognition of demonstrated computer security expertise promotes the building of a more robust financial system that is more resistant to corruption. As banks are utilizing technology such as Blockchain, hopefully we are building a hack resistant foundation for future scalability. I anticipate my role in Cybersecurity will be using tools to monitor the latest software updates are installed to harden computer systems and to educate users on best practices.
Adding to the list of stings: if you were able to get through to sign up for a freeze, you found out that the generated PIN was easily guessable as it was a date/time stamp. The Equifax freeze site was easily spoofed and then the link to the fake site was tweeted out by Equifax itself. Equifax was found to have used admin as both the username and password for one of their systems.
The only news that made me slightly hopeful was that a small credit union in Wisconsin filed a class action suit for financial damages as they are on the hook for fraudulent transactions. Given that the scope of damages could be huge, if enough banks and credit unions sign on, then goodbye Equifax.
[Related note: don't let Congress pass legislation allowing companies like Equifax to be able to bypass class action suits by forcing everyone into binding arbitration. Class action exists to bring justice exactly in cases like this where there are just too many victims to address.]
230
Congress already voted down a recent proposal (but before the hack) that would have allowed class action lawsuits against companies like Equifax.
1
Well written!
13
Welcome to the party pal! Many millions of us have already been exposed to significantly worse exposure through the OPM hack which contained entire security clearance files, finger prints, family addresses and phone numbers, travel, medical information, etc.
16
There was a similar hack at the Department of Energy a few years ago that involved their security files, for which we DOE contractors received a [paper] letter informing us of the hack. Sometime later I was the victim of identify theft; of course I have no evidence that the two incidents are or are not related. What is disturbing about Equifax is that this a company that I am compelled to associate with whether I want to or not; every time there is a credit card hack (often) everyone is advised to go to Equifax and the other two credit agencies for credit monitoring. I also have no evidence whether my involuntary association with Equifax contributed to identify theft. If you lived in Washington DC in the 1980s your SS# is already public information; DC DMV used residents SS#s as their driver's license numbers. So yes, our country's data management system looks like Swiss cheese because these organizations suffer no lasting consequences from losing control of valuable (to others) data they are supposed to be looking after. The key is for there to be lasting consequences for data mismanagement. Just firing the CEO isn't really lasting consequences; permanent restrictions on an organization's ability to conduct business and permanent external monitoring of their business operations and finances by a functional regulatory body would be lasting consequences. In the meantime, I can also recommend ditching your bank and finding a good credit union that really knows its customers.
1
Not to mention that almost every federal human resource system uses employee social security number as an identifier, which is against federal rules.
5
That queasy feeling is the loss of sovereignty over oneself.
Big Data is about nothing less than the monetization of humanity. Human beings are the product. Big Data is the choke collar that keeps us tethered and placid.
This is the end result and yet another easily predicted outcome of neoliberal economic policies of upward wealth transfers (aka upward power transfers), flat and low wages, dis-empowered workers, lack of regulations (aka consumer protections), lack of antitrust policies – the harms both visible and non-tangible, go on ad nauseam.
All because cultures and societies for the last 40 years since Reagan have been trained to glorify business, denigrate government, worship celebrity and the uber-wealthy, and trade citizenship for consumerism.
Cambridge Analytica and Robert Mercer intend to find your pain point, the most financial and emotional stress you can bear when buying something as real as health insurance or as insubstantial as their Big Lies.
Don’t like it? Too bad you are merely a meat sack who’s every waking moment; bodily functions, fears, and needs are an opportunity for corporate revenue.
And you will never know what these Malefactors of Big Data truly have on you, because you have no rights.
But objects never have rights, do they? You are a product on a shelf and your label is Data Slave, and your price is whatever you will fetch on the auction block of the free market.
46
Incredible that Credit Karma thought it would be a good idea to place banner ads on this article.
9
There's an incredibly easy way for the credit bureaus to massively decrease the fraudulent use of people's SS numbers - they could institute two-factor authentication every time a person's credit report is accessed. That way the onus is on the consumer to approve access. The question is, since they hold our most valuable information which is critical to how we live our lives - why haven't they?
110
Great question! Why hasn't this all been tightened up long ago? So which segments of our society benefit most from not getting this right? One thing for certain: they must be in positions of great power and wealth, usually behind the curtain, obscuring scrutiny.
3
You know, the SS# was never meant to be used as it is now. In 1962, the IRS started using it as taxpayer ID, and from there, we slid down a long and slippery slope to where we are now.
6
Certainly our "representatives" in government will jump on this!
Just kidding, they are the ones responsible for the lack of regulation in the finance industry.
32
When the breach was first announced the equifax website indicated that my data had been compromised. Today, it states that it was not. How much confidence should one have in the most recent response?
33
We got in and out of the Equinox whirlpool in about a day and a half. Unscathed.
Both the regional bank and moderate sized credit union here gave us scant advice and seemed to know less than we did/do. I would think that the credit union would have it in their interest to protect members data.
3
A better solution to the credit freeze problem is that everyone whose information was compromised should automatically be enrolled in a credit freeze for free. The action consumers would have to take is to opt out of the credit freeze instead of opting in. Of course this should be free. This would eliminate many of the problems with communication and trust. It's the price Equifax has to pay for being so careless with our information.
104
You assume they know who was compromised. Maybe the reason they haven't sent letters yet is they don't know even this. Any info on this NYT? If they really don't know, then the responsible thing to do would be to freeze everyone. But that would shut down the entire company. (Though there is precedent for this: The FAA has grounded entire airplane model families when problems have been found, until the problems are corrected.)
the president of Equifax’s information solutions unit in the United States and its chief financial officer sold stock after the breach was discovered but before it was made public. If they knew about the break-in, they violated insider trading laws. The company says they did not know.
THEY LIE!!!
71
Start today to find a credit union and build your reputation and spending and savings history with the credit union. We started with the University of Texas Credit Union and then switched my husband's company credit union. I don't think they think twice what Equifax thinks about us. They have known us for over 50 years, since they helped us buy our first car, just before we married. They know we never spend lavishly and that we usually have saved before we buy a car, usually a used Honda or Toyota that we then drive for 14 years. The $$ saved on new-car loans were enough to send our son to Cal Tech w/o a loan. House bought on 15-year loan, w/ 20% down, paid off in 12th year, because the S&L crisis in the 80s had lead to swapping loans and then trying to get us to build an escrow fund that they could play with -- NO Way !
28
Even without a credit union, living at a "lower" standard of living than you can afford is the best--almost the only--way to build financial security. And is it really a higher standard of living, if you have two new cars and nothing in the bank?
1
i've given up any pretense to privacy. As a federal employee with a security clearance, my personal information was stolen (by the China?) in the Office of Personnel Management breach two years ago. Now my data has been stole from Equifax. I don't know how to protect my personal information. I have frozen all my credit reports, but I'm not sure how much that will help since many creditors don't run a credit check.
I am glad that the credit agencies exist. I took out a home mortgage last year, and the process was relatively painless. My guess is that the process would have been much more cumbersome without the services that the credit rating agencies provide.