Equifax Response to Cyberattack is Lacking

Equifax's Response Falls Far Short of Their Responsibility

The massive security breach at Equifax raises serious concerns over not only Equifax’s data security, but also your own personal security. The basics of the Equifax security breach are you are likely a victim and are at risk. Names, Social Security numbers, dates of birth, and addresses were all exposed.

Unfortunately, Equifax’s response to the attack is lacking, both in it’s scope and in its understanding of the true impact on consumers. This is not the complaints of an outside observer who doesn’t truly understand the industry. I worked in the banking and financial industry for nearly a decade, including as a Vice President for a credit union. I understand the industry and the impact this breach will have on consumers.

Equifax’s Immediate Response is a Good Start

Although we would prefer these types of things never to have happened, Equifax’s immediate response to the data breach was exactly what you would want. Even prior to announcing the breach to the public, Equifax reported the breach to law enforcement and hired a cybersecurity firm to investigate the breach.

Equifax also created a website exclusively about the breach to communicate with consumers and provide resources. The site, www.equifaxsecurity2017.com, offers information about the breach as well as enrollment in the resources they are providing to consumers.

What Equifax Will Do For Consumers

To help consumers deal with the fallout from the data breach, Equifax is offering a one-year free subscription to their TrustedID Premier program to every person in America. The service offers a variety of benefits for consumers, including:

  • Credit monitoring of Equifax and the other two credit bureaus
  • Copies of Equifax credit reports
  • The ability to lock and unlock your credit file to keep others from applying in your name
  • Identity theft insurance to help you deal with fraud
  • Scanning the Internet for your Social Security number

Why The Equifax Response is Lacking

Although the gesture is appreciated, the TrustedID Premier offer is akin to getting stabbed in the heart and a friend offering you a napkin to clean up some of the blood. For those whose information was compromised, this is not going to be a one-year problem.

The Magnitude of the Problem

Your name, Social Security number, and date of birth do not change. And a thief does not have a deadline for using the information to steal your identity. People’s whose information was compromised will be at risk of identity theft, tax fraud, and other crimes not for a year but for the rest of their lives.

Further, the ability to lock your Equifax credit file is wonderful for stopping fraudulent loan applications if the financial institutions is using Equifax, but it will do nothing to stop fraud if the financial institution checks your credit with Experian or Transunion.

Risks Beyond Fraud

Victims are not only at risk of thieves stealing their identity and taking loans out in their name. Criminals can also use the information to file and claim the tax refund a father was planning to use for a family vacation.

The stolen information could cause a mother returning to the workforce to lose a job opportunity when the fraudulent acts of identity thieves show up on background checks. And an inaccurate credit file could cost a young family the ability to buy a home. or increase the interest costs of the loans, reducing their savings ability.

The data breach is not limited to digits and information. The crimes which can result from the breach will have real consequences for real families. 

Victims Need Help, Not A Paid Service

A one-year subscription to an identity/credit protection service is not commensurate with the scope and scale of the damage which has been done by this data breach. This does not look like a company understanding the gravity of their mistake and working to make victims whole.

Worse, a one-year free subscription looks more like the promotional pricing your cable company offers to get you to buy cable. As a former financial industry marketing executive, I have a pretty good idea of what a promotional strategy would look like. And this smells of a company taking a horrible breech of their responsibilities and turning it into a sales opportunity.

What Equifax Should Offer

Equifax is at the center of a crime which has irreparably damaged the victims. There is no way for them ever to get their data back. Equifax needs a response which is equally permanent. Here is what I suggest:

Permanent Complimentary TrustID Premier

Equifax's offer of their TrustID product for free for one year for everyone in the country, is a good start. A one year band-aid for everyone makes sense because at this point we don’t know who has been victimized.

Once we know whose data was compromised, however, Equifax should offer their TrustID Premier service to victims for their lifetime. Yes, this will be at an enormous cost to Equifax, but the permanent protection of the victims is now Equifax's responsibility. For individuals affected, the TrustID Premier service can no longer be a revenue source for Equifax, it must now be a cost of doing business.

Funding of a Victim’s Compensation Trust

A trust should be set up, either privately or with a government agency like the FTC or the CFPB, to provide financial and legal assistance to people who have their identities stolen. The trust should be funded initially with sufficient moneys to assist victims for the next decade. Additional contributions to the trust should be expected from other companies who have data breaches which expose consumer data.

Lead The Industry in Making Credit Locks Free

Equifax is at the center of the data breach this time, but Experian and TransUnion will one day also become a victim of a cyberattack. To protect consumers, the industry must make the ability to lock and unlock their credit file a standard and free feature of the bureaus. Considering data breaches are a matter of when rather than if, consumers must have control over when their credit file can be used to take out new credit and when their file is unavailable for that specific purpose.  

What You Should and Can Do

Sign up for the TrustID Premier product. This is a good starting point for protecting yourself during the next year while we figure out who was compromised and who's data is still safe. www.equifaxsecurity2017.com

Check your credit report for free at least once a year. You are legally entitled to a free report from each credit bureau each year, make sure you get yours. www.annualcreditreport.com

Write to the Consumer Financial Protection Bureau (CFPB) and your congressperson demanding they put preassure on Equifax to step up with a response commensurate with the magnitude of the situation. www.consumerfinance.gov/complaint/

Share this article with others and encourage them to write to the CFPB and their congressperson. The more complaints are made, the more pressure will be placed on Equifax to do the right thing.

Take the Purposeful Finance Challenge

In just a few minutes a week, you can move toward financial independence. Each week you will receive a simple action item to take to improve your financial situation. (Including reminders to check your credit report for free 3 times a year!) Visit our challenge page and commit to build your financial plan one week at a time.

Joshua Escalante Troes.jpg

Joshua Escalante Troesh is a tenured professor of Business at El Camino College and the founder of Purposeful Finance. His career, including as a former credit union Vice President of Marketing, offers insight into what the Equifax data breach means for consumers. He can be reached for comment at info@purposefulfinance.org.