The Anniversary of the Equifax Breach

It’s been a year since the massive data breach at Equifax, and Billshark thought you’d like to know what has happened in the wake of this security failure that exposed the personal data of 148 million Americans. To refresh your memory, last September Equifax, one of the three major credit reporting agencies that collect our personal financial data, admitted—six weeks after discovering the breach—that hackers had been able to access Social Security numbers, names, dates of birth, addresses, drivers license numbers, credit card and other personal information on over half the population of the United States. And three of its top executives sold large blocks of its stock days after Equifax discovered the breach, but before it was revealed to the public.

First, Congress leaped into action and passed a law, upheld unanimously by the Supreme Court, allowing consumers to opt out of the collection of their personal financial data without their express consent. It also passed a law forbidding the use of Social Security numbers for identification by anyone except the federal government, specifically the Social Security Administration (SSA). Third, the CEO and all the company’s major officers went to prison. Finally, the government fined Equifax $1.5 billion for its breach of trust.

Sorry, no. None of those things happened. No one went to prison, although the then-CEO, Rick Smith, did apologize. The company hasn’t been fined a penny. Instead, Equifax reported a profit of $236 million this year. Equifax offered free credit monitoring to anyone who was impacted by the breach, but the terms of service contained language barring anyone who used this service from later participating in a class-action lawsuit. And the big three credit agencies continue to vacuum up our most intimate data, including Social Security numbers and dispense it to anyone they like.

“If the breach [had] happened 10 years ago, consumers would have been shocked and demanded change,” Brian Vecci, a technical evangelist at Varonis, told CNET in an email. “Now they are more likely to be jaded and under the assumption that someone already has their personal data or has access to it.”

Here’s what else has happened since last September. CEO Smith resigned. Equifax’s chief information officer and top security executive both retired. Equifax hired a new chief technology officer. The Securities and Exchange Commission (SEC) charged a former Equifax executive with insider trading for selling shares of Equifax prior to the disclosure. The Government Accountability Office (GAO) released a report this month explaining how the company was hacked. The Federal Trade Commission (FTC), the FBI, and the Consumer Financial Protection Bureau (CFPB) is still investigating the breach, though no action has been taken against the firm.

Congress did, in fact, pass a law providing that consumers can freeze and unfreeze their credit for free. This law, which went into effect this month, will not prevent anyone from filing a fake tax return and stealing your tax refund. It also won’t prevent thefts from your current accounts.

The most serious after-effect of the Equifax breach was the theft of Social Security numbers because those numbers follow you for your entire life unless you can convince the SSA to give you a new number, not an easy task. This means that, because your SSN is “out there,” you are subject to being the victim of identity thieves for the rest of your life.

Therefore, if you aren’t doing so already, make it a practice to check your credit report annually. You can get it for free once a year from each of the credit reporting agencies: Equifax, TransUnion, and Experian, at AnnualCreditReport.com. If you see anything there that you haven’t authorized, contact both the company that issued the account and the credit reporting agency.

It’s also important that you freeze your credit to prevent thieves from opening new accounts in your name. There is a difference between a credit freeze and a credit lock. With a credit lock, potential creditors can still view your report and may grant credit to thieves who are impersonating you. With a freeze, creditors cannot see your credit report at all until you unlock it. A freeze may also offer legal protections that a lock does not.

This new law provides for free, unlimited freezing and unfreezing, which you can do online with a 10-digit PIN. If you plan to buy a home or open a new credit account, you’ll have to unfreeze your account up to a month before approaching a new creditor for a loan.

Until the government steps up to protect us from the fallout from the Equifax breach, as well as other such breaches, these are the only two avenues available to the consumer.

And, of course, Billshark is always on your side. Let our sharks sink their teeth into your bills. We can find you hundreds or even thousands of dollars in savings.