By Kelly Hartog
It's been more than seven months since the credit reporting agency Equifax revealed in September 2017 that 143 million Americans' personal data – including Social Security numbers, addresses and birthdates – had been accessed. Several weeks later, they announced that number was actually 145.5 million.
Even though the data breach occurred between May and July of 2017, Equifax waited until September to inform the public. Senator Elizabeth Warren (D-MA), released a 2018 report that showed the breach was even worse than initially believed, including that Equifax had stated that the information was only accessed, when in fact it had been stolen. The report also showed that passport numbers had been stolen.
Warren also revealed in her report that Equifax used a federal loophole to get a $7 million contract with the IRS.
"Equifax and other credit reporting agencies have taken advantage of consumers for years, collecting their data without permission and turning a huge profit while failing to adequately protect that data," asserted Warren's report, demanding that credit reporting agencies face real consequences for endangering consumer data. The report called for federal legislation that imposed appropriate fines and empowered the Federal Trade Commission to institute basic data protection standards for the credit reporting industry.
However, as of April 2018, the only person who has been charged is Jun Ying, a former chief information officer for Equifax's U.S. information solutions business. Ying is now facing criminal charges in the state of Georgia for insider trading, after allegedly selling almost $1 million worth of shares prior to the announcement of the breach. According to estimates from the Securities and Exchange Commission, Ying's shares would have been worth $117,000 less if he had sold them after Equifax announced the breach.
Yet while insider trading is a criminal offense, it's unlikely that any other charges will be brought against Equifax because the breach was due to Equifax's incompetence – which is not a criminal offense. Not updating its software is what allowed hackers to steal the data.
Fortune Magazine reported that while some executives at other companies have been charged in the past for endangering public welfare under a rule called the "responsible corporate officer", these were all connected to food, drug or environmental cases. Those industries are regulated by specific laws, but there is currently no federal law that applies to personal data, despite the fact that the possession of the data stolen from Equifax definitely has the power to ruin people's lives.
As Justin Lavelle, Chief Communications Director for the online background check system BeenVerified.com noted, "The information that was taken from Equifax is especially problematic because it's basically your financial packet and all of the information that may be used to access retirement funds and bank accounts. Those are things that current credit monitoring doesn't watch."
Leslie Tayne, Founder and Head Attorney of Tayne Law Group, agreed. She said, "The breach accessed more of consumers' personal information than the company disclosed publicly last year, information such as birth dates, Social Security numbers, credit card numbers, driver license information, and other important personal data could very likely be in the wrong hands."
She also noted that part of the ongoing problem now is that there have been no updates about the hack recently. "It's no longer in the front of consumers' minds anymore. People are saying, 'I haven't heard anything, and nothing happened to me, so I can just forget about it now.'"
Tayne warns about not falling prey to this false sense of security. "The reality is the information is still out there. I believe strongly these people who have this information are not going to do anything with it right now. They're going to hold onto it and they're going to use it at some point in the future - in a year or two or three, when things get quiet and the public is distracted by something else."
It's something that Warren's report also addressed, stating, "Equifax … put millions at risk of identity theft for the rest of their lives."
Lavelle concurred. "Identity thieves often wait to use the information they have stolen until they think it may no longer be on your radar. In addition, they also sell the information [rather than] using it themselves to the highest bidder and that can also take some time."
So what can consumers do?
Tayne recommends consumers invest in regular credit report monitoring. "Yes, there's a cost for it, but seeing your quarterly reports from all three credit monitoring bureaus and receiving notifications when someone checks your credit is important. It's an insurance policy. You spend $12 or $15 per month to watch your credit and that gives you safety and security." Credit Manager by MoneyTips enables you to monitor your credit at no charge from a single bureau to combat identity theft as well as see your credit report and score. There is a charge associated with monitoring all three major bureaus.
Lavelle recommends freezing your credit, but Tayne said that only works for the disabled, those in a nursing home or those who are elderly and no longer need credit. "For those of us who need credit on a regular basis, freezing and unfreezing is not a practical way of life," she said.
Lavelle also recommends calling Equifax customer service to determine what course of action they have implemented on behalf of customers whose information has been compromised. "You should be checking your credit on a regular basis for possible attempts to open accounts in your name along with credit card activity on all credit cards, banking, IRA and other financial accounts tied to your Social Security number," he said.
You should also change your passwords on all accounts and run a background check on yourself, to ensure all the information is correct. "If your name is connected with unknown associates or a number of incorrect relatives, then that could be a sign of a larger problem," Lavelle said.
If you would like to prevent identity theft, check out our credit monitoring service.