MoneyTips published an article explaining that Equifax has yet to be punished for the data breach that compromised the personal data of more than 147 million Americans. We wanted to know if the credit bureau should be punished... and if so, how?
"The enormity of the Equifax data breach cannot be overstated," says Professor Steve Weisman, who teaches White Collar Crime at Bentley University in Waltham, Massachusetts. "As many as 148 million people now have the threat of identity theft looming over them for the rest of their lives."
In an exclusive MoneyTips survey conducted in 2018, we asked:
Nearly 9 in 10 (89.8%) of the 1,132 respondents of the Google survey believe that Equifax deserves some punishment. Among the weighted results, nearly 2 in 5 (39.6%) believed that the bureau should give victims identity theft protection for life. Equifax did provide some people with free identity protection services, but only for a year.
According to the survey, 27.1% of us feel the company should pay a multi-billion-dollar fine. Moreover, nearly 1 in 4 (23.1%) feel the company should face criminal charges and possible jail sentences.
Says Professor Weisman, author of Identity Theft Alert, "Equifax acted quite irresponsibly. The data breach was caused by a hacker exploiting a vulnerability in Apache Struts software used by Equifax for which a security update had been issued two months previously, but Equifax failed to promptly update its software and its negligence in promptly updating the software was a primary reason for the data breach. In addition, Equifax delayed in informing authorities and the public.
"Nevertheless, while criminal charges are not warranted under present law, the company should be subjected to substantial civil liability through the class actions against Equifax presently filed as well as large fines from regulatory agencies such as the Federal Trade Commission."
Men were less likely than women to punish the huge firm but tended to mete out stronger punishment when they did. Only 1 out of 8 men (12.5%) believe that no punishment is warranted, compared to less than 1 out of 12 women (8.1%). However, men were more likely to pursue multi-billion-dollar fines (29.2%) and criminal charges (26.2%) than women were (25.2% and 20.2%, respectively). Women were much more likely to settle for free lifetime identity theft protection (46.5%) than men (32.1%).
Adds Weisman, who is also an attorney, "It should be noted that identity theft protection as offered by Equifax offers absolutely no protection from identity theft, but only consists of credit monitoring that would enable someone to learn sooner that they have become a victim of identity theft." For free credit monitoring as well as free credit reports and scores, join MoneyTips.
We also examined how the breach affected people. Over half revealed that the huge hack of personal data had affected their behavior. Respondents reported (multiple answers allowed):
The most popular choice for how the hack affected behavior is, "I avoid public WiFi while using credit cards" (17.6%). Right behind that was "I drastically cut back on using credit cards" (15.9%) and "I use cash only" (15.3%). Less frequently chosen were "I don't use credit cards online" (6.5%) and "When I hand a clerk my card, I hide it" (3.2%). Less than half responded, "None of the above".
Cautions Weisman, "Even if you're trying to cut back on credit card use, do not substitute debit cards instead. Due to stronger consumer protection laws for credit card fraud that do not extend to debit card fraud, it is important for people to refrain from using their debit cards for anything other than at ATMs.
"The most important thing anyone affected by the breach should do is to place a credit freeze on their credit reports at all three of the major credit reporting agencies – Equifax, TransUnion and Experian."
Protect your credit – protect your identity – protect yourself with a free MoneyTips trial.
For more of our exclusive data and insights, visit MoneyTips Identity Protection Survey Findings.
Equifax logo in the public domain