Equifax recently suffered a massive data breach compromising the sensitive information of over 140 million Americans. The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers.
As the week progressed details of the breach are raising some serious questions. How do consumers protect themselves? What happened? What is the company doing? is Congress doing about it? Did executives know of the breach and dump stock?
These questions demand answers. African-American consumers need to understand the incredible impact of this data breach and how to respond. First and foremost we need to focus on how we can protect ourselves from fraud and identity theft.
How do you protect yourself?
First things first. Go to EquifaxSecurity2017.com. Click the “potential impact” tab that directs consumers to a form where you can check by entering your last name and the last six digits of their social security number. Equifax has also set up a telephone hotline at 866-447-7559.
That is the standard corporate reaction to a data breach. But here is the problem with that. People are asking why should they give the company more information when they failed to protect the data they already have? You’re stuck. This is all Equifax can do. But you can take other steps.
First, check you credit reports. You can get a free copy of all three credit reports at AnnualCreditReport.com. Make sure you get reports from all three agencies. Be on the look out for suspicious accounts or charges you don’t immediately recognize. Report any suspicious activity to the police, the credit reporting agencies and all your creditors. Immediately!
Second, check all your charge accounts and bank statements. Again, look for suspicious activity. Change the passwords on all your online accounts. You need to do this immediately and often. At least once a month or more. Its a good idea to check your balances daily and be on the look out for small charges like $2.00. This may indicate that someone has your data and is preparing to use it. Make this a regular practice for the rest of your life. The stolen information is out in the wild of the Internet and could be used years from now. So be vigilant. Experian offers a service that scans the dark web for your information. Make use of it. Most stolen information is sold on the dark web from one criminal to another.
You may want to consider placing a freeze your credit reports. This stops thieves from opening new credit cards or loans in your name. But, keep in mind that it also prevents you from opening new accounts. So if you want to use credit for a purchase you will need to lift the freeze a few days beforehand.
Also, protect your children. Check their credit report if they have one. Make sure you freeze their credit file if you can. For older children make sure they understand what has happened and what to do. Identity theft is rampant on college campuses.
How did this happen?
That’s the big question. Equifax Chairman and CEO Richard Smith said hackers “exploited a U.S. website application vulnerability to gain access.”
But analysts are asking what application vulnerability the attackers might have exploited. The danger in the potential answer is; If Equifax, one of the nation’s biggest credit-check companies was hacked, then many other organizations are also at risk.
According to a Baird Equity Research report on Equifax hackers exploited a flaw in the Apache Struts computing platform. This is highly technical so let me explain as best I can. The software code that operated Equifax’s network and data storage contained a flaw that hackers understood and used to gain access. This flaw may or may not have been patched or updated. Equifax is blaming the technology company, Apache. Apache is denying it. No one knows and no one is talking…yet. Cue the lawyers! That’s about the best explanation we can get right now.
What is Equifax doing?
So far Equifax has been offering free credit monitoring. Again, this has become a standard, and often weak, response to a data breach. But other actions are being criticized by consumers. First of all Equifax came under fire for asking consumers to give up their right to sue for damages as a result of the hack.
Equifax backed down and changed its conditions after being sharply criticized for trying to force consumers to sign over their rights to legal action in order to enroll. Equifax removed the language from their Terms of Use agreement on a third-party website victims use to sign up for the credit monitoring service. It also changed the FAQ in its own website to confirm that enrolling in the credit monitoring offer does not nullify any rights to take legal action.
The company has also been criticized for what some consumers are a calling a bait and switch scam. According to consumers the company offers the free credit monitoring for a short period and requires the consumer to enter credit card information so Equifax can charge them for the service after a pre-determined period of time.
Again, Equifax caved to the demand saying it will no longer require a consumer’s credit card information when they enroll in the supposedly free service. Many thought the offer was basically sleazy because Equifax could end up making money off the breach.
What is Congress doing?
Of course Congress is going to ask questions and hold hearings. There is bi-partisan outrage at the data breach and if you to want to know the truth that’s about all you’re going to get. In the past, and it continues to this day, the elected leaders of this nation have refused to pass any, ANY, substantial laws that protect consumer information or punishes companies for these repeated data breaches. That includes the Protect Children from Identity Theft Bill. So what is Congress doing or going to do? NOT A DAMN THING!
Did Equifax executives dump stock?
Of course they say they did not and they knew nothing of the data breach before selling the stock. But we need to look at the evidence and it is telling a different story.
First of all the data breach became known to Equifax more than a month before they informed the public. According to CNBC three executives of Equifax sold the shares days after the data breach was discovered.
The executives were named as Chief Financial Officer, the Workforce Solutions president and the U.S. Information Solutions president. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.
According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”
Question; how can a data breach this big be withheld from top company officials? Especially the chief financial officer and the the president of information solutions? These are two key people who should have been notified immediately of the breach. So Equifax is asking us to believe that they knew nothing.
And why would they sell their stock? Here’s why. Since Equifax announced the breach, the company’s shares plummeted by over 20 percent erasing billions of dollars in market value. In roughly 90 minutes Equifax shares went from $142.70 to around $111.30. Some financial experts believe prices will drop to around $100 by mid-October. ‘Nuff said.
Now you know.
I had just signed up for Equifax again. How will that membership be impacted? Will I be billed for a service that I have not had for more than thirty days?