From roughly mid-May through July, hackers had access to the sensitive information of 143 million Americans due to a major data breach at Equifax, one of three of the country’ major credit reporting bureaus. According to the Federal Trade Commission, consumers’ names, Social Security numbers (SSNs), dates of birth, home addresses, and driver’s license numbers were all vulnerable to the attack. The credit card numbers of nearly 209,000 people and dispute documents for about 182,000 were all stolen, and some personal information of UK and Canadian residents were also taken.
Following the breach, Equifax scrambled to mitigate the fallout and replaced now former CEO Richard F. Smith, who held the position since 2005. Paulino do Rego Barros Jr., the head of Equifax’s Asia-Pacific region, has taken his place on an interim basis. The company’s chief information officer and chief security officer have also stepped down.
However, swapping out upper management certainly isn’t enough to both repair the damage of the breach and regain the trust of consumers, especially because of the sloppy handling of the situation, which included waiting more than a month to notify the public of the breach, selling stock days after the hack was realized, and directing customers via its Twitter account to a fake phishing site instead of its own security update site.
The most scrutinized area of the company is now, of course, its data security, but the Equifax site itself has experienced repeated crashes as millions of people try to find out if they were at risk. According to The New York Times, “people who were potentially affected were unable to sign up for protection the company was offering, or even, if they had been successful, could not get the service activated.” Equifax also decided to charge people a fee to freeze their credit files, but quickly stopped doing so after swift and harsh backlash.
Giving Consumers Back Control
In a continued effort to ease the minds of consumers and stakeholders and help the company recover, Equifax has recently vowed to give consumers more control over their credit data and has released a new lifetime service. In an apology issued to The Wall Street Journal, interim CEO Barros Jr. stated, “On behalf of Equifax, I want to express my sincere and total apology.”
He revealed plans for a new credit-monitoring tool that will allow consumers to “easily lock and unlock access to their Equifax credit files […] free, for life. […] We know it’s our job to earn back your trust.”
That job won’t be easy. The entire situation has led to a number of federal and state investigations, and the site continues to fumble, leading consumers to wonder if they need much larger, more impactful changes because of the monopoly they have over people’s credit.
In the meantime, there are steps you can take to protect yourself from the fallout of a data breach:
- Monitor your credit and bank accounts on a regular basis for any suspicious charges.
- Change your account passwords every 6 or 12 months.
- Guard your personal information by investing in identity theft protection, such as LifeLock, that will monitor your activity for you. Also be wary of sharing your information online or over the phone and shred documents before throwing them away.
- File your taxes early in the year; scammers often try to file tax returns in people’s names to get the refund.
- If you do suspect or know of a data breach, freeze or put a fraud alert on your credit files.