By Kitty Testa
Equifax, one of the country’s largest credit reporting agencies, which is in possession of millions of pieces of consumers’ personal data, announced Thursday that it suffered a cyber-attack in which information on 143 million consumers was breached. 143 million. That’s social security numbers, driver’s license numbers and dates of birth for almost half of the total population of the United States now in the hands of identity thieves, as well as credit card numbers belonging to 209,000 consumers.
According to Equifax, they discovered the breach in July which had been in progress since May. Equifax registered its consumer assistance domain, www.equifaxsecurity2017.com , in August, but didn’t disclose the breach to the public until September 7. Surely they’ve been more concerned about corporate damage control than the consumers who are affected by the data breach.
This isn’t the first breach Equifax has suffered. In 2016 and hackers hit Equifax and absconded with W-2 and salary data from an Equifax payroll service, TALX.
If Equifax monitored its own systems as fervently as it monitors consumers, they might not have suffered these breaches. But let’s, for a moment, consider who really is going to suffer here.
This morning you can find numerous articles on who you can protect your information from the identity thieves that may have access to the data stolen from Equifax. Equifax management thinks it is somehow being magnanimous by offering one year of monitoring to all Americans after the breach–provided that consumers agree not to sue Equifax. (How much you want to bet that after a year it will automatically bill to your credit card and be impossible to cancel?) Why only one year? Will our social security numbers, birth dates, addresses and mothers’ maiden names change after twelve months? The sheer quantity of consumer victims in this mother lode of data means that we will be at risk for identity theft for years on end.
Think for a moment why Equifax, and its colleagues in the credit monitoring world, TransUnion and Experian, have all of our personal data in the first place. We didn’t give it to them; they got it from banks, utility companies, cell phone companies, and every other company that reports payment experience and income to the credit agencies. We individuals are not Equifax customers. Should some liability for this fall on the shoulders of the myriad of institutions spreading our personal information around to make it easier and less risky for them to do business with us?
But now it’s on the consumer to protect their own data. This is ridiculous. The companies using our data aren’t protecting our data.
Without a doubt, there will be a slew of phony credit cards taken out with this information. Probably phony mortgages and car loans will be generated. Bank accounts will be emptied. The destruction will be real and it won’t be felt by Equifax; it will be endured by us.
This level of breach is apocalyptic and it should not stand unaddressed, especially considering that the victims here have not voluntarily provided information to the credit reporting agencies. The FICO system is one that each and every American is subject to without our consent. It uses our social security numbers as tracking numbers, endangering our privacy and our assets. It is of little benefit to consumers and of great benefit to lenders and other companies that require its use.
So why should any of us be on the hook for this?
We shouldn’t. And the liability for damages incurred should fall squarely where it belongs: on Equifax. The only way to force that liability is through a class action lawsuit against the credit titan. Maybe 143 million of us will be enough to send a message to those who play fast and loose with our data. Find another way to assess the creditworthiness of your customers. Dump FICO. Purge the personal files. Give us back our privacy.