Whether you know it or not, chances are you have been a potential victim of the huge Equifax hacking scandal that exposed the personal information of 145 million Americans to thieves because of weak security by a giant credit bureau.
That includes Social Security numbers, birthdates, credit history and much more. In short, the crooks managed to gain access to everything they need to steal your identity as a means of personal enrichment, all the while destroying your credit and your economic security.
Think fake new mortgage, stolen tax refund — whatever your personal credit nightmare may be. The security failure by Equifax made it possible.
Given all the other news lately — natural disasters, mass shootings, the daily embarrassment emanating from the White House — many Americans may not have heard of the Equifax mess, but everyone should get up to speed on it immediately because of the extensive damage it produced.
On Capitol Hill Tuesday, former Equifax chief executive Richard Smith answered questions from angry lawmakers for the first time, but he hardly made a good impression.
Before exploring that, some basic background:
Equifax, Experian and Transunion are the “Big Three” credit bureaus. They have made themselves indispensable to the smooth functioning of the U.S. economy by collecting reams of essential information about consumers — without their consent — and selling it to banks, auto dealers, mortgage lenders and other companies that deal with the public in some way.
These companies are the customers of the credit bureaus. Consumers are the product.
Equifax routinely touted its ability to shield the data from prying eyes. But beginning in May, a software flaw allowed hackers to gain access to the Equifax data.
That continued, incredibly, until the last week in July, when the company finally realized it had been hacked. Then, even more incredibly, it didn’t make the incident public until Sept. 7.
Equifax then compounded its mistakes by making it difficult, if not impossible, for consumers to freeze their data, thus preventing its illicit use — and charging the consumer for the privilege! A nationwide consumer outcry forced the company to drop that charge and make the service free, but it’s still not easy.
On Tuesday, Smith, who resigned as CEO following the hacking disclosure, acknowledged that the critical software flaw the hackers exploited had been known since March. But the employee responsible for assigning a correction, he said, failed to act, despite knowing the patch was critical.
And Smith never properly explained the delay in informing the public and other parts of the bungled response, including inadequate staffing of the call centers that left consumers who called in angry and frustrated.
Lawmakers weren’t happy. They called the company’s responses “unacceptable” and “ham-fisted,” among other things.
Agreed, but epithets aren’t enough. Congress must pass legislation to protect consumers by setting a better standard for public disclosure over security breaches, requiring improved protection of sensitive information, and strengthening oversight of credit bureaus like Equifax and the others.
The company is responsible for the biggest data breach on record. Unfortunately, it probably won’t be the last.