The Equifax Data Breach
The Equifax Data Breach
On September 7, 2017, Equifax, one of the three main credit reporting agencies, announced a massive data security breach that exposed vital personal identification data — including names, addresses, birth dates, and Social Security numbers — on as many as 143 million consumers, roughly 55% of Americans age 18 and older.1
This data breach was especially egregious because the company reportedly first learned of the breach on July 29 and waited roughly six weeks before making it public (hackers first gained access between mid-May and July) and three senior Equifax executives reportedly sold shares of the company worth nearly $2 million before the breach was announced. Moreover, consumers don't choose to do business or share their data with Equifax; rather, Equifax — along with TransUnion and Experian, the other two major credit reporting agencies — unilaterally monitors the financial health of consumers and supplies that data to potential lenders without a consumer's approval or consent.2
Equifax has faced widespread criticism following its disclosure of the hack, both for the breach itself and for its response, particularly the website it established for consumers to check if they may have been affected. Both the FBI and Congress are investigating the breach.3 In the meantime, here are answers to questions you might have.
1. What's the deal with the website Equifax has set up for consumers?
Equifax has set up a website, equifaxsecurity2017.com, where consumers can check if they've been affected by the breach. Once on the site, click on the button "Potential Impact" at the bottom of the main page. You then need to click on "Check Potential Impact," where you will be asked to provide your last name and the last six digits of your Social Security number — a request that was widely mocked on social media as being too intrusive when the standard request is for only the last four digits.
Equifax has stated that regardless of whether your information may have been affected, everyone has the option to sign up on the website for one free year of credit monitoring and identity theft protection. You can do so by clicking the "Enroll" button at the bottom of the screen. Note: Just clicking this button does not mean you're actually enrolled, however. You must follow the instructions to go through an actual enrollment process with TrustedID Premier to officially enroll.
More wrath was directed at Equifax when some eagle-eyed observers noted that enrolling in the free year of credit protection with TrustedID Premier meant that consumers gave up the right to join any class-action lawsuit against the company and agreed to be bound by arbitration. But an Equifax spokesperson has since stated that the binding arbitration clause related only to the one year of free credit monitoring and not the breach itself; Equifax has since removed that language from its site.4
2. What is TrustedID Premier?
Equifax's response to the data breach is to offer consumers one free year of credit file monitoring services through TrustedID Premier. This includes monitoring reports generated by Equifax, Experian, and TransUnion; the ability to lock and unlock Equifax credit reports with a credit freeze; identity theft insurance; and Social Security number monitoring.
Consumers who choose to enroll in this service will need to provide a valid email address and additional information to verify their identity. A few days after enrolling, consumers will receive an email with a link to activate TrustedID Premier. The enrollment period ends November 21. After the one free year is up, consumers will not be automatically charg