Mortgage Industry News
« Return to Mortgage Industry News
Equifax: Turning a Crisis into an Opportunity
Tuesday, September 12, 2017
If anything could be worse than half of the adults in
the country having their personal and credit information hacked and stolen, it
could be the way the company from whom it was stolen has handled it. Equifax, one of the nation's three major
credit reporting companies, was the target of hackers this spring and, by all
accounts, is more concerned about its bottom line than its customers' security.
should be the most important details of the story are that the intrusion took
place between May and July of this year and the credit records of 143 million
people may have been affected. To put
this in perspective, the Census Bureau estimates the population of the U.S. is
took Social Security numbers, birth
dates, addresses as well as driver's license numbers. In some cases, they also accessed secret security
questions and answers (i.e. who is your favorite Sesame Street character?),
which would allow the perpetrators to alter account settings or change
In addition, according to a company
statement, they also gained the credit card numbers for 209,000 consumers,
including "dispute documents with personal identifying information
for approximately 182,000 U.S. consumers." In addition to the millions of American
consumer accounts there were also an unknown number of UK and Canadian accounts
involved in the hack.
What is rapidly becoming the main
topic of news coverage however is the way Equifax has performed. Quite apart from the fact that this personal
and financial data was held in a way that was not immune from attack, there appears
to be a lot to criticize. First, although thieves were rifling through the
company's data base starting in May and were apparently either first noticed or
their access was cut off in July, the public was not informed until last Thursday.
That is a long time to allow those who
now have the data the freedom to make mischief with it.
The LA Times' Michael Hiltzik says this wasn't the largest case of data
theft in history, Yahoo's breach involving a half-million consumers gets that
honor, but there are elements, in addition to the breadth of the data and the
delay involved, that make is much worse than the usual, including "the signal it
sends that firms like Equifax are much more concerned about collecting personal
information than protecting it."
claims "Equifax already is trying to take advantage of the victims of its own
breach," and CNBC's Sharon Profis reports that, for now, "Equifax doesn't explicitly tell you if you were a victim,
and in 99.99 percent of cases (yes, literally), it won't notify you by direct
check to see if their information was compromised, a consumer must visit a new
website and enter their last time and the last six digits of their Social
Hiltzik says the Equifax site also invites users to sign up for its Equifax's
"TrustedID Premier" credit monitoring service which it is offering free for a
year to the victims. But, he says, "Not only is that woefully inadequate, since
hackers can exploit stolen personal data for many years, but it gives Equifax a
lucrative database of possible customers to be sold continuing subscriptions
for the service after the year is expired - at a price currently set at $19.95
a month. In fact, he says, enrollment in the service typically requires
customers to provide Equifax with a credit card number, which the firm uses to
automatically bill them after the free trial is over."
He also points out that the TrustedID terms of services requires those
enrolling to waive their right to sue Equifax and prevents them from filing or
joining a class action suit. If there is
any dispute they must enter arbitration as an individual.
We noted on Saturday that Equifax had started running television ads for
what it calls its "Dark Web Scan." Too access the service a consumer must
provide a valid email address and agree to allow the company to use it for
marketing purposes. The terms of service
also include an arbitration clause.
Bloomberg reports that within days of the discovery of the breach and long
before it was publicly disclosed, three of the company's executives
sold company stock, collecting $1.8 million from the sales,
which weren't part of any prearranged option-exercise programs. Equifax
maintains the executives involved were not aware at that time of the
breach. However, Hiltzik points out that
one of the sellers was John Gamble, the firm's CFO.
Profis says, in the absence of information to the contrary, consumers should
presume their data has been hacked and take appropriate action. People who don't regularly monitor their
credit reports should begin doing so. Everyone is entitled by law to one free
report a year from each of the three major credit bureaus and these can be
accessed here. It is also possible to freeze individual accounts
so no new credit can be authorized without permission. This does require the consumer to remove the
freeze when they anticipate applying for any new accounts.
Read Full Article