The biggest under-reported news event from the past two weeks involves a crime of gigantic proportions that directly affects about half of the people living in the United States.
Of course, Melania Trump’s choice of footwear for a trip to hurricane-ravaged Texas a few days earlier attracted as much, or more, media coverage. But I digress.
Equifax Inc. announced on Sept. 7 that hackers had busted into its computer system. This isn’t just some random corporation, even though most people probably do not recognize its name.
Randy Evans is the executive director of the Iowa Freedom of Information Council. He is a former editorial page editor and assistant managing editor of The Des Moines Register.
Visit the Iowa Freedom of Information Council website at: http://ifoic.org/
The company is the second largest consumer credit reporting business in the United States. Whenever you buy or lease a car, buy a house, rent an apartment, apply for a job with many employers, buy insurance, or take advantage of a retailer’s offer of a discount on your purchase if you open a store credit card, you are dealing with Equifax or its two biggest competitors, Experian and TransUnion.
Tucked away in these three companies’ computers are personal details on virtually every person in the United States — their names, their addresses, their Social Security numbers, dates of birth, credit card account numbers, and driver license numbers.
The thieves scooped up a staggering amount of data from Equifax — on 143 million people — before the company plugged the hole in its computer system this summer.
The victims of this crime are not like victims in past cyberattacks where hackers busted into the data files at retailers like Target or Home Depot and stole customers’ credit card numbers. With the data from Equifax’s computers, thieves have all they need to borrow money in your name, to obtain your income tax refunds before you can, or try to blackmail you.
The credit card information stolen from retailers loses its value when a credit card expires. You receive a new card with a new security code on the back and a new expiration date. But the hacker only has your outdated card information.
But then information stolen from Equifax does not expire. People’s Social Security numbers and their dates of birth are with them forever and do not change.
“Government regulations” are much-despised words at the White House and with many in Congress. So people who were victims of the Equifax breach should not expect the government to have much of a meaningful response to the theft or the company’s handling of it.
Equifax’s response to this crime has been maddening:
The company waited six weeks after discovering the theft before notifying the public they now may be vulnerable to financial fraud because of the company’s inadequate security. For all we know, the thieves may already have used some of our data during that gap.
Equifax will provide victims with free credit monitoring for 12 months. But after that period, you are on your own and will have to pay for the service or for the company’s other credit protection services — even though you did not contribute to the problem.
Three high-level Equifax executives sold $1.8 million in company stock between when the breach was discovered and when it was made public. The company assures everyone the executives knew nothing about the huge theft.
Finally, a few hours before Equifax disclosed the data breach this month, financial industry representatives were meeting with members of Congress to push for legislation to ease consumer protection regulations that govern the three credit reporting giants. One provision that Equifax, Experian and TransUnion want changed allows consumers to join class-action lawsuits against the companies when consumers feel wronged.
It is unlikely one consumer with a grievance against Equifax or its competitors has the wherewithal to hire a lawyer to file a lawsuit. And it’s unlikely any of the three companies will pay much heed to one lowly consumer with a beef.
But a class-action lawsuit — especially one involving, say, 143 million people — might go somewhere and might get the attention of corporate executives. Such a lawsuit might even get the attention of members of Congress who have complained about government regulations.
Danielle D’Onfro, a lawyer on the faculty at the Washington University Law School in St. Louis, had a sobering analysis of the Equifax mess for people who are hopeful the government will act on behalf of those who have been victimized:
“Simply put, the data economy has outgrown our consumer protection regulations and we are on our own. We’re stuck, waiting for Congress to regulate while industry lobbyists encourage them to wait longer still.”
I’m betting members of Congress — especially those wanting to abolish the Consumer Financial Protection Bureau — will try to tap-dance their way through explaining why the government should stay out of stricter regulations of these giant consumer finance warehouses.
Their tap-dancing needs to be star quality, especially as Equifax tries to sell us data protection and monitoring services after the company was unable to keep thieves out of its warehouse.
* * *