Executives dumped their shares before reporting the stolen data. Following the breach, their website did not function properly, people got signed up for programs they did not want or need, and customer service has been dismal all around.
Equifax is Not Your Friend
Last week, Equifax—one of the country’s three major credit-reporting agencies alongside Experian and Transunion—revealed that its security apparatus had been breached. “Hackers” obtained private financial information the company held on over 140 million Americans. This is the third major security breach Equifax has suffered in the past two years, and it is by far the worst. Cybersecurity experts call it a 10 out of 10 on the catastrophe scale—with the negative consequences potentially lasting for decades.
Equifax became aware of the hacks on July 29 and the company’s top brass took immediate action. But rather than moving to alert the public that their information could be compromised, on August 1 and 2, three leading executives—including the company’s chief financial officer (CFO) John Gamble—sold nearly $2 million worth of shares in the company. Traders also noticed a sudden—and suspicious—selling of Equifax stock options.
Gamble has been with the company since 2014 and has only once sold shares prior to last month’s sale.
Equifax hired a customer-service agency to assist with the volume of calls they’d be receiving. Yet the company didn’t inform the agency of whom was likely affected by the breach, so when people started calling in, the outsourced contact centers were unable to provide useful information.
The company also offered a one-year free trial with TrustedID—an identity protection company acquired by Equifax in 2013. With TrustedID’s credit-monitoring services, those who signed up would be able to definitively tell if their financial data was exposed through the breach.
The scope of information obtained by the Equifax hackers likely won’t be known for many years. As of last week, the company’s security has changed from asking for the last four digits of customers’ social security number to asking for the last six, so it’s safe to assume that if you were included in the breach, the last four digits of your social security number are likely out there.
If there’s anything positive to be taken away from Equifax’s security blunder, it’s that it reminds us that in a shadowy surveillance economy, we aren’t the employee or the consumer, but the product. What’s to be done about this is up for debate—but not one we’re allowed to have any say in.
Many Reasons to Freeze Your Account
If you’re hoping to just ride out the Equifax breach scandal and do nothing about it, you might not have a problem next week or next month. Or even next year.
Since the credit reporting company Equifax EFX, -3.81% announced last Thursday it had been affected by a data breach earlier in the summer that potentially affected 143 million U.S. adults, consumers have had many questions about how to protect themselves. Some have not even been able to freeze their credit reports as security experts have suggested because Equifax and the other two credit bureaus TransUnion and Experian overloaded with calls and credit-freezing requests they were unable to handle.
If you don’t take any steps? This is what could happen:
Financial identity theft
Because the Equifax credit reports contained so much personal information, including Social Security numbers and financial account information, fraudsters could use the report for reasons including new account fraud, medical identity theft — using insurance information to have a medical procedure, which can create confusion on the true insured person’s medical file for years — or tax fraud, Levin said.
Fraud affected some 15.4 million consumers in 2016, or roughly 6.15% of all consumers, up 16% from 5.3% of consumers in 2015, according to Javelin, a security firm, in a report sponsored by security company LifeLock (which obviously has vested interest in the findings.) The mean amount it cost per fraud victim was $1,038, according to Javelin.
Incidents of new account fraud have risen especially quickly, Javelin found, because so much personal information has been compromised in data breaches over time. New account fraud also takes the longest to resolve, said Al Pascual, a senior vice president and research director at the security firm Javelin. “If you don’t take steps to actively protect your identity, you’re basically playing Russian roulette,” Pascual said.
Your data may have already been breached
At an absolute minimum, consumers should check their financial accounts, credit reports and credit score frequently, Nazari of Credit Sesame said. But putting a freeze or fraud alert on an account is strongly recommended, he said. Fraud alerts won’t prevent fraud from happening, but can let a consumer know when something looks suspicious, and they can follow up with the appropriate financial institution after.
Freeze Your Account
Unless you intend to open up new credit cards, get a car loan, or home equity loan, etc, there is every reason to freeze your account and be done with it.
Everyone else should monitor their accounts closely.
Meanwhile, there are some major insider trading violations by Equifax employees that need to be dealt with (not that I am a believer in insider trading laws, but rather because I am sick of financial CEOs getting off scoff free for all of their actions).
Mike “Mish” Shedlock