Written on behalf of Brian S. Kabateck
September 18, 2017
Equifax Inc., one of the country’s biggest credit-monitoring companies, fell victim to a massive data breach that potentially exposed the personal information of 143 million Americans to identity thieves. The data at risk includes social security numbers, birth dates, home addresses, credit card numbers, and in some cases, driver license numbers, which could be used by the hackers to open credit and bank accounts. In light of the issue, two executives at the credit reporting company have resigned as the company deal with the fallout. Equifax stated that their chief information officer, as well as their chief security officer have stepped down which would be effective immediately.
Equifax states that the security questions and answers used on some websites to verify users’ identities may also have been exposed. Having that information in hand would allow hackers to change their targets’ passwords and other account settings. A problem that caused major concern was the fact that Equifax waited six weeks to disclose that a breach had occurred. The firm says it discovered the breach, which it reports began in mid-May, on July 29. That means for six weeks, consumers could have been victimized without their knowledge and therefore left without the ability to take any immediate action.
Another problem that Equifax faced in addition to the major breach was the arbitration clause that was in their agreement. Back in July, the Consumer Financial Protection Bureau finalized a rule that would ban mandatory arbitration clauses that forced consumers into arbitration and stop them from filing a class-action suit. Equifax’s behavior after the data breach came to light—maintaining the arbitration clause in the services to customers victimized by the breach–was shocking. The company removed the clause due to the negative backlash and has been hit with multiple lawsuits.
Equifax set up a website allowing individuals to check if their information was potentially compromised, but it requires users to plug in their last name and last six digits of their Social Security numbers. Many argued as to why they would trust Equifax with their Social Security number at this point. After some customers reported putting in false information on the site, such as plugging in the numbers “0000,” the website would report that they had been hacked. The site is said to not be trustworthy, as it will tell you that you have been impacted regardless of what information you input.
The site also invites users to sign up for Equifax’s “TrustedID Premier” credit monitoring service. As a recompense to the victims, the firm is offering this service free for a year. But many are skeptical since hackers can exploit stolen personal data for many years, but Equifax still benefits from a profitable database of possible customers to be sold continuing subscriptions for the service after the year is expired at a price of $19.95 a month. Enrolling in the service requires customers to provide Equifax with a credit card number, which the firm uses to automatically bill them after the free trial is over.
Consumer advocates advising Equifax customers to request a credit freeze from all three major credit bureaus to ensure hackers behind the massive data breach can’t exploit their stolen information. The National Consumer Law Center is calling on Equifax to pay for the freezes, which would prevent anyone from seeking a person’s credit information without their authorization. Credit freezing is the most effective measure against new identity theft when it involves Social Security numbers and any other important information these hackers stole and it prevents existing creditors and new creditors from using your information.
The attorneys at Kabateck Brown Kellner, LLP have honed their specialized skills in handling class action litigation for several decades. Whether the suit is for a data breach or an improper accounting at the bank, our attorneys have successfully represented thousands of clients in class action or similar representative actions.