The breach — and the rollback on compensation — were both preventable.
Note: Since this post went live, Equifax has decided that we must prove that we already had credit monitoring in place when we asked for the cash compensation option; otherwise we receive their in-house credit monitoring instead, no arguments. I call bullshit. Was that in the original court-ordered agreement? Somebody hit me up if you know.
This time in late July, life was full of promise. Equifax was our bff forever.
Then came the metaphorical standing-you-up text. You know the one.
Running a little late…
Really late. Maybe coming down with something. :-(
Baby I’m sorry, but…
…I can’t pay you that cash I promised because so many others of the 147 million people I’m dating asked for it too. I’ll call you. Here’s some credit monitoring.
The ONLY good thing about this abrupt turnaround — which is totally legal, and in fact also shows the traces of how botched and wrongheaded and lax the settlement was to begin with — the ONLY good thing, I say, is the shadefest on Twitter.
This Mess We Call a Relationship.
Here’s what we know:
In September 2017, a known security vulnerability at Equifax was hacked to expose the data of as many as 147 million people. In the days after it happened — but before it was made public — three Equifax executives cashed in, selling off their stock before the breach was formally announced. For the past two years, despite token changes at the top, Equifax has continued to operate pretty much as usual, including continuing to profit from selling our data, the same data that was stolen due to their (if you are feeling kind) errors, or (if you’re not) negligence.
As soon as the breach occurred, Congress — well, the Senate — well, Senators Elizabeth Warren and Mark Warner — acted to create legislation that would protect consumers, giving the Federal Trade Commission more power in such cases, and mandating a minimum pay-out to plaintiffs in class action settlements. Unfortunately, the bill has not yet passed, and the current settlement deftly demonstrates the two weaknesses the legislation seeks to address.
Luckily, the bill was reintroduced this past May, along with a House version co-sponsored by Rep. Elijah E. Cummings and Rajah Krishnamoorthi. It would have assured, in the current Equifax case, a minimum payout of $1.5 billion, versus the $500 million to $700 million called for in the Federal Trade Commission settlement. Cause we all know how that’s turned out so far.
A year after the breach, as Naomi Eide reports in this excellent analysis in CIO Dive, Equifax and others in the industry have done little, if anything, to address the root causes of the problem, which were widely agreed to be preventable.
“Rather than malicious attacks from a nation state or a global malware campaign, Equifax’s breach was caused by a lack of security attentiveness and failure to patch a known vulnerability.” — Naomi Eide, CIO Dive
Making Equifax Pay.
Should you get the check? Should you get the monitoring? Should you even bother?
There’s a lot of advice out there right now about whether to try for the money or try for the monitoring, with most votes going for the monitoring. Maybe it’s because I am stubborn, and I hate giving in to a neglectful partner’s demands, but I requested a check and I’m sticking with it, even if it’s just two thin dimes. So yes, you should bother, and make a claim of some sort, if for no other reason than that we need to make a showing in numbers. Start here to get the information you need.
The biggest thing you should do is freeze your credit. I have already had a freeze on my credit reports since free credit freezes were made possible last September by Congressional mandate (thank you again, Elizabeth Warren and also Senator Brian Schatz).
Freezing your credit does not interfere with your use of credit, nor does it prevent the three big bureaus from reporting your scores to consumer trackers like Credit Karma, if you use them. Nor does it interfere with your credit companies’ reports. It only means that no one can do a soft or hard “pull” to see your report unless you unfreeze, which means no one attempting to use your credit information fraudulently can get past first base. You can unfreeze for free whenever you wish, for any period of time, and then refreeze. Always for free.
I have applied for credit twice since freezing my reports, never with any problem. It is a fail-safe, and probably stronger, way to protect your credit from fraud than just monitoring it. Get your freezes from all three credit reporting agencies:
I wish we could all just break up with our subpar boyfriends, these credit bureaus. I don’t actually remember agreeing to date them to begin with. But if we have to keep seeing them, I advise a little — or a lot — of the cold shoulder.
Need to start a budget? Check out these different approaches.
The Traumatized Budget has a newsletter! Want a monthly round-up of tips, tricks, and encouragement to get a grip on your money? Subscribe here.