The Equifax security breach scandal keeps growing and growing. Their handling of the data breach that affected as many as 143 million accounts has been horrendous.
Executives dumped their shares before reporting the stolen data. Following the breach, their website did not function properly, people got signed up for programs they did not want or need, and customer service has been dismal all around.
Equifax is Not Your Friend
InTheseTimes reports The Equifax Hacking Scandal Is a Reminder That Credit-Reporting Agencies Are Not Our Friends.
Last week, Equifax—one of the country’s three major credit-reporting agencies alongside Experian and Transunion—revealed that its security apparatus had been breached. “Hackers†obtained private financial information the company held on over 140 million Americans. This is the third major security breach Equifax has suffered in the past two years, and it is by far the worst. Cybersecurity experts call it a 10 out of 10 on the catastrophe scale—with the negative consequences potentially lasting for decades.
Equifax became aware of the hacks on July 29 and the company’s top brass took immediate action. But rather than moving to alert the public that their information could be compromised, on August 1 and 2, three leading executives—including the company’s chief financial officer (CFO) John Gamble—sold nearly $2 million worth of shares in the company. Traders also noticed a sudden—and suspicious—selling of Equifax stock options.
Gamble has been with the company since 2014 and has only once sold shares prior to last month’s sale.
Equifax hired a customer-service agency to assist with the volume of calls they’d be receiving. Yet the company didn’t inform the agency of whom was likely affected by the breach, so when people started calling in, the outsourced contact centers were unable to provide useful information.
The company also offered a one-year free trial with TrustedID—an identity protection company acquired by Equifax in 2013. With TrustedID’s credit-monitoring services, those who signed up would be able to definitively tell if their financial data was exposed through the breach.
However, the service appeared to come with a catch. Equifax’s Terms of Use spelled out that by signing up, customers would waive the right to participate in a class-action lawsuit. After a social-media backlash, Equifax clarified that the “arbitration clause and class action waiver included in the Equifax and TrustedID premier terms of use does not apply to this cybersecurity incident.â€
The scope of information obtained by the Equifax hackers likely won’t be known for many years. As of last week, the company’s security has changed from asking for the last four digits of customers’ social security number to asking for the last six, so it’s safe to assume that if you were included in the breach, the last four digits of your social security number are likely out there.
If there’s anything positive to be taken away from Equifax’s security blunder, it’s that it reminds us that in a shadowy surveillance economy, we aren’t the employee or the consumer, but the product. What’s to be done about this is up for debate—but not one we’re allowed to have any say in.