Shit, this Equifax breach is really bad
After sitting on the information for more than a month, yesterday, credit-reporting agency Equifax—one of three companies whose shady algorithms dictate all manner of critically important factors in our lives—reported that the private information of 143 million people, almost half of the entire population of the United States, had been compromised. The hack is significant not only for its massive scale, but for the kinds of information involved. Equifax is a one-stop shop for potential identity thieves, with databases that include Social Security numbers, addresses, driver’s license data, and birth dates as well as financial records. Oh, and some credit card numbers were compromised, as Bloomberg reports. Oh fuck, indeed.
The company reportedly knew about the hack in late July, and has been criticized for its customer service department’s unwillingness to tell suspicious customers exactly what had happened in the interim. And it gets worse: CNN Money reports that Equifax executives sold stock valued at more than $2 million between July 29, when they found out about the hack, and August 2. (Now that the rest of us know, Equifax’s stock dropped 13 percent this morning in early trading.) A class-action lawsuit has already been filed against Equifax related to the breach; as Bloomberg puts it, the suit “alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack.”
And it doesn’t stop there. The Washington Post reports that, should you sign up for a free year of the company’s own TrustedID Premier (which doesn’t start until Monday, by the way) on the Equifax “Cybersecurity Incident & Important Consumer Information”site, buried in the terms and conditions is a clause that bars you from participating in class-action suits like the one above. This morning, after social media caught on to its bullshit, the company added an opt-out clause, but it requires you to write in to Equifax within 30 days of signing up to be exempt from the arbitration clause.
You can do that, or do the legwork yourself by requesting a copy of your credit report (you’re entitled to a free one every year from each of the major credit agencies) and reporting any unauthorized activity to your bank and/or credit card company. There’s also the option of just going ahead and putting a freeze on your credit to prevent unauthorized use. That will cost you between $5 and $10 in fees, according to CNN Money. Ain’t late capitalism grand?