The story of the massive security failure at Equifax that has put the personal information of millions of people at risk just keeps getting worse. (It’s not just Americans they’ve screwed.) The fact that news of the breach was not revealed for weeks (and some Equifax executives made stock dumps that smell of insider trading) is bad enough. To add insult to injury, Equifax was offering to ‘help’ people affected by the breach IF they would agree to give up their right to take Equifax to court.
Equifax also drew fire for the several restrictive clauses it included in the legal terms that applied to its customer-help website and the free credit-monitoring service.
Users and experts had started pointing out that the company was imposing a so-called arbitration clause on the users, which essentially restricted their right to sue the company or be part of a class action in the future.
Ira Rheingold, executive director of the National Association of Consumer Advocates, said specifically that such legal restrictions had appeared to apply to people taking advantage of the TrustedID Premier service that Equifax was offering as a courtesy.
The company has walked that back a bit now, claiming it only applies to the free credit file monitoring and ID theft protection they’re offering and not the breach itself. (In other words, don’t blame Equifax if the ‘cure’ doesn’t work.) Does anyone think they won’t do everything they can to avoid accountability?
Kevin Drum at Mother Jones is currently taking a vacation, but before he left he reported on Equifax and the credit agency racket. Here’s Why I Hate Credit Reporting Agencies — And Why You Should Too. As he said,
...I am no fan of the credit reporting business, one of the most arrogant and anti-consumer industries imaginable. Twelve years ago I wrote about them for the Washington Monthly, and it’s startling how little has changed since then. I could republish the story today with only the most cursory changes.
He followed up with: It’s Time to Regulate the Hell Out of Credit Reporting Agencies. This passage sums things up nicely.
Why do I hate credit reporting agencies? Let me count the ways. It’s beyond unbelievable that Equifax didn’t do this immediately, since there’s certainly no reason that anyone should have to pay for a freeze that they need only because of Equifax’s own negligence. But this level of imperiousness is par for the course for these guys.
For any normal company, a fee like this would have been lifted instantly. They’d understand immediately that anything else would be an epic PR disaster. But the thing is, you aren’t a customer of Equifax. They don’t give a rat’s ass about you. Nor do they care about a PR disaster. It’s not as though they’ll lose your business, after all, since they never did any business with you in the first place. All they do is collect all your financial data without your permission and then sell it to other people.
(Actually, that’s not all they do. They also make your life hell if you have the gall to find an error in your credit record and ask them to fix it.)
emphasis added
Here’s the article he wrote 12 years ago:
The fix is simple in principle:
There's no need to create mountains of regulations, which are uniformly despised by the credit industry. Instead, simply make the industry itself—and any institution that handles personal data—liable for the losses in both time and money currently borne by consumers. The responsible parties will do the rest themselves.
And…
On a more basic level, the plan relocates the burden of responsibility for identity theft in a way that makes intuitive sense. If a company makes a mistake—by neglecting to conduct adequate background checks before extending credit, by issuing inaccurate credit reports or by failing to safeguard sensitive information—that company pays the price. It shifts power from corporations to individuals, based on a simple principle: Regular people should not have to go out of their way to protect themselves and their financial identities.
emphasis added.
Read The Whole Thing. Of course, the entire point of the Republican Party and corporatist politicians everywhere is to protect companies from the consequences of their actions and shift the burdens to ordinary people because…. FREEDOM!
If anything, the problems have gotten worse, not better. As information technology transforms everything, the virtual infrastructure that holds it all together does not get the scrutiny and resources it absolutely should get, because… MONEY!
(See for example how automated systems at Facebook helped promote White Supremacy and other nasty things. For an example of the arrogance of these companies, see Google and the enemies they’re making.)
The Equifax Exposure has been getting some belated attention from the Mainstream Media. The Rightwing media will do everything it can to avoid saying government regulation would be a good thing — but they’ll be happy to refer you to advertisers like LifeLock, because privatizing protecting your financial information put at risk by corporate incompetence is just how ‘free’ markets are supposed to work.
Reports are, freezing credit at the three agencies* — Equifax, Experian, and TransUnion — is not as easy as it should be, and that the systems are getting swamped. It’s also likely that fake websites are suckering people into giving up personal information because of this — who can you trust?
* Those links are what came up when I did a search using Bing. Those ARE valid links, aren’t they? That’s one of the problems with the Internet — verifying what’s behind the links. Here’s some snail mail addresses, phone numbers and web URLs from this website, which also explains what these credit agencies are and what they do.
Contact Information For the Three Credit Bureaus
Equifax — www.equifax.com
P.O. Box 740241
Atlanta, GA 30374-0241
1-800-685-1111
Experian - www.experian.com
P.O. Box 2104
Allen, TX 75013-0949
1-888-EXPERIAN (397-3742)
TransUnion - www.transunion.com
P.O. Box 1000
Chester, PA 19022
1-800-916-8800
I typed in the URL addresses listed above by hand, rather than clicking on the link. (Because unless you check the actual URL attached to a link, you can’t tell where it will lead.)
I started to go through the TransUnion website to start — and they began by requesting lots of my personal ID info, and then asking for a credit card number before continuing. I didn’t. Further poking around their site found this advice on what to do if you suspect a data breach.
Experian opens with a web page intended to get you to sign up for their security protection — free to start, and then they start charging. But, they do have a link for those wondering about the Equifax security breach. It also has what looks like useful information.
When I went to Equifax, their website told me it did not appear my records had been affected. But they too have protection plans.
All of them are looking for ways to get money out of you, if not right up front then further along in the process. Selling credit protection services, supplying you with credit reports — you’re entitled to annual reports for free, but if you want more, it will cost you. It doesn’t look like any of them want to make it easy for you to just lock your credit file and be done with it, not without imposing fees at some point. (Selling that info is what they do, after all.)
I’ve had an automatic limit alert on my main credit card for a while now, and they also provide me with alerts if they see something that doesn’t look right. Why do they do this, and not the credit bureaus? As Kevin Drum explained,
...In 1968, Congress passed the Truth in Lending Act, which imposed a variety of regulations on the lending industry. One notably simple provision was that consumers could be held liable for no more than $50 if their credit cards were stolen and used without their authorization. For anything above that, it was the credit-card issuer who had to pay. The result was predictable: Credit-card companies have since taken it upon themselves to develop a wide range of effective anti-fraud programs. Congress didn't tell them to do it, or even how. It just made them responsible for the losses, and the card issuers did the rest themselves.
emphasis added
Josh Marshall at Talking Points Memo has a long Editor’s Blog post on The Real Problem With Equifax. It covers some of the same points Kevin Drum touches on:
...In some cases consumers would rebel. That would solve the problem. But that’s actually a key part of the problem: consumers aren’t Equifax’s customers. They’re the product. You’re the product.
Marshall also looks at a few additional angles, such as the risk/reward/cost problem — that the risks of collecting and protecting this information are high because the rewards provide huge incentives for attackers to go after it, and the costs of really secure measures and liability coverage might be more than the market would support.
The current situation is obviously unacceptable; something will have to be done. I think Drum has the right approach — make it the credit bureaus’ problem.
So, how are you responding to this? See the poll below. The biggest problem I have is, I just don’t trust these…. well I won’t use the phrase that comes to mind, but I’m sure you get the idea.