It’s time for all of us to play defense, because Equifax clearly did not.
In the wake of the epic breach of as many as 143 million of our Social Security numbers, names and addresses from the company’s credit files, the company put up a website that attempted to make sense of things for consumers.
The company’s first order of business ought to have been to create a simple way for people to figure out if their data was potentially compromised. On this count, Equifax failed at first.
On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.) I received no “message indicating whether your personal information may have been impacted by this incident,” as the site promised. Instead, I was bounced to an offer for free credit monitoring, without a “yes,” “no” or “maybe” on the central question at hand.
By Friday morning, this had changed, and I got a “your personal information may have been impacted by this incident” notification. Progress. Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message.
So my default assumption quickly switched to this: Equifax has no earthly idea who is affected. I tried calling a phone representative for clarification, too, but she gave me incorrect information about the nature of the company’s offer to consumers and then told me to just use the website when I went about correcting her. On Friday evening, the company issued a statement claiming to have fixed the problems and tripled the number of people in its call center.
Now, to the remedy. The company is offering one free year of credit monitoring to all Americans, not just the ones whose data was stolen. It includes the ability to turn your Equifax credit report on and off, to keep thieves from applying for credit in your name using information they stole from Equifax and to have access to your Equifax report to do so.
That’s all well and good, except that the thieves might use the stolen information to apply for credit with lenders that check the credit reports only at the other big agencies, Experian and TransUnion. So this protection is incomplete.
Read more at the New York Times.