Lost among the news of Hurricane Irma is a data breach of consumer information that, if not for the hurricane, would have been the top story on the news.
Equifax is one of the three major credit reporting agencies that keep records of your credit history, including personal information, such as your Social Security number and driver license number. If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in the data breach at Equifax. That’s about half the U.S. population.
The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
Equifax didn’t report the breach until two days ago. It may explain the problem I had with a card in mid-July, when a charge appeared on one of my accounts for a purchase made in Michigan that totaled $1900. It took more than a month to be absolved of that unauthorized purchase. I now have a new card.
Equifax is now under scrutiny for the delay in making the breach public knowledge. Especially now, since it has been discovered that at least three top executives sold large blocks of publicly traded shares only days after the breach was discovered by the company. The executives are claiming it was all coincidence. When the breach was publicly announced late Thursday, Equifax shares on Wall Street plummeted from $143 to $121 per share, at the opening bell Friday.
When I first read of the data breach I followed up on an offering from Equifax, which I thought was an attempt to do right by consumers. Now, I’m not so sure.
FREE MONITORING SERVICE – WITH A CATCH
For consumers who wanted to check if their information had been compromised, Equifax suggested that they visit its new site, www.equifaxsecurity2017.com, where they could learn if they had been “potentially impacted” and could sign up for a credit monitoring service and if so, could sign up for that service at no charge.
I attempted to do this, though the online reply was less than reassuring. I was told my information may have been impacted, but I got no definitive answer and would have to wait a week, return to the site, and then complete the enrollment process. A call to their customer service had me on hold for 5 minutes before it disconnected.
Yesterday, I discovered another previously undisclosed hook to the enrollment. If I sign up for the free monitoring service I give up my right to file, or join in a lawsuit that may arise against them, unless I jump through hoops.
Equifax appeared to have updated its terms of service on Friday that allows consumers to opt-out of the mandatory arbitration agreement for TrustedID Premier, The Washington Post reported. While that is a step forward from no opt-out it originally had in place, it puts the onus on consumers to read through the fine print and take the time to respond to Equifax. Consumers who want to opt-out must write to Equifax within 30 days with their name, address, Equifax user ID and “a clear statement that you do not wish to resolve disputes with Equifax through arbitration.” The use of the word, “Arbitration,” found in their fine print means that you have to deal directly with them, not through the Courts.
Though my enrollment date is scheduled for the 12th of this month, I don’t think I will complete the enrollment process.
I don’t like that it took almost 3 months for them to make the breach public, top executives took advantage of inside information to sell stock shares, they aren’t providing me a definitive answer on whether my personal information was part of the hack, they offer no guarantee in the return of my money if I sign up with their service (they only “monitor” your accounts), and they don’t clearly disclose that my legal rights are being given up, when I sign up.