Equifax, Experian and TransUnion don’t have your back.
I’ve been trying to come up with some new business ideas. It’s really hard, though. Technology is changing so fast, you know? Well, I finally came up with a good one. I’m going to start my own security firm. I’m going to install burglar alarms in homes and businesses, and I will also have private security guards respond when the alarms go off.
The problem is that I live in a very safe area. We just don’t have that much crime.
But I have another idea: I’m going to break into some houses.
I won’t steal much. In fact, I may not steal anything. I’m just going to show homeowners how vulnerable they are. You know, like a White Hat Hacker — hackers who use their skills to fight malware and test computer network security.
And I’ll have some of my security guards show up at some local businesses. They won’t rough anyone up too badly — maybe just break some display cases to demonstrate what a shame it would be if some really bad guys showed up with bad intentions.
Some of my friends asked me where I got these ideas, and some suggested maybe I got them from some old movies I watched, movies you may have heard of: “The Godfather” and “Goodfellas”. I can tell you this: I’ve never seen those movies. Even so, based on their titles alone, it sounds like they are good family films or buddy comedies. Nah, my inspiration was based on something much darker: the recent Equifax data security breach.
Equifax revealed on Sept. 7 that its system was breached by hackers and, as a result, about 143 million Americans are now at risk of credit fraud — that’s 70 percent of people ages 18 to 65. What a great excuse for Equifax to introduce customers to its credit monitoring service with a free one year trial, which is exactly what Equifax is offering.
I didn’t take Equifax up on its generous offer (by “generous,” I mean “stupid and insulting”). Instead, on Sept. 9, I put a security freeze on my Equifax Credit Report File by going to its webpage, paying $10, and taking about five minutes to fill out the form.I then did the same thing for the other two major credit bureaus, Experian (here) and TransUnion (here).
All three sites were easy to use. The whole exercise, for all three bureaus, cost me about 15 minutes and $30. Each company’s website offered me credit monitoring services at additional cost, which I refused. Given that all the members of my immediate family have credit cards, I suppose this will cost my family a total of 75 minutes and $150.
Equifax revealed on Sept. 7 that its system was breached by hackers and, as a result, about 143 million Americans are now at risk of credit fraud.
Not a huge amount of money for many folks, though it’s a sizable amount of money for other people. Either way, it’s a pretty ridiculous situation given that the very reason so many consumers like you and I are doing this is because of a security breach that certainly was not our fault, against a company that we never really affirmatively chose to do business with.
Nonetheless, freezing your file is the best thing you can do. It drastically reduces the likelihood of anyone being able to open financial accounts in your name.
Here’s why: When someone applies to a company for credit of any kind, the very first thing the company will do is attempt to run a credit check. If you lock your credit report file with each of the three major credit reporting agencies, then the company trying to do the checking will not be able to run the check. It’s that simple.
You can easily unlock your credit report file when you want to by using a code you get at the time you lock it.
According to a press release issued by Equifax:
Criminals exploited a U.S. website application vulnerability to gain access to certain files [and] …[T]he unauthorized access occurred from mid-May through July 2017… [and] [t]e information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
The press release did not explain why the news was not shared until Sept. 7 even though Equifax discovered the issue July 29.
The press release does say that Equifax is permitting consumers to sign up for one free year of its credit file monitoring and identity theft protection plan, TrustedID Premier. After that, the cost is $20 per month. (Note: There are a number of similar services, such as LifeLock, that compete, but I have no clue how Equifax’s in-house plan stacks up against them.)
I do know this: If I do sign up for one, I am not going to choose Equifax. That would make me feel too much like the small businesses those goons are currently selling protection to. Plus, a number of well-positioned and thoughtful commentators are suggesting other reasons not to go with Equifax’s offer (here is a good example).
If you want to really get mad, then check out this report from Bloomberg about how three senior Equifax executives sold about $2 million of Equifax stock between the time the security breach was discovered and the time it was revealed. While Equifax has characterized these sales as representing a “small percentage of their Equifax shares,” one of them (the company’s CFO) sold more than 13% of his total stake.
We don’t recommend short-term stock plays at Financial Poise, but if we did, boy, I’d be very tempted to recommend shorting Equifax.
Not enough? Here’s an instance of Equifax’s damage control from Ron Lieber, writing for the New York Times on Sept. 10:
On Thursday night [Sept. 7], I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.) I received no “message indicating whether your personal information may have been impacted by this incident,” as the site promised. Instead, I was bounced to an offer for free credit monitoring, without a “yes,” “no” or “maybe” on the central question at hand.
By Friday morning [Sept. 8], this had changed, and I got a “your personal information may have been impacted by this incident” notification. Progress. Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message.
The fact of the matter is that this security breach isn’t the first. Equifax, Experian and TransUnion have all been hit in the past. I should have locked my credit reports long ago. I’m glad I’ve done so now, and you should consider doing the same.
Read more about the basics of credit reports in this article by Financial Poise’s Michelle Gershfeld.
Jonathan Friedland is a partner with Sugar Felsenthal Grais & Hammer, a law firm with offices in Chicago and New York City. Born and raised in a New York suburb, Friedland graduated SUNY-Albany magna cum laude in three years and then earned his law degree from the University of Pennsylvania Law School. Friedland clerked for…
What Is the ROI for a Private Company Board of Directors?
Committed Leadership: Are You the Chicken or the Pig?
When Is it Appropriate to Take on High Interest Rate Debt?
Cybersecurity Challenges for Boards of Directors
Scary Word(s) No. 13 – “Equity”
Real Leadership: Don’t Rely on the Fix-It Mentality