Equifax breach demands action on several fronts

Although virtually eclipsed by the natural disaster of Hurricane Irma over the past week, a national disaster with potentially longer lasting impact and many more victims simultaneously has been playing out in the U.S. credit-monitoring industry.

Last week, Equifax, one of this country’s three largest credit-reporting agencies, reported a criminal break-in to its information, affecting some 143 million Americans. It said the information was compromised between May and July and the names, Social Security numbers, birth dates, driver’s-license numbers and credit-card numbers could now very well have fallen into the hands of contemptible identity thieves.

Even more troubling is news that Equifax did not publicly acknowledge the breach – one of the largest in American history – until almost six weeks after the two-month-long hack ended. That, of course, left consumers in the dark and gave the slimy electronic burglars potentially free rein to falsely claim Social Security payments, tax refunds and consumer loans.

Now in the immediate aftermath of the data breach, much like the aftermath of Irma, a coordinated multi-pronged recovery effort must be mounted. Key players in that mission must include the company, consumers and Congress.

Equifax, the 118-year-old credit bureau based in Atlanta, must take complete responsibility for the hacking and actively work to minimize its fallout with a primary focus on consumer protection. Americans who through no fault of their own stand to be harmed also must take initiative to avoid or minimize damage. Finally, Congress must step up to the plate to provide stronger oversight of the highly unregulated credit-reporting industry.

EQUIFAX VOWS ACTION

For its part, Equifax claims it is acting aggressively to protect consumers. CEO Richard Smith on Tuesday said, “Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues.”

The criticisms are well founded. In addition to its delay in publicizing the breach, other actions or inaction by the company are disheartening. For example, Equifax initially had required consumers to sign promises they would not engage in suing the company individually or in a class-action suit.

Also raising eyebrows are the actions of three senior Equifax executives who sold company stock shares worth nearly $1.8 million just days after the breach was discovered but weeks before it was publicly announced. Not surprisingly, the stocks hit rock bottom. The company calls those developments coincidental. We and others are left to wonder.

Collectively, such miscues and public-relations blunders mean Equifax has no choice but to double down to assist consumers as rapidly and as fully as possible.

Consumers, however, also have an obligation to take some matters into their own hands. They can start by visiting a website Equifax has launched to determine if their personal information has indeed been compromised. You can go to www.equifaxsecurity2017.com. Once there, you will be prompted to enter your last name and the last six digits of your Social Security number, at which time Equifax will inform you whether your data has been affected. (Consumers can also contact the Equifax Response Line for the same service at 866-447-7559.)

In addition, Ohio Attorney General Mike DeWine urges consumers to place security freezes on credit accounts, look for suspicious activity on bank accounts and file income tax returns as early as possible in 2018 to minimize hacking opportunities.

Sadly though, even the most responsible and proactive efforts cannot guarantee security for the long term. That’s because the hackers, armed with unchangeable information such as names and Social Security numbers, can attack at a whim for years into the future.

That’s why greater structural reform in the credit reporting industry is long overdue. The Equifax breach should provide all the momentum needed for Congress to act in the widest public interest. Ironically, Congress has been moving in the wrong direction. A bill in the U.S. House would weaken protections in the Fair Credit Reporting Act by capping and, in some cases, eliminating damage awards against credit -reporting companies.

Our national legislators’ time would be better spent working to strengthen laws and regulations to protect consumers and to codify stronger penalties as incentives to prevent such breaches in the first place.

Given the potential calamitous impact on millions of lives, Congress, consumers and the company should waste no time in shoring up maximum safeguards.