Equifax data breach leaves at least 143 million consumers credit at risk

CHARLENE CROWELL | 9/24/2017, 2:31 p.m.
Record-breaking back-to-back hurricanes in Houston and Florida brought unprecedented winds and rains affecting millions of Americans.
Charlene Crowell Center for Responsible Lending

Center for Responsible Lending

Record-breaking back-to-back hurricanes in Houston and Florida brought unprecedented winds and rains affecting millions of Americans. Yet another storm just as brutal but financial in nature is also raging and affects at least 143 million Americans, as well as consumers in Canada and the United Kingdom: the Equifax data breach that took place from mid-May to July of this year.

On July 29, Equifax, one of the three major credit-reporting corporations, discovered that unauthorized data access had occurred. Yet it was not until Sept. 7 when the multi-national data breach was announced publicly. This massive cyber security breach includes federal income tax records, as well as employee records for government employees and those of Fortune 500 firms. Even recipients of major government programs like Medicare, Medicaid and Social Security are affected.

For consumers, the personal information exposed to fraud and identity theft could mean a lifetime of closely monitoring and defending personal data to fight theft, fines and more. For businesses, questions will emerge as to whether millions of credit accounts were fraudulently opened and additionally whether they could be held partially responsible for its perpetuation.

In reaction to this cybercrime, a surge of federal class action lawsuits are going after Equifax. As many as 50 have been filed in at least 14 states and the District of Columbia as of Sept. 12. The Federal Bureau of Investigation is reportedly examining what went wrong from a criminal perspective. On the civil side of the law, the Consumer Financial Protection Bureau is beginning its own independent investigation.

Now a growing number of bipartisan inquiries from Capitol Hill are demanding to know why these breaches of personally identifiable information – known as PII – came about, what actions Equifax took and what the global firm intends to do on behalf of consumers whose names, birth dates, addresses, Social Security numbers and drivers’ licenses are all in jeopardy. Equifax also knew that an estimated 209,000 credit card holders and some 182,000 consumers in the U.S. who have a dispute on file with a creditor also had comprised PII.

“This hack into sensitive information compiled and maintained by Equifax is one of the largest data breaches in our nation’s history and someone has to be held accountable,” said Congresswoman Maxine Waters, the Ranking Member of the House Financial Services Committee in an article for Business Insider.

“Given the important role credit scores play in the lives and financial futures of hardworking Americans, Congress must diligently examine the way our credit reporting agencies are operating and impose additional statutory and regulatory reforms to protect the integrity of the country’s credit reporting system,” Waters continued.

In a Sept. 11 letter to Richard F. Smith, Equifax’s chairman and CEO, the Chair and Ranking Member of the Senate Finance Committee went further to pose a series of questions to be answered by Sept. 26. Issues raised in the letter include binding arbitration clauses that deny affected consumers the right of class action lawsuits, the firm’s security systems and controls, how consumers can expect to be officially notified, and what, if any, protections Equifax will offer to affected consumers.