The Lingering Risk of the Equifax Hack

Over the course of the past several years, the risk of both personal and corporate data compromises has created an environment where offense is generally the best preventative defense.

The Equifax credit hack announced this week reported that approximately 143 million consumer credit records and related personal information were compromised by hackers. As opposed to hacks of the past, this hack potentially impacts the credit risk of almost every American with credit today.

“Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.”

The vague response by Equifax regarding the hack was further complicated by the early liquidation of stock by several Equifax executives prior to public disclosure — raising both issues of propriety and insider trading. Issues that are not likely to be settled in short order.

Beyond the propriety concern, a question of corporate compliance and accountability arises.

“The Equifax hack is only one of hundreds this year — we may have over 1,000 institutional breaches this year alone — however this one is extraordinary — it not only compromises practically every credit known credit file — we have no idea as to the actual scope of the damage — and they had over a month to prepare a response to the hack – which seems lukewarm, at best,” noted Anthony Davenport, CEO of Regal Credit Management in New York.

“Whether it is insider trading or not — the actions of management are highly suspicious — signifying that either they knew and acted before personal loss or that Equifax is a more inept company than previously thought — if their division heads were either this unaware or perpetuated an insider trading crime.”

Equifax’s consumer response to the hack — a “credit exposure checker” further complicates the situation for consumers, as signing up for the credit reporting service also contains fine print that limits your legal rights to join a class action lawsuit against Equifax. Davenport further noted “Definitely don’t sign up for their credit management — the legal fine print opts you out of any recourse in the future.”

This echoes comments in the Observer underscoring both the uselessness and risk of these monitoring tools — while ZDNET confirmed that Equifax’s breech checking tool is basically useless.

As a consumer — your best recourse at present is to fight fraud risk with fraud prevention:

1. Pull a multi-agency copy of your credit reports that are available through a federally mandated program available at www.annualcreditreport.com
2. Review and challenge any strange or unfamiliar credit requests and opened lines of credit, such as unknown or unauthorized bank cards
3. File a Police or Fraud complaint, if you find that your credit has been impacted
4. Periodically review your credit report for anomalies and look into 3^rdparty credit restoration or repair agencies — in the case that major fraud has occurred

As several lawsuits have recently been opened against Equifax in the hack, as well as investigations into the potential of insider trading having occurred, we don’t foresee this issue ending any time in the near future. To underscore this, there are even chatbots that will now allow you to open a lawsuit against Equifax — somewhat unprecedented, but also a sign of the times.