The views expressed by contributors are their own and not the view of The Hill

A year after Equifax, be prepared for the next data breach


One year after revealing the worst data breach in history, Equifax still hasn’t paid a price or provided the information and tools consumers need to adequately protect themselves.

On Sep. 7, 2017, Equifax publicly announced that data belonging to approximately 143 million American consumers had been accessed. (The final number was nearly 148 million.)  

By exposing sensitive personal information ranging from Social Security numbers and birth dates to credit card and driver’s license numbers, Equifax put consumers at risk of several types of identity theft and fraud.

{mosads}Since the revelation, U.S. Public Interest Research Group has been trying to ensure that consumers have the information they need to protect themselves, while simultaneously urging authorities to impose financial consequences on Equifax to prevent breaches of this magnitude from ever happening again.

Understanding the real threats of identity theft

Criminals can make fraudulent purchases on your existing accounts with credit card numbers alone. But with the data stolen in the  Equifax breach — Social Security numbers and birth dates — a criminal has the keys to commit new account identity theft and several other types of fraud.

For example, an ID thief can try to obtain new credit cards or loans, order the latest smart phones on payment plans, open utility accounts, create bank accounts, file taxes, collect Social Security benefits and possibly get health care or medical services, all in your name.

Coupled with your driver’s license number, which could be used to create a fake ID card, an identity thief could also try to lease an apartment, apply for a job, get insurance, or even commit crimes in your name.  

As long as our society uses Social Security numbers as a primary way to  verify our identities, you are at risk of such fraud and the accompanying harm to your finances, reputation and peace of mind.

Protecting yourself after the Equifax breach

Due to the prevalence of data breaches, you should protect yourself against identity theft, whether your information was stolen in the Equifax breach or not. Below are ways to prevent or detect the types of identity theft and fraud made possible by the Equifax breach:

More tips for preventing and detecting identity theft are available here. Additionally, the government website identitytheft.gov will walk you through actions you can take if you’re victimized.

Actions taken but failure to hold Equifax accountable

Despite congressional hearings, lawsuits, government investigations, proposed legislation and a consent order in the last year, Equifax still has not paid any penalties or fines for putting consumers in harm’s way. With no punishment and its earnings on the rise, will Equifax do everything possible to prevent another breach?

Without financial consequences, there’s no reason for credit bureaus to take our data security seriously. Any reasonable action should stop the bad behavior, punish the wrongdoer and compensate victims.

At the very least, breached companies should have to provide consumers clear information about how to protect themselves against most types of identity theft.

Ultimately, we are not the customers of Equifax or the other credit bureaus — we are their product. We did not ask them to collect or sell our personal information, or give them permission.

Mike Litt is the campaign director for the U.S. Public Interest Research Group, a federation of organizations that employ grassroots organizing and direct advocacy with the goal of effecting political change.