One year after revealing the worst data breach in history, Equifax still hasn’t paid a price or provided the information and tools consumers need to adequately protect themselves.
On Sep. 7, 2017, Equifax publicly announced that data belonging to approximately 143 million American consumers had been accessed. (The final number was nearly 148 million.)
By exposing sensitive personal information ranging from Social Security numbers and birth dates to credit card and driver’s license numbers, Equifax put consumers at risk of several types of identity theft and fraud.
{mosads}Since the revelation, U.S. Public Interest Research Group has been trying to ensure that consumers have the information they need to protect themselves, while simultaneously urging authorities to impose financial consequences on Equifax to prevent breaches of this magnitude from ever happening again.
Understanding the real threats of identity theft
Criminals can make fraudulent purchases on your existing accounts with credit card numbers alone. But with the data stolen in the Equifax breach — Social Security numbers and birth dates — a criminal has the keys to commit new account identity theft and several other types of fraud.
For example, an ID thief can try to obtain new credit cards or loans, order the latest smart phones on payment plans, open utility accounts, create bank accounts, file taxes, collect Social Security benefits and possibly get health care or medical services, all in your name.
Coupled with your driver’s license number, which could be used to create a fake ID card, an identity thief could also try to lease an apartment, apply for a job, get insurance, or even commit crimes in your name.
As long as our society uses Social Security numbers as a primary way to verify our identities, you are at risk of such fraud and the accompanying harm to your finances, reputation and peace of mind.
Protecting yourself after the Equifax breach
Due to the prevalence of data breaches, you should protect yourself against identity theft, whether your information was stolen in the Equifax breach or not. Below are ways to prevent or detect the types of identity theft and fraud made possible by the Equifax breach:
- Existing account fraud: Check your monthly credit card and bank statements.
- New account fraud (including cell phone, credit card, loan and utilities): This is the most preventable type of identity theft. Get credit freezes at all three nationwide credit bureaus — Equifax, Experian and TransUnion. A new federal law will eliminate fees for those credit freezes for all consumers on Sep. 21. We also recommend credit freezes at a fourth bureau, the National Consumer Telecom & Utilities Exchange.
- Tax refund fraud: File your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.
- Social Security benefits fraud: Sign up for your “my Social Security” (MySSA) account before thieves claim it and change your direct deposit info to their own checking accounts.
- Health care services/medical benefits fraud: Sign up for online accounts with your health care and insurance providers to periodically check for fraudulent services on your statements.
- Other fraudulent activity: Check your free annual consumer reports with companies that specialize in collecting information often misused by criminals.
- Phishing scams: Ignore unsolicited requests for personal information by email, links, phone calls, pop-up windows or text messages.
More tips for preventing and detecting identity theft are available here. Additionally, the government website identitytheft.gov will walk you through actions you can take if you’re victimized.
Actions taken but failure to hold Equifax accountable
Despite congressional hearings, lawsuits, government investigations, proposed legislation and a consent order in the last year, Equifax still has not paid any penalties or fines for putting consumers in harm’s way. With no punishment and its earnings on the rise, will Equifax do everything possible to prevent another breach?
Without financial consequences, there’s no reason for credit bureaus to take our data security seriously. Any reasonable action should stop the bad behavior, punish the wrongdoer and compensate victims.
At the very least, breached companies should have to provide consumers clear information about how to protect themselves against most types of identity theft.
Ultimately, we are not the customers of Equifax or the other credit bureaus — we are their product. We did not ask them to collect or sell our personal information, or give them permission.
Mike Litt is the campaign director for the U.S. Public Interest Research Group, a federation of organizations that employ grassroots organizing and direct advocacy with the goal of effecting political change.