From May to July of 2017, a security breach at Equifax compromised the personal and financial information of 145.5 million consumers exposing Social Security numbers, credit card numbers, drivers licenses, addresses, and dates of birth. This was the largest theft of such information in American history and the scale of the breach means that nearly every adult in the United States is now at significant risk of identity theft and the use of their personal information for fraudulent purposes.
Data Protection Was Not a Priority
An audit conducted in April 2017 by Cyence, a cyber risk analysis firm, concluded that there was a 50% probability that the company’s servers could be hacked within the course of the year. Moreover, FICO had raised alarms for years and had issued the company a low score for data security following audits that showed multiple flaws in Equifax’s security protocols and procedures. Investigations have shown that the company negligently failed to take appropriate measures to lock down consumer data and seal holes in their security envelope that exposed consumers to identity theft even in the wake of other large-scale security breaches that occurred at Target and other retailers.
Potential for Greater Oversight
In the past, the credit bureaus have managed to fend off numerous calls for greater penalties for security breaches and legislative oversight of the industry. However, the size and scope of this recent breach mean that it will not be as easy to do this as it was under previous administrations as pressure from the public and state legislatures mounts. While it is possible that Congress will pass legislation granting consumers greater protections when breaches occur, it is also possible that legislators will pass watered-down legislation that doesn’t increase penalties for security breaches, require stricter data security measures, or require more efficient reporting and notifications when breaches occur.
Locking Down Personal Data
Consumers should not delay in locking down their personal financial accounts and credit reports. This includes monitoring bank and credit accounts for suspicious activity as well as placing fraud alerts with TransUnion, Equifax, and Experian. An FCRA attorney can help clients understand their rights and take the appropriate measures to protect their personal information and the security of their finances. When breaches like this occur, companies such as Equifax can be held liable for the financial damages and distress that their negligence causes to consumers.