Equifax draws fire for bungled response to data breach

How Equifax "bungled" its response to massive data breach

It's full on corporate chaos at Equifax. The credit bureau, which announced September 7 that a hack revealed the Social Security numbers and other personal identification details of 143 million people, is scrambling, and that's a polite way of describing the mix of confusion and ineptitude the company has displayed since the scandal broke. 

An Equifax website where people are directed to input the last six numbers of their Social Security number to determine if they are victims of the breach was initially accused of giving people inaccurate or conflicting results, not to mention a directive to return another day. Some also found phone representatives less than helpful. 

After the hack, reporters quickly discovered that three senior Equifax executives -- including the chief financial officer -- suddenly sold off almost $2 million in stock within a few days of when the company said it had determined information was compromised. Equifax denies any insider-information-based trading by employees, and maintains the sales were a coincidence.

Even Equifax's attempts to make right came off wrong. Consumer advocates dismissed as inadequate the company's offer to let consumers affected by the breach use its credit-monitoring product free for a year, rather than arrange a credit freeze. Others decried this seeming attempt to charge hack victims for the corporate behemoth's carelessness, since Social Security numbers are compromised for life -- not simply a year. 

But how will this incident and its fallout impact Equifax going forward? Probably not as much as you think.  

Critics condemned Equifax for waiting to announce the breach in the company

Don't be fooled by the stock's 20 percent drop since news of the breach, the 30 (and counting) lawsuits filed against Equifax for prioritizing their own bottom line over protecting consumer data, the financial damage to shareholders or the announcement of an investigation by New York state Attorney General Eric Schneiderman.  

Yes, there are likely to be settlements with various government entities requiring payouts, and money will almost certainly be turned over in class-action lawsuits. But assuming this scandal will cause significant long-term harm to Equifax requires you to believe that banks and others that regularly use the firm's credit reports and scoring will abandon the company en masse for one of its two main rivals, TransUnion or Experian. 

That's never happened before. And it's not like the credit reporting services are stellar corporate citizens. A 2012 survey by the Federal Trade Commission discovered more than 20 percent of those they questioned found at least one error on a credit report. More recently, the Consumer Financial Protection Bureau (CFPB) says Americans' grievances with the credit-monitoring companies are among the top complaints the federal regulatory agency receives, beating out credit card disputes and student loan issues.

This is not exactly a surprise. Although the information contained in your credit report can cost you a job, or an apartment, or result in you paying higher interest for borrowed money (and whether you'll get any at all), you aren't the customer here. Equifax's main business is in trafficking your information, so others, like banks and landlords, can decide whether to issue you credit. They are the ones paying the bills. 

Stock analysts have been quick to suggest that investors are overreacting to Equifax's woes. Yes, there will be financial hits, the reasoning goes, but it's not likely the business itself will suffer significant erosion. 

"We believe that Equifax's entrenched oligopolistic position in its core credit bureau business is unlikely to be affected," said Brett Horn, a senior equity analyst for Morningstar, in a note.

Why did Equifax wait six weeks to announce cyberattack?

In other words, whether you approve or disapprove of Equifax – or Transunion and Experian -- collecting your financial vitals doesn't matter. They're going to do it anyway. 

"It's not a consumer market," said Joe Valenti, director of consumer finance for the Center for American Progress.  

That's worrisome given that government regulation of the firms possessing our personal and financial data is less than stringent, reflecting the lobbying prowess and political firepower of the financial services industry. Slipshod security that leads to successful hacks is generally greeted with a wrist slap by government authorities. As Horn rather matter-of-factly noted in his report, "Historically, fines for these matters have been manageable."

All this also goes a long way toward explaining why Equifax's response is so ramshackle. From a public relations standpoint, expecting it to handle a consumer crisis of this magnitude with ease is like expecting a child who has mastered a tricycle to suddenly turn up driving a multi-speed bike. 

That's not to say Equifax will feel no impact from the widening scandal. And for consumers, there may be a silver lining. 

After the Equinox breach, the odds are now lower that Congress will succeed in overturning a CFPB rule designed to curb the use of mandatory arbitration in consumer contracts with financial services firms.

Over the past decade, everyone from employers to cell phone providers, credit card issuers and companies peddling credit protection services put language mandating private arbitration in their contracts with customers. That denies people the right to join a class action if they believe they've been harmed by the company's product or actions. 

Number of impostor scams surpass identity thefts

Last year, the CFPB proposed regulations that would impose limits on this practice among the financial firms it oversees, freeing consumers to turn to the courts as a group. (The companies will still be allowed to insist on arbitration for individual disputes.)

The federal agency published the final version of the rule earlier this summer. Congressional Republicans like Rep. Jeb Hensarling, R.-Texas, chairman of the House Financial Services Committee, immediately announced they would try to repeal it via the Congressional Review Act, the legislation that permits lawmakers to overturn regulations initiated during a previous presidential administration with a simple majority vote, as long as it happens within 60 legislative days. (That's looking like it will be October or November for this rule.)  

The House of Representatives also voted to overturn the CFPB rule. The White House quickly published a statement saying presidential advisers would counsel President Donald Trump to sign the bill should it reach his desk. 

The Senate was always going to be a closer call. Democrats appeared unified against any move to repeal the CFPB rule limiting "forced" arbitration, as the practice is known. Sen. Lindsay Graham, R.-South Carolina, also announced his opposition. A number of other Republicans -- perhaps mindful of polls showing that almost nine out of 10 people regardless of political party want the right to join class actions against banks -- appeared less than certain to join their House colleagues in rescinding the rule.

Enter Equifax. That offer of one year of free credit monitoring initially contained language suggesting that hacked consumers might be giving up their rights to join class actions by signing up for the service. The public reaction was immediate: outrage. Equifax says it isn't so, and ultimately removed the disputed phrasing, but the damage was done. 

The tide of negative publicity could make lawmakers think twice about moving to gut a rule that consumers overwhelmingly support and that gives them legal options when our financial gatekeepers fail so spectacularly to lock the gates. 

"This gives opponents of rolling back the rule more of an angle to pressure, to slow down, and, in fact, stop it," said Ed Mierzwinski, the consumer program director for U.S. PIRG, a consumer advocacy group.

Pro tip: If you are going to promote overturning consumer rights legislation, don't allow untold harm to happen to consumers on your watch. 

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.