Massive Equifax hack leaves millions of Americans at risk for identity theft

Inside Subprime: September 8, 2017

By Caroline Thompson

A cyberattack on Equifax, one of the three major credit reporting agencies, has potentially exposed sensitive information from 143 million Americans. The data leaked in the hack includes social security and driver’s license numbers, which means roughly half of all Americans with a credit report are at an increased risk of identity theft and fraud, said Pamela Dixon, executive director of the World Privacy Forum in an interview with The New York Times.

Exploiting a weak point in Equifax’s website software, hackers were able to gain access to customer names, birth dates, addresses and even around 200,000 credit card numbers. The company discovered the hack on July 29 and, according to reports, “took immediate action” to close the gaps in their online security. Yet, per SEC filings, Equifax’s CFO, its president for U.S. information solutions and the president of workforce solutions sold millions of dollars worth of Equifax stock less than a week later on August 1 and 2, a legally questionable move that has not endeared the newly troubled credit reporting agency to the press.

While this hack is arguably the most problematic data breech in modern history, it’s not the first time Equifax’s system of data protection has been found sorely lacking. Earlier this year, hackers stole W-2 data from an Equifax subsidiary company called TALX, and in 2016, an Equifax website was attacked by identity thieves who stole the W-2 and salary data of hundreds of thousands of American workers.

Those wondering if their data was leaked in the hack can visit and enter their last name and the final six digits of their social security number, then sign up for Equifax’s identity theft protection service for free until November 21. However, many consumers are complaining that this service is lackluster at best. Customers affected by the breach are greeted with this screen, and given no detailed information on how much of their sensitive data has been compromised.


Additionally, many Twitter users have pointed out that in signing up for the company’s free year of identity theft protection (which in itself is lacking, as those affected by the hack will need protection for decades, not just 12 months), you forfeit your right to sue Equifax directly or participate in any future class action lawsuits against the company.


“That’s right,” Tweeted U.S. Senator Elizabeth Warren, who helped create the Consumer Financial Protection Bureau in 2011. “Equifax fails to protect your data and then they demand you give up legal rights if you want to limit the damage they caused.”

The Consumer Financial Protection Bureau recently issued a rule that, if allowed to take effect, would ban companies like Equifax from writing arbitration clauses like this into the fine print of contracts. Unfortunately, partisan infighting has caused Republican lawmakers and lobbyists from the banking industry to try and block this potential regulation. California recently passed a law that will allow judges to void these clauses at their own discretion.

“The @‘s new rule would stop companies like @ from avoiding legal accountability like this — as long as @ doesn’t reverse it,” Warren wrote on Twitter Friday afternoon.

Have you been affected by this hack? You’ll want to take immediate steps to protect yourself from identity theft. Here are some resources from our blog and eBooks for dealing with financial fraud:

Visit OppLoans on YouTube | Facebook | Twitter | LinkedIn