Welcome!
2017-09-22 17:43:03
Your Money: Why the Equifax Breach Stings So Bad

Among the 2,000 or so enraged messages that I received after the most recent Equifax data breach, the wish that came up most often was that Richard F. Smith, the company’s chief executive, be pushed out the door.

But the messages also reflected something I had not seen before, not even after the scandals at Wells Fargo and Volkswagen, even though those companies committed similarly egregious offenses. It was a sense of helplessness, the recognition that we are at the mercy of an industry that makes money off our data, treats us with disdain and answers to no one.

“They have taken our information to sell it for their own profit,” said Brian Schill of Spring Branch, Tex., who recently retired. “And all of a sudden, we find that none of this information is really safe. We’re all vulnerable to these kinds of attacks.”

Why do we feel like we’ve been laid so utterly bare? You wrote to me about your uneasiness at the unceasing judgment of Equifax and its partners in oligopoly, Experian and TransUnion, which size you up and score you using algorithms that determine how much you must pay for the most expensive things you buy.

You also described the resentment you feel over being trapped in Equifax’s vast web of data, with no recourse and no ability to opt out. Finally, there were expressions of pure, raw fear about losing your money and reputation, particularly if you had to endure a long, hard slog to get good credit.

The credit reporting industry exists to take bland numbers, run them through mysterious algorithms and then spit out report cards and scores. These become final, generally unappealable judgments that dictate the interest rates that consumers pay on mortgages, car loans and anything else that requires borrowing.

Everyone from auto dealers to home loan officers sees the grades that Equifax and its counterparts distribute with the help of a company called Fico. If you’re not up to snuff, a stranger at a desk or counter may inform you to your face that your dream house is out of reach or that you won’t have a car to drive to work.

“It’s going to dawn on people that we are defined by these descriptors, markers and measures, but we have no meaningful informational rights to them or over them,” Sarah Bloom Raskin, who served as deputy Treasury secretary during the Obama administration, said in an email this week.

The credit reporting industry begins with a sort of entrapment, said Amanda Steinberg, chief executive of DailyWorth, a financial website geared toward women, when we discussed the breach this week.

If you want to do business with just about any financial services company, you must agree to allow it to report your payment history to the credit reporting agencies. This is reasonable in theory: An accurate central repository of data ought to make getting credit easier and cheaper.

But there does not appear to be any way to step out of the system unless you can live a life completely free of the need for credit, mobile phones and many jobs (since employers often make a credit check a condition of employment).

And if the information in your credit report turns out to be wrong, good luck getting the bureaus to fix it, as the Consumer Financial Protection Bureau revealed in a report this year. The industry’s cynical response to its own sloppiness has been to sell highly profitable monitoring services to people who fear errors and identity theft.

Want to get in touch with the credit-reporting agencies about your credit report or the fact that a thief may have a pile of your data? Good luck. Zeke Trautenberg, who lives in Los Angeles, spoke to two people answering Equifax’s phones after the breach. They told him they had no databases of information about what had happened or even any internet access to look simple things up.

“It was kind of like calling into a black box,” he said, adding that he had been told: “`We can’t contact anyone at headquarters. We don’t even have their phone number.’”

The frustration does not end there.

Equifax persisted for days in charging many people for the privilege of freezing their credit files. Such a freeze is helpful because a new creditor cannot obtain a credit report on a person who has one and thus cannot loan money to a criminal impersonating that person. Equifax eventually relented and said it would stop charging fees for freezes, even as its horror show of a website was still charging fees days after the announcement.

Richard Russell of the Bronx questioned whether Equifax might have an incentive to be casual about security so that it could turn around later and charge what amounted amounts to protection money. “Isn’t that what this credit freeze is essentially?” he asked in an email to me this week. “In many parts of the world, this would be labeled extortion.”

It was only when I searched my Equifax-related email for the words “fear” and “scared” that I fully understood just how defeated so many people felt about walking around with data leeches permanently attached to their wallets.

Diane Beeney, who lives in York, Neb., said in an interview that she couldn’t even bring herself to put the last six digits of her Social Security number into Equifax’s website — which is what the company demanded right off the bat of people who wanted to determine whether their information had been compromised.

“I’m not very tech savvy, but I’m very tech wary,” she said. “There is just too much of this stuff out there that nobody has any control over.” For the moment, she has no idea what the status of her data is, because Equifax has not directly informed people who may have been affected by the breach. It could send them letters, but it has chosen not to so far.

Many of those who have tried to protect themselves in the wake of the breach have been left feeling as though they are not in good hands. Consider the revelation that the president of Equifax’s information solutions unit in the United States and its chief financial officer sold stock after the breach was discovered but before it was made public. If they knew about the break-in, they violated insider trading laws. The company says they did not know.

Even if you take Equifax at its word, despite its complete lack of credibility at this point, you are still left to wonder this: In what sort of company would Mr. Information Systems and Mr. Money not be in the loop on a problem like this? “That’s also horrifying,” said Cristi Page of San Diego. “They’re either unethical or they’re incompetent. Neither of those inspire much confidence.”

Imagine that you, like Mr. Schill, were a recent retiree. You don’t want to go back to work if you can help it. Along comes the Equifax breach. Soon, you are reading totally frightening but utterly real tales of criminals taking over investment and Social Security accounts, and you wonder about your carefully laid plans. “I don’t want to see this go up in smoke,” he said.

So what now? Mr. Smith, Equifax’s chief executive, could be forced out at some point, perhaps to slink off to a cushy role at an investment firm, where his new colleagues will pat him on the back and say: “You know, it could have happened to any of us.”

The big banks and other companies will continue to hand our data to Equifax, because why wouldn’t they? But maybe they will be worried enough about their own companies’ potential losses to fraud that they will develop stronger security and identity verification measures that don’t depend on the very data that just got stolen.

And could a few of them please step up, abandon the cloak of anonymity and offer some critical words about any part of this debacle? So far, the only thing I’ve heard out of the banks is a note from Citigroup asking that we not use its credit card images in our Equifax reporting.

As for the credit reporting industry, various elected officials and regulators now have it in their sights. I’m all for the free credit freezes that some politicians hope to require, so by all means sign the Identity Theft Resource Center’s online petition in support of this cause.

It would be better, though, if officials at the three agencies did not wait to make changes until after they have been forced to march before television cameras in Washington. Why not act now and make it easy for us to freeze all three of our major credit files at once, for free, without having to sign away our legal rights or subject ourselves to the companies’ ceaseless spam? Given that it’s our data that they have, it’s high time we gained more control over who uses it and when.