How Equifax failed miserably at handling its data breach

Posted September 11, 2017

Expert consensus says Equifax bungled the breach and the subsequent response. Why is the Federal Bureau of Investigation interested? On its website the company characterized the change as a "clarification".

The free service only lasts one year - Embedded in the terms and conditions it says, "Your membership subscription may be subject to automatic renewal".

Equifax disclosed the data breach last week.

The process requires dealing with customer service agents at all three credit bureaus - Equifax, TransUnion and Experian - and keeping track of a unique pin number that you're going to need anytime you want to open a new account or move to a new apartment.

As of Sunday morning, the site seemed to be working in a way that you could find out if you were hacked, without fully enrolling in the Trusted ID program.

Although workers with Equifax stock in their 401 (k) accounts may be able to breathe easy, other Equifax employees might not be so lucky.

Maine's Bureau of Consumer Credit Protection is urging Mainers to consider temporarily freezing their credit report information to protect sensitive information such as their Social Security numbers that might have been comprised in a huge security breach at the credit reporting agency Equifax Inc.

The potential aftershocks of the Equifax breach should make it clear that Social Security numbers are becoming an unreliable way to verify a person's identity, Nathaniel Gleicher, the former director of cybersecurity policy in the White House during the Obama administration, said in an email statement. Credit bureaus like Equifax are lightly regulated compared to other parts of the financial system. However, this site has come under criticism because it asks consumers to enter the last six digits of their Social Security numbers.

Lorelei Salas, the commissioner of the city's Department of Consumer Affairs, lambasted Equifax's response to the breach in a September 8 letter to the company. They are also offering one year of free credit monitoring and identity theft protection to all of those who have been affected by this hack. Those are what John Ulzheimer, an independent credit consultant who previously worked at Equifax, called "the crown jewels of personal information".

The company set up a website,, that consumers can use to determine whether their information was compromised.

In the wake of the massive theft of personal identification information from Equifax (EFX), what can you do to protect yourself from cyber crooks?

Unfortunately, there isn't much that individuals can do in situations like this where big companies have data stolen.

Finally, keep an eye on your financial statements. Contact each credit reporting agency separately to place a freeze. Such PINs could potentially be brute-forced by someone attempting to unlock a credit report for the objective of identity theft. This is especially important if you know your information has been compromised. In Ohio, security freezes are permanent until you lift them. But be aware that when you use a security freeze, it may delay, interfere with or prohibit the timely approval of any request or application for a new loan, additional credit or applications for insurance, employment background checks, cell phones, etc.