During September of 2017, the credit reporting agency Equifax reported that a data breach exposed the personal information of more than 140 million Americans. The leaked information put these people at risk for identity theft.
Equifax publicly acknowledged the data breach five months after it occurred. Many consumers found fault with the length of time between the when the information leak occurred and the credit reporting agency’s announcement.
U.S. District Judge Thomas Thrash recently issued an order appointing specific lawyers to lead a 350+ group of class action lawsuits against Equifax on behalf of Americans who experienced a negative financial consequence because of the data breach.
Equifax gets its information from public records and by purchasing public data. Credit card companies and banks also report consumer activity to the agency. Consumers don’t have to consent to Equifax collecting and storing their personal information, which is one of the aspects of this data breach that makes it unique.
Many of the class action lawsuits on file alleging that Equifax was negligent in their failure to report the breach to consumers in a timely manner. Some say that Equifax executives used the time between learning about the security breach and the official announcement to sell their stock in the company. The lawsuits also accuse the company of violating the Fair Credit Reporting Act.
In their original announcement last fall, Equifax announced that compromised personal information included Social Security numbers, addresses, birth dates, names, and some credit card numbers and drivers license numbers. Thousands of dispute documents were also among the exposed information.
However, forensic investigations revealed that the breach also included expiration dates for credit cards, email addresses, tax identification numbers, phone numbers, and issuing states for driver’s licenses. Equifax disclosed this information to the Senate Banking Committee in a detailed report and Senator Elizabeth Warren’s office gave it to the Associated Press this week. The documents also show that 145.5 million consumers are victims of this security breach. Equifax maintains that they were simply trying to provide a complete list of data that was accessed without permission and they didn’t intend to mislead the American public by omitting certain details of the breach.
Since the time when hackers accessed Equifax records, some consumers have had their identities stolen, home addresses changed, and accounts opened fraudulently in their name. Criminals have obtained fake driver’s licenses using stolen social security numbers, initiated mortgage loans, and made major purchases with stolen credit card numbers.
Consumers concerned about the safety of their personal information in the wake of the latest new releases have the option of voluntarily freezing their credit report through Equifax at no charge. Equifax has a website with additional information for people who have been affected by the security breach at www.EquifaxSecurity2017.com. Anyone with a Social Security number can find out if their personal information was compromised at this website.
Placing a fraud alert on credit reports is one way Equifax recommends consumers keep their information safe. The initial 90-day fraud alert enrollment is available at www.alerts.equifax.com. Equifax will contact the other two credit bureaus; Experian and Transunion on behalf of the consumer requesting a fraud alert.