Equifax progress reportAfter being lampooned by all manner of media, consumers, security professionals and even government officials for the manner in which it handled last week’s disclosure of a massive data breach, Equifax has updated its site with a progress report in response to the numerous complaints. One shorter update was posted on Sept. 8, just one day after the breach, which exposed a whopping 143 million U.S. consumers’ personal information, was announced. The other progress report was posted Sept. 11 and contained far more details on the changes made to the data breach alert website. As we were among the voices calling out Equifax for how poorly it has dealt with such a devastating failure, we thought it would be prudent to go over the changes and updates noted in this Equifax product report made to let consumers know what they mean.

What updates has Equifax made to respond to critics?

  • Fixed the exposure status tool: One of the chief complaints made in the first couple of days after the breach was disclosed involved the tool Equifax created which let consumers see whether or not they were exposed. Several of our own staffers, as well as many other bloggers and reporters, noted that the website seemed to provide either nothing in the way of substantial information or — worse — conflicting information. Some even reported that entering falsified information led to similar results, leaving many wondering whether or not the tool was just a front to make it look like Equifax was doing something. As of Sept. 8, however, changes have been made to ensure that those who use the tool to check their exposure status get a firm yes or no result, along with an enrollment date to sign up for free credit monitoring and identity theft protection.
  • PIN security enhancements: Another worrisome discovery by those investigating this breach response was the woeful insecurity of PINs generated for those who requested a credit freeze from Equifax — instead of being randomly generated, they appeared to be created sequentially based on the time-date stamp from when the request was processed. As of the Sept. 11 progress report, Equifax noted that it had made adjustments to the way PINs generate to ensure randomization and enhance security.
  • Clarified TrustedID Premier enrollment terms: Much ado was made about the inclusion of an arbitration clause in the terms of service for TrustedID Premier, the Equifax-owned credit monitoring and identity theft protection service being provided to all U.S. consumers for free. Given that lawsuits are already accruing against the credit bureau as a result of this data breach, many people were alarmed at the idea that enrolling for TrustedID Premier or simply checking to see if their information was exposed was enough to waive their right to participate in future legal action. Equifax has clarified that enrollment in TrustedID Premier will not negate anyone’s right to take legal action, and it also removed the language from its terms of service entirely. Additionally, the credit bureau noted that it does not require credit card information during enrollment, nor will those who take advantage of the free year of credit monitoring and identity theft protection be automatically re-enrolled or charged when that year is up.
  • Added more call center support: Those who want to talk to someone directly will be relieved to know that Equifax has been increasing the number of agents staffing its call centers. As of Sept. 8, it claimed it had 2,000+ people working to answer the phones, and it was doing its best to work around issues caused by Hurricane Irma to keep the lines open, despite a number of centers being located in areas impacted by the storm. As a reminder, the call center’s hours are Monday through Sunday, 7:00 a.m. to 1:00 a.m. ET.

What these updates mean for you

Many people are still upset with and suspicious of Equifax, for good reason. The credit bureau has bungled just about every aspect of this data breach, and chances are the full extent of the damage is not yet realized. Rumors that top executives used knowledge of the breach to sell company stock before it was disclosed to the public are circulating, which could lead to some serious legal trouble if proven true. Similar to other massive breaches, such as the one that hit the Office of Personnel Management in 2015 and the infamous Target breach of 2013, it’s likely that this one will be drawn out — especially since nearly every person in the U.S. with a credit file is potentially implicated. As such, we created a section of our blog dedicated to the Equifax breach for readers to bookmark and return to as the story updates. If you are concerned about your credit health and identity, you can read our identity theft protection blog for tips and information on how to check your credit reports, look out for the signs of identity theft and much more. And be on the lookout for a firsthand account of the enrollment process for TrustedID Premier.