What did we learn from the Equifax breach?Two months ago, Equifax reported what was one of the biggest data breaches in history. Impacting over 145 million consumers, a number comparable to nearly 45 percent of the U.S. population, the Equifax breach was a devastating blow for both consumers and the credit reporting industry at large. While the impact of such a massive breach will be felt for years to come, the dust surrounding the initial incident has started to settle, making now a good time for reflection. Continue reading as we cover the major takeaways for consumers regarding the Equifax breach.

The credit reporting industry must change

For years, it was believed that companies and organizations that managed personal information could be trusted to secure and protect that data. While previous data breaches have dented this trusting facade, the Equifax breach has changed this altogether. That’s because consumers are now aware that they live in a world where they are the product rather than the customers of credit bureaus. This business model is reflected on some level by practices like charging consumers for credit freezes, one of the few options individuals have for securing their credit. Though a single freeze is inexpensive, as it usually ranges from $5 to $10, the expense can rack up pretty quickly when you take into account the need to not only freeze all three credit reports, but also unfreeze them if you intend to open new credit.

Possibly the biggest issue the Equifax breach brought into the limelight is the fact that credit bureaus may inadvertently serve as a contributor, rather than as a solution, to identity theft. It’s very likely that the issues which led to the Equifax breach were systemic, if not across the industry as a whole. As early as last year, a security researcher commented on Equifax’s improperly configured security setup, which allowed them to search a public site for personal information, among other things. On top of that, Equifax wasn’t the only bureau riddled with security issues, as Experian’s PIN verification tool posed a security risk and a number of other sites, including AnnualCreditReport.com, were vulnerable to the same security issue as Equifax.

These problems are made worse by the fact that consumers don’t consent to the credit bureaus‘ collection of their information. Since credit reporting doesn’t require “opting-in,” consumers can be seen as captives of the credit bureau industry in a relationship that’s colored with systemic negligence. In fact, the three bureaus just might be the most complained about companies in the country, and aside from the issues highlighted by the Equifax breach, other problems, like credit report errors, further illustrate a lack of commitment to consumers. Unfortunately, the industry has never conducted an internal investigation on credit report errors, but in its own investigation, the FTC found that at least one in five credit reports (or 40 million reports) had errors. Regardless of the true credit report error rate, it’s clear that industry practices, such as partial social security number matching, can cause severe credit report errors and make certain kinds of identity theft much easier. In some cases, these problems prove to be so complex that consumers are left with little recourse beyond suing credit bureaus, assuming they can even afford an attorney. Consumer advocates suggest that from the bureaus’ perspective, it’s simply cheaper to settle lawsuits than to revamp the system entirely.

Change is coming (but the process will be slow)

Although the failures of Equifax and the credit reporting industry at large might give consumers reason to be pessimistic, there’s a small silver lining to all of this. The growing severity of these issues has led to the formation of unlikely alliances that want to tackle the issue. Essentially, we’ve reached the point where nearly everyone is mad enough to want to do something. A growing coalition of lawmakers, public officials, consumer advocates and private sector actors are seeking to implement alternatives to the existing credit system. Some proposals are as simple as eliminating fees on credit freezes, allowing more flexible access to credit reports and increasing the security around the distribution of credit reports. More radical suggestions propose that the current system be done away with entirely, given that social security numbers have been stretched beyond far beyond their intended purpose.

With so many stakeholders stepping up, it looks like the future of the credit industry will be more consumer-friendly but, sadly, in the near term, things don’t look so good. Just last month, Congress overturned a federal rule created by the Consumer Financial Protection Bureau to allow consumers to take companies like Equifax to court. To add insult to injury, Equifax was awarded a lucrative contract to serve the IRS, although the contract is now officially on hold.

Consumers aren’t technically doing all they can to combat identity theft

The Equifax breach has shown us that preventing identity theft is a two-way street. While companies like Equifax have failed to hold up their end of the bargain, consumers haven’t been doing everything in their power either. Although consumers don’t have the ability to stop identity theft from happening entirely, they should play a role in minimizing its impact. Until companies start taking their role as guardians of personal data seriously, the reality is that consumers will need to be on double duty, making it extra important that they take identity theft protection seriously. Here are some of the things you’ll need to do in the near future to stay safe:

  • Check your credit using AnnualCreditReport.com and credit monitoring resources. Because data breaches are on the rise, you should at the very least make sure you’re checking your credit reports at least once a year through AnnualCreditReport.com. If you don’t already know, every citizen is entitled to one free copy of all three credit reports (Experian, TransUnion and Equifax) every 12 months, which is something you should definitely take advantage of. While checking your reports more frequently than that is optional, it’s becoming increasingly beneficial to do so, as identity theft can happen at any time. If you’ve already checked your credit reports this year, or you want to regularly keep tabs on them, you may want to consider investing in a credit monitoring service, which not only provides you with credit reports and scores upon signup, but also alerts you when something has been changed or added on your reports or scores. Alternatively, you can monitor at least one of your credit scores for changes through a growing number of banks and credit cards now offering access to free credit scores. If you opt to monitor only one credit score, you should know that it isn’t the best way to catch potential fraud, as new accounts can appear on your other two credit reports and you’ll have no idea.
  • Keep an eye on other financial accounts and statements. In addition to monitoring your credit, you’ll want to also watch your financial accounts for strange or unfamiliar activity. Credit card and banking statements are obvious areas of focus, but make sure to monitor your billing statements for changes you didn’t make, such as an address change. Additionally, whenever possible, enable two-factor authentication to ensure that you can prevent someone from easily making changes to your online accounts without you noticing.
  • Freeze your credit. If this breach has taught us anything, it’s that freezes are very valuable, which is why Equifax is now offering them for free until the beginning of next year. While credit alerts are always free, they don’t have the power that freezes do. Freezes will ensure that no one can make changes to your credit; however, you’ll still have to monitor existing accounts to stop any suspicious activity related to those accounts. Want to learn more about credit freezes? Our guide to freezing your credit details what they are, how they can protect your credit and how you can freeze your credit.
  • Reduce your attack surface. We’ve talked many times before about how your attack surface can often determine whether or not your information can be easily hacked. To reduce your attack surface, you should remove your payment information from online services, especially those you don’t use frequently, close out old accounts and use two-factor authentication on all of your remaining accounts.

Although everyone is still reeling from the Equifax Breach, it’s important to not develop data breach fatigue and to keep up with the cybersecurity and breach-related developments. Keep reading our data breach blog to do exactly that.