The Equifax security breach should have you wondering who has your back when thieves steal your private data.
You’re best off if you assume the answer to this question is no one. The saddest storyline in the Equifax situation is the lack of respect shown to people worried their data may have been stolen.
Equifax is a global company that gathers data on how promptly people repay their debts and sells it to banks, car dealers, mortgage lenders, credit card companies and everyone else who lends money and wants to avoid deadbeat customers. If criminals use stolen Equifax data to try to borrow money in your name, these lenders and their fraud-detection systems are the thin black line protecting you.
We’re all in this together – Equifax, the companies that lend money and the everyday people who just want to borrow or set up a new credit card. But you’d never know this from the way Equifax and lenders have communicated with the public. Equifax has been miserly in providing information to people who may have been affected, while companies in the lending business have been pretty much silent.
The message here is that it’s all on you if you worry that you were affected by the Equifax security breach. Check your credit file or subscribe to a credit-monitoring service, everyone keeps saying. Do something because it’s your problem.
Cybersecurity expert Brian O’Higgins is critical of Equifax’s handling of the security breach, saying the company has “screwed up one time after another.” He’s more understanding about the lack of communication from the financial companies that are part of this story as well.
“Corporations never like to talk about this because, why paint a target on yourself?” said Mr. O’Higgins, a co-founder of the software security firm Entrust. “You can’t see a lot of upside in coming forward.”
Asked for a response to the Equifax situation this week, Visa Canada sent an e-mail that did address some customer concerns. “Because of advanced fraud-monitoring capabilities, the incidence of fraud involving compromised accounts is actually rare, and Visa fraud rates remain near historic lows,” the note said. Visa also said cardholders should remember that they are protected against fraudulent purchases through Visa’s zero-liability protection policy.
A MasterCard Canada spokesperson also cited a zero-liability policy. It basically says that you’re not responsible for unauthorized use of your card as long as you have safeguarded your card and PIN, and report any loss of theft of your card. Equifax has said it is notifying Visa and MasterCard about credit card information stolen in the security breach. The card companies are connecting with the banks and other financial firms that issue cards, who will in turn contact individual cardholders.
Approximately 100,000 Canadians may have had personal information stolen in a cyberattack against Equifax that also affected about 143 million Americans. The compromised Canadian information may include names, addresses, social insurance numbers and, in limited cases, credit card numbers. Equifax says it is sending letters to affected Canadians.
Mr. O’Higgins said the security breach will likely cause credit card issuers and other financial companies to use stricter internal checks before issuing cards and loans. But he also said lenders get paid when they lend money. Expecting them to hold up applications en masse due to concerns about fraud is unrealistic.
Equifax’s slow response to the security breach and the lack of reassurances from others in the financial sector have left people feeling stressed about their data privacy and the risk of identity theft. “I have been freaking out about the Equifax hack,” a reader said in a recent e-mail. “Where is the sense of urgency with our private data?” another said.
Mr. O’Higgins said diligent checking of your credit file once a month should help you notice any unauthorized activity (see this column I wrote last week for more info on this). He expects some new credit monitoring services to become available in the next while. In the meantime, Equifax (yes, the same company with the security breach) is offering people affected by the security breach free credit monitoring and identity theft protection.
For the people stressed about their private data being stolen, Mr. O’Higgins had this to offer: “There’s a lot of potentially bad stuff here, but there are a lot of checks and balances in the system.”