Who put the “free” in “credit freezes? The U.S. Congress did.
Hard to believe it has been a year since Equifax was hacked exposing 147 million Americans to potential identity theft, but the company has yet to be punished. However, eight states’s banking regulators and Equifax are working to fix the credit bureaus’ data security flaws.
In July 2017 Equifax’s security department identified and started investigating suspicious activity associated with the part of its website where consumers could dispute information on their credit reports. But Equifax didn’t publicly disclose the breach until September 7th, six weeks later.
U.S. PIRG, a consumer advocacy group, says if Equifax had not been so negligent, the breach may never have happened. Four months before the hacking, Equifax could have fixed a known security vulnerability.
The company also botched its response by:
• Delaying public notification for six weeks
• Setting up an online search tool that provided faulty results about which individuals were affected
• Directing consumers to a fake website
• Initially including arbitration language that forced consumers to sign away their rights to a day in court
• Failing to offer consumers full protection from new account identity theft — which Equifax still hasn’t done.
The best way consumers can protect themselves, whether they were affected by the breach or not, is to get credit freezes at all three major credit bureaus: Equifax, Experian and TransUnion. Credit freezes prevent identity thieves from opening new credit accounts in the names of people whose information they have stolen.
In many states, credit freezes now cost between $3 to $10 per bureau. However, a new federal law will eliminate fees for credit freezes across the country on September 21st.
But waiting could be more costly to consumers in the long run. Each day that goes by is another day an identity thief could open accounts in the names of people who don’t have freezes on their credit reports.