Quote

Equifax has consistently failed in their duty to protect data. The company should be forced to offer a permanent lifetime credit freeze for FREE. Or absent of that, wind them them down. They are completely incompetent and should not be allowed to be in this business in my opinion.

The company’s first order of business ought to have been to create a simple way for people to figure out if their data was potentially compromised. On this count, Equifax failed at first.

On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.) I received no “message indicating whether your personal information may have been impacted by this incident,” as the site promised. Instead, I was bounced to an offer for free credit monitoring, without a “yes,” “no” or “maybe” on the central question at hand.

By Friday morning, this had changed, and I got a “your personal information may have been impacted by this incident” notification. Progress. Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message.

..

Now, to the remedy. The company is offering one free year of credit monitoring to all Americans, not just the ones whose data was stolen. It includes the ability to turn your Equifax credit report on and off, to keep thieves from applying for credit in your name using information they stole from Equifax and to have access to your Equifax report to do so.

That’s all well and good, except that the thieves might use the stolen information to apply for credit with lenders that check the credit reports only at the other big agencies, Experian and TransUnion. So this protection is incomplete.

And why just a year? Who knows? Isn’t this an invitation to the thieves to sit on the data for a while and then use it when all of us have moved on?

Meanwhile, people can’t easily change their Social Security numbers to thwart the thieves. So if any bad actors have your personal data, those numbers will be useful for years, maybe decades, depending on how the credit system changes over time.

Equifax should have made the monitoring last forever. Since it didn’t, it will now be able to solicit everyone who signs up for its year of free service. And what do you want to bet that the company will offer an extension bright and early on day 366 for, say, $16.95 per month?

So, yes, your worst suspicions are now confirmed. Equifax may actually make money on this breach. We would expect nothing less from the credit reporting industry, with which few of us would choose to do business but nearly everyone has to sooner or later.

In the meantime, here’s hoping that this breach is the nudge you need to finally sign up for permanent freezes on your credit files. I’ve used them for years, and here’s how they work. You sign up (and pay some fees, because you knew it wasn’t going to be free to protect data that you didn’t ask these companies to store, right?) at Equifax’s, Experian’s and TransUnion’s websites. Christina Bater, managing director at Barrett Asset Management in New York, suggests freezing your file at the little-known company Innovis, too. Hey, why not?

..

And then there’s this: A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. That’s what happened here, and we will now spend years seeing what happens next.