Common Law - The FindLaw Consumer Protection Law Blog

Your Credit Report Was Hacked, Now What?

Of all the hacks and data breaches going around lately, the last place you'd expect or want to get hacked is a credit reporting agency. After all, they're entrusted with an enormous amount of personal information and financial history -- a one-stop-shop for identity theft data.

So you'd hope that one of the largest consumer credit reporting agencies would have the latest and greatest when it comes to data security. You'd also hope that if one of those agencies were hacked, they'd address the issue ASAP. And maybe that addressing the issue wouldn't require victimized consumers to forfeit their right to sue.

Sorry to break it to you, but you're going to have to say goodbye to those hopes and hello to the Equifax hack.

No Small Hack Job

As Ars Technica described, it's hard to imagine how Equifax's data breach, or the company's response, could've been any worse. First, it affected 143 million people, nearly half the U.S. population. Second, the data exposed includes full names, Social Security numbers, birth dates, addresses, and even driver license numbers in some instances -- pretty much anything a criminal would need to steal your identity, set up accounts in your name, and destroy your credit history. (You know, the credit history Equifax was in the business of protecting and reporting accurately.)

And third, Equifax's response to the hack was, to be kind, less than optimal. The company waited almost six weeks to announce the breach, during which three top executives sold $1.8 million of their company shares, allegedly without knowledge of the hack. Although Equifax set up a website to let people discover whether they were victims of the breach, the website was not registered to Equifax, returned random and inaccurate results, and had so many security flaws of its own that some companies blocked it on the assumption that it was a phishing site.

Credit Reporting Class Actions

And then there was Equifax's advice if your information had been compromised: enroll its identity protection service, TrustedID, for free. Aside from the tone deaf request to give your personal information to the company that gave your personal to criminals, was a clause in the terms of service that apparently asked enrollees to forfeit their right to sue. Equifax contends that the clause doesn't apply to this particular data breach,but it certainly doesn't inspire confidence in consumers.

And many of those consumers have already filed lawsuits against Equifax. A class action lawsuit has already been filed in Oregon, claiming Equifax was negligent in failing to protect consumer data and seeking as much as $70 billion in damages. If you want to find out if your personal data was compromised, and what to do if so, perhaps don't trust Equifax to take care of that for you and contact an experienced lawyer instead.

Related Resources: