The breach affected 147 million people.
Had the stakes not been so high and the breach so egregious, Equifax’s bungled response one year ago to the theft of 147 million consumers’ personal data from its computer servers could have been considered comical.
The credit agency kept news of the hack quiet for a month after its internal discovery, giving executives time to sell almost $2 million in shares. Once the news went public, Equifax first insisted that customers waive their right to a class-action lawsuit before accepting any credit protection; after an outcry, it backed down. A typo in a tweet from Equifax’s account directed customers to a phishing site instead of the actual website the company set up to tell customers if they’d been affected, which didn’t really work anyway.
A year after the hack, the lack of penalties for the company’s failures is equally laughable. Stock prices bounced back. Former CEO Richard Smith retired with his full $90 million package. No U.S. federal agency has made any move to punish the company.
Meanwhile, consumers’ best shot at protection is still to take on the cumbersome process of freezing their credit at all three U.S. credit agencies themselves, knowing that any identity theft that happens as a result of the hack will be on their shoulders to fix too.
The one-year anniversary of the Equifax breach has frustrating parallels to the 10-year anniversary of the global financial crisis, another inauspicious milestone, with the watershed collapse of Lehman Brothers 10 years ago on Sept. 15. While many of the institutions whose missteps created the disaster have recovered and thrived in the decade since, millions of private citizens have not—people who lost homes and jobs, whose savings have still not recovered from the fallout of the crisis.
U.S. senators Elizabeth Warren and Mark Warner have introduced a bill to hold credit agencies accountable for data theft. “Companies like Equifax do not ask the American people before they collect their most sensitive information,” Warren wrote in a Sept. 6 letter to the Consumer Protection Bureau and Federal Trade Commission asking for an update on their Equifax investigations. Private individuals have had to be accountable for the impact of these mistakes; it’s only fair that the companies that cause them should too.