Equifax Breach UpdateSeptember 13, 2017 | Shari Claire Lewis |
Equifax’s response to its recent data breach is evolving, and so should yours.
Piling on to the initial public fury regarding Equifax’s announcement of its data breach weeks after it occurred is the outrage that many feel about the credit reporting agency’s response.
Cyber pundits and the public at large were particularly peeved by Equifax’s provision of only one year of free monitoring, the requirement that a consumer enter personally identifiable information (PII) into Equifax’s website and agree to waive the right to sue, and the limitation of its offer to its own credit reporting services.
Serious questions abound. What if the stolen information was used apply for credit with Experian or TransUnion only? And what would happen after the one-year period? Would Equifax be using the list of consumers to solicit future registrations for its services for a fee? Would cyber criminals simply sit on the information for one year before making use of the stolen data?
In response, Equifax clarified its Terms of Service and said that enrolling in its complimentary monitoring service would not waive the right to bring legal action in response to the breach. It also claims to have made the terms governing access to the offered services clearer on its website and improved the accuracy of information provided to inquiring consumers.
Equifax has also agreed to waive the fee to set up a security freeze until November 21, 2017. (A security freeze is generally considered a more robust defense to identity theft than simple monitoring.) However, questions remain as to whether a fee will thereafter be charged to “thaw” the freeze, how Equifax will assign PINs for this purpose and who will bear the cost to initiate and thaw credit freezes with Experian and TransUnion.
You should continue to monitor Equifax’s responses. As well, we encourage you to go beyond Equifax’s offered services and protect your data to the most robust extent possible through other services and your own cyber-safety practices.