By Helaine Olen
For the Los Angeles Times
After Equifax revealed earlier this month that hackers accessed the Social Security numbers, birth dates and other intimate information of 143 million people, leaving them at a serious lifelong risk of identity theft, both the company and consumer rights advocates were quick to tell Americans they needed to get to work.
First, visit the company’s often crashing web page to check if your information was compromised. Then decide whether to sign up for the one year of free credit monitoring, weighing competing claims about whether you would be giving up your legal right to sue in the process. (Equifax said no.) Next, the personal finance experts said, freeze your credit reports, not just at Equifax, but at its two major competitors, TransUnion and Experian. Freezing locks your report, allowing only you to open it up to an approved party by telling the credit bureau in question your PIN identification number. But that process costs time and money, and you might need to pay a new fee every time you open your report and secure it again.
Equifax messed up. You need to clean up the mess. That’s how it goes.
The assumption of financial risk and the work it entails is now a seemingly constant feature of our society. Once many of us received pensions to live on in retirement; now we need to invest via a 401(k) and hope for the best. We’re expected to be efficient shoppers for medical services, despite the fact that finding out the charge of a specific medical service is well nigh impossible.
So we barely even notice how odd it is that the responsibility for a monster credit bureau hack is on us. By the middle of last week, Richard Smith, the chief executive officer of Equifax, crowed in a USA Today op-ed that more than 15 million people had visited his website in an attempt to find out if their information was compromised. Sounds like a lot, no? But it also means more than 100 million people are still unaware, too busy, or too apathetic to have checked in. Where are they? Unknowing? Despairing? Who could blame them?
The trials and tribulations of those unfortunate enough to find incorrect information on a credit report are all too well known to many of us. Horror stories abound of people victimized by identity theft — or simply confused with someone possessing a similar name or Social Security number — who must then undertake the Sisyphean task of attempting to purge their credit reports of inaccuracies. The consequences of these mistakes are dire. People can lose jobs over bad credit. They aren’t offered mortgages. If they seek to borrow money, they need to pay much higher interest rates than they otherwise would. And so on.
Why does this situation persist?
Open Secrets reports that Equifax spends about $1 million annually on lobbying in Washington, D.C., supporting regulation and legislation to reduce the already paltry responsibilities the credit bureaus have to the people whose data it collects. That sort of buck pays off: The morning Equifax announced the hack, the House Financial Services Committee held a hearing on a bill that would severely cut the amount of money a consumer could receive if she successfully filed suit against a credit bureau.
Government penalties — in the rare event they happen — are a slap on the wrist, if that. A tap on the wrist might be a better description. Earlier this year, the Consumer Financial Protection Bureau ordered Equifax to pay about $6.3 million in restitution and fines to settle charges that they deceptively marketed credit-scoring products to would-be customers, deceiving them about everything from their usefulness to how much they really cost. That’s nothing. Equifax enjoyed annual total revenues of $3.1 billion in 2016.
And it’s not as though Equifax — and the other credit bureaus — are doing their utmost to protect the people whose information it collects. They could do much, much more. Here’s one idea: Aggressively push free credit freezing on consumers. There’s nothing stopping them from doing so. When I checked in with Adam Levin, the founder of CreditScout and co-founder of Credit.com, he told me what a company would need to do is get a consumer’s consent. That would almost certainly cut down on identify theft and fraud.
And here’s another: Rep. Maxine Waters, D-California, recently announced that she would introduce legislation to toughen up the standards the credit bureaus operate under. She did that in the last congressional session too. Of particular note in that bill is a provision that would shift the burden of proof in the event of a dispute over a credit report. Instead of a consumer needing to prove the information was wrong, as is the case now, the offending company would need to prove the information was correct or remove it.
In other words, make Equifax and the other credit reporting companies do the bloody work. For once.
Helaine Olen is the author of “Pound Foolish: Exposing the Dark Side of the Personal Finance Industy” and co-author of “The Index Card: Why Personal Finance Doesn’t Need to be Complicated.”