ATLANTA—In the wake of a massive data breach at Equifax that may have compromised sensitive financial and personal information for as many as 143-million Americans, the company is offering credit monitoring services and–following pushback and criticism–has scrapped a provision that required consumers signing up for those services to surrender their rights to any future class action lawsuits.
The announcement of the giant breach, which could make available just the types of information needed to file bogus loan applications at credit unions, has already led to calls for the credit bureaus to be required to put in place the kinds of cyber-security required at credit unions and banks.
After announcement of the breach, in which hackers had access to multiple levels of consumer data, including, Social Security numbers, birth dates, addresses and driver's license numbers, some credit unions have been reportedly directing members to a website set up by Equifax that purports to allow consumers to find out whether their information is among that affected. Consumers can enter their last name and last six digits of their Social Security number of find out whether they are believed to be among those whose data has been compromised. But the credit monitoring services will not be available until today, Monday, at the earliest.
Consumers who went to this site created by Equifax, which allows members to “Check Potential Impact,” are pointed here. Initially, buried in a lengthy legal disclosure was language stating that the consumer is agreeing to arbitration and waiving their right to bring or participate in a class action, class arbitration, or other representative action. “Except as otherwise expressly provided in this Agreement, all claims, disputes, or controversies raised by either You or TrustedID, Inc. arising from or relating to the subject matter of this Agreement or the Products (“Claim” or “Claims”) shall be finally settled by arbitration in the county (or parish) where you live or where You and TrustedID, Inc. otherwise agree using the English language in accordance with the Arbitration Rules and Procedures of JAMS then in effect, by one commercial arbitrator with substantial experience in resolving complex commercial contract disputes, who may or may not be selected from the appropriate list of JAMS arbitrators…By consenting to submit Your Claims to arbitration, You will be forfeiting Your right to bring or participate in any class action (whether as a named plaintiff or a class member) or to share in any class action awards, including class claims where a class has not yet been certified, even if the facts and circumstances upon which the Claims are based already occurred or existed,” the site read.
By the weekend, however, Equifax issued a statement that the arbitration language had been dropped, and that consumers could immediately have access to the credit monitoring services. It also said it now has 2,000 agents handling consumers calls and inquiries.
Meanwhile, the attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the company since 2015, noted The New York Times.
“This is about as bad as it gets,” Pamela Dixon, executive director of research group World Privacy Forum, told the Times. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50%.”
According to the report, criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases, the Times reported.
In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken, the Times noted.
“On a scale of one to 10 in terms of risk to consumers, this is a 10,” Avivah Litan, a fraud analyst at Gartner, told the Times.
PSCU said it is monitoring the situation.
"The situation surrounding the Equifax data breach is fluid. PSCU's investigation is ongoing, and we will provide more information to our members-owners as it becomes available. We are continuing to monitor the situation to assess the impact on those credit unions that were affected and will adjust our fraud mitigation strategies based on our findings," said Jack Lynch, chief risk officer at PSCU.