New Report: Protecting Consumers One Year After Equifax Breach

Media Contacts
Emily Rusch

Vice President and Senior Director of State Offices, The Public Interest Network

CALPIRG Education Fund

Exactly one year ago tomorrow, Equifax announced that hackers had breached its system and accessed the data of nearly 150 million U.S. consumers. To mark the anniversary of that notorious announcement, CALPIRG Education Fund is releasing a new report containing suggestions on how Congress, state officials and consumers can safeguard personal information.

“One year after announcing the worst data breach in history weeks after it knew about it, Equifax has yet to pay a price or provide consumers with the information and tools they need to adequately protect themselves,” said Emily Rusch, executive director of CALPIRG. “This may not have been the biggest breach ever, but it’s the worst, because Equifax’s carelessness made it easier for bad guys to steal the identities of nearly 150 million consumers.” 

The report, Equifax Breach: 1 Year Later – How to Protect Yourself Against ID Theft & Hold Equifax Accountable, includes the following features:

●   A recap of the main governmental and civil actions against Equifax over the last year (which have so far failed to hold the company accountable).

●   New materials, including charts and checklists, to help consumers understand how to best protect themselves against the very real threats of identity theft for the rest of their lives.

●   A case for why we need both oversight and financial consequences to prevent future large-scale breaches.

The report contains charts, checklists and other tips to help consumers prevent and detect the types of identity theft and fraud made possible by the Equifax breach:

●      Existing Account Fraud: Check your monthly credit card and bank statements.

●      New Account Fraud (including cell phone, credit card, loan, and utilities): Get credit freezes at all three nationwide credit bureaus — Equifax, Experian, and TransUnion. A new federal law will eliminate fees for those credit freezes for consumers on September 21st, 2018.

●   Tax Refund Fraud: File your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.

●   Social Security Benefits Fraud: Sign up for your “my Social Security” (MySSA) account before thieves claim it and change your direct deposit info to their own checking accounts.

●   Health Care Services / Medical Benefits Fraud: Sign up for online accounts with your health care and insurance providers to periodically check for any fraudulent services on your statements.

●   Other Fraudulent Activity: Check your free annual consumer reports with companies that specialize in collecting information often misused by criminals.

●   Phishing Scams: Ignore unsolicited requests for personal information by email, links, phone calls, pop-up windows, or text messages.

The report also highlights the need for both penalties against and new oversight of Equifax to compensate the victims and prevent future breaches of this scale. Earlier this year, the California Department of Business Oversight and seven other states reached an agreement with Equifax to fix weaknesses in its data security operations. That’s a good start for the government oversight that big data aggregators like Equifax need. But state and federal officials have yet to fine Equifax for their egregious mistake, and few consumers have received any compensation for the time and cost of the increased threat that our personal data will fall into the hands of thieves – a threat that will stick with many of us for the rest of our lives.

The good news is that the California Consumer Privacy Act, signed into law earlier this summer, will help future consumers hold companies accountable when they are negligent with our data and we are victims of a breach. Unfortunately though, the law doesn’t apply retroactively to the Equifax breach.

“Ultimately, we are not the customers of Equifax or the other credit bureaus. We are their product. We did not ask or give them permission to collect or sell our personal information,” said Rusch. “We urge state and federal officials to levy hefty fines on Equifax to help encourage them and other companies to do a better job keeping our data secure. And we urge state and federal officials to give consumers even more control over who is able to buy, sell and store our own data, to better empower consumers to prevent fraud and identity theft.”


CALPIRG Education Fund is an independent, non-partisan group that works for consumers and the public interest. Through research, public education and outreach, we serve as counterweights to the influence of powerful special interests that threaten our health, safety, or well-being.