Danny Katz
Executive Director, CoPIRG
Executive Director, CoPIRG
CoPIRG Foundation
A year ago, Equifax announced that hackers had breached its system and accessed the data of nearly 150 million U.S. consumers. To mark the anniversary of that notorious announcement, CoPIRG Foundation is releasing a report containing suggestions on how Congress, state officials and consumers can safeguard personal information.
“One year after announcing the worst data breach in history, Equifax has yet to pay a price or provide consumers with the information and tools they need to adequately protect themselves,” said Danny Katz, CoPIRG Foundation Director. “This breach was so bad because the information stolen – names, birth dates, and social security numbers – are the identifying information we use for credit cards, bank accounts, loans, taxes, social security benefits, and to access medical services. Until that changes, thieves will be able to use this information not just this year and next year but for the next 50 years.”
The report, Equifax Breach: 1 Year Later – How to Protect Yourself Against ID Theft & Hold Equifax Accountable, contains charts, checklists and other tips to help consumers prevent and detect the types of identity theft and fraud made possible by the Equifax breach including:
According to the Federal Trade Commission’s Consumer Sentinel Network Data Book, in 2017 Colorado ranked 13th for most identity theft reports per 100,000 population with 6,051 total reports. Within that, credit card fraud made up 35% followed by employment or tax-related fraud at 27%, bank fraud at 16%, phone or utilities fraud at 12%, and loan or lease fraud at 6%.
The report also has information about actions taken since the Equifax data breach a year ago including:
Here in Colorado, Attorney General Cynthia Coffman has signed on to at least two letters involving the Equifax data breach. The first letter focused on Equifax’s response to the data breach and called on Equifax to get rid of its arbitration clause, fees for credit freezes, and links to paid credit monitoring services that they were offering to impacted consumers.
Attorney General Coffman also signed onto a letter to congressional leaders opposed to a bad data breach notification bill that was being considered, which had weak notification provisions and preempted stronger state policies like the one passed in the 2018 Colorado General Assembly. That bill, HB18-1128, sponsored by Representatives Cole Wist and Jeff Bridges, and Senators Lois Court and Kent Lambert, requires companies to notify Colorado consumers within 30 days of determining a data breach occurred. That law went into effect last weekend.
The report also highlights the need for both penalties against and new oversight of Equifax to compensate the victims and prevent future breaches of this scale.
“Ultimately, we are not the customers of Equifax or the other credit bureaus. We are their product. We did not ask or give them permission to collect or sell our personal information,” said Katz. “At the very least, breached companies should be required to provide consumers clear information about what can be done to protect themselves against most types of identity theft.”