Tuesday, September 12, 2017

You Are Not An Equifax "Customer"

Equifax's Maddening Unaccountability:

Last week, Americans woke up to news of yet another mass breach of their personal data. The consumer credit reporting agency Equifax revealed that as many as 143 million Americans’ Social Security numbers, dates of birth, names and addresses may have been stolen from its files — just the kind of information that allows for identity theft and other cybercrimes.

I don’t know about you, but I’ve lost count of the number of times in recent years that I’ve been informed by a corporation of such a breach. “We regret to inform you ….” I don’t doubt that companies regret these things, but I don’t think they care that much either. To them it means just a few days of bad press and at most a fine that amounts to a minuscule portion of their profits. With penalties like that, why would companies bother to make things better?
Exactly, and you'll note the professor who writes this does not refer to us as Equifax "users" or Equifax "customers" as the mainstream media did in its coverage of this debacle. 

Why? Because we never agreed to "use" their services. I've never once signed a piece of paper agreeing to let these clowns both A. have access to all my personal data, and B. determine whether or not I get a loan. And guess what? Neither did you. 

Worse, not only is their cybersecurity lax and outdated, given all the personal information they store on our credit histories, but the information they have on you (us) is outdated as well. The last time I checked a report from Equifax it had my employer listed as roller skating rink I worked at back in the 1980's...and it's 2017.

But let's forget about the fact that these people, like insurance companies, don't actually provide anything in terms of a product or a service. The worst part of this this story is how upper management, upon discovering the breach, quietly sold stock in the company before announcing said breach to the public. 
Along with news of the breach came reports that three Equifax executives sold $2 million worth of stock shortly after the breach was discovered in July. In their defense, Equifax said that the executives were not aware of the breach — and that the amount was only “a small percentage of their Equifax shares.” It’s almost as if the company is saying: Come on, would we engage in insider trading for a mere $2 million?
Ha ha...apparently they've been hanging with upper management over at Wells Fargo.

Just FYI: insider trading is still considered to be a crime, and these three jerkoffs belong behind bars. 

And please, let's stop "fining" these companies for "mistakes" made. It's not a "mistake" when they compromise your data willingly, maintain false information on you purposely, and then profit from your history based on something you never even agreed to: it's called identity theft, embezzlement, and fraud.  

Think I'm being hyperbolic? Go and gather personal information (Social Security numbers, dates of birth, addresses, loan numbers, etc.) on some random people without their consent, maintain it on your flimsy pc at home, and then when some hacker breaches your computer and steals that information, just refer to the people whose identities you stole as "customers" or "users" of your service, and promise never to do it again. 

Sure, and I'll see you in prison (but we won't see anyone from upper management at Equifax there).

UPDATE: Why Private Credit Agencies Should Be Put Out Of Business:
That’s because we are not the customers of credit reporting companies, but the product. These private institutions hoover up our data, often without our knowledge and consent, and then sell it off to banks, landlords and even prospective employers. The companies rake in some $10 billion in revenue every year. They wield enormous power to ruin our lives — if not through a data breach, then through errors on our credit reports. One in four consumers has an error on his credit report that could affect his scores, yet it can be very difficult to correct the record.
Although they call themselves bureaus, there is nothing governmental about what these private companies do. We let them take on a role that can have outsize consequences. And the free market doesn’t work here, because none of us can refuse to be a part of this system and opt out if we don’t like how we’re being treated. There’s no legal right to ask Equifax to remove your data from its registries or to stop it from getting more in the future.
It really is astonishing. Not only do you NOT give them the right to collect this data, you can't even legally compel them to stop doing it (no matter how inaccurate it is, and no matter how much their data walls are breached and your information stolen). 

So what's the alternative? As usual, the rest of the world is way ahead of the United States.
In at least 40 other countries — including Belgium, France, Germany, Italy and Spain — credit reporting can be done by a public credit registry. It is usually operated by a central bank that already oversees the financial institutions that feed information into the reports. These reports tend to be more accurate because the operators have a legal right to demand data from banks as well as a mandate to ensure it’s correct and that errors are fixed. Data on late payments and defaults are erased once a consumer has settled up.
These private companies should be shuttered. Period. I may not have (yet) a legal way to compel them to stop collecting my personal data, but I can guarantee you there is no constitutional or legal right that allows them to do so.

UPDATE II: CEO Retires.
The chairman and chief executive of Equifax, Richard F. Smith, retired on Tuesday in the aftermath of a major data breach that exposed the personal information of as many as 143 million people, the credit reporting agency said.

Three Equifax executives, including its chief financial officer, John W. Gamble Jr., sold $1.8 million in company shares in the days after the breach was discovered, but before it was publicly disclosed. (Equifax has said the executives were unaware of the breach at the time of the stock sales.)

Two other top Equifax executives — the chief information officer and the chief security officer — stepped down on Sept. 14.
Great. Next stop, Dick? Prison.

UPDATE III: Former CEO Lambasted by Congress:
The Equifax data breach, which exposed the sensitive personal information of nearly 146 million Americans, happened because of a mistake by a single employee, the credit reporting company’s former chief executive told members of Congress on Tuesday.
Richard F. Smith, who stepped down last week, repeatedly apologized to the members of the House Energy and Commerce Committee — and the American people — for the security lapse.
But he also sought to play down the severity of the problems that had led to the breach, defended the company’s response to the crisis and deflected questions about how far Equifax would go to compensate consumers who were financially harmed.
On multiple occasions, Mr. Smith referred to an “individual” in Equifax’s technology department who had failed to heed security warnings and did not ensure the implementation of software fixes that would have prevented the breach. A company spokesman did not respond to questions about that employee’s status with the company.
Just like the geniuses at Wells Fargo, who tried to throw under the bus the employees who were simply carrying out upper management's criminal orders, this clown actually sat there with a straight face yesterday (10/3) and tried to pin the blame on one rogue employee.

Hint: you were partially correct, Dick. There was just one employee responsible for this data breach: YOU.
One by one, Democrats and Republicans took turns blasting the company. It was a rare moment of bipartisanship, Representative Anna G. Eshoo, Democrat of California, observed.
“You have brought Republicans and Democrats together in outrage and distress and frustration over what’s happened,” she said.
Well there's that, I suppose.

No comments: