The biggest lesson consumers learned this year is that your data is probably not safe. 2017 was the year of the hack.
Throughout the year, company after company disclosed data breach after data breach. Some had email addresses and phone numbers — get ready for more spam robocalls — and others had the really bad stuff like Social Security numbers.
But there is only one winner of the not-at-all coveted Yahoo Finance “company that screwed you the most this year” award: Equifax (EFX).
First off, the amount of people potentially involved was staggering. After a second disclosure of a few more million, the final number stood at up to 145.5 million people. This is three out of every five adults in the U.S.
Making matters worse, the information involved was extremely sensitive. This wasn’t only phone numbers or emails that were stolen, but Social Security numbers. You can’t change 145.5 million Social Security numbers, which means that the use of SSNs as a security measure should be completely cast away — not that it should have ever been anything other than a tool for the Social Security program.
There are so many more compounding factors
Equifax is a credit bureau, the guardian and gatekeeper of intensely personal financial data. Not only is there potential injury — consumers will have to be looking over their shoulders forever, constantly checking their credit reports for fake charges and accounts — but insult.
Like Wells Fargo and its 2 million accounts they made without customer permission, Equifax has squandered trust, a pillar of its existence, by allowing itself to have incredibly shoddy security that should have been addressed.
But unlike Wells Fargo, you didn’t choose to be a customer. By participating in the financial system, you – by default – opt in. This is how it works, they have your data, they sell it, and they make money. They do not work for you.
The response? Even more insult.
A hack this bad would be enough to top the other hacking scandals of 2017. (Here is a great and exhaustive list.) But the company’s response made it even worse from a consumer point of view.
Immediately following the public disclosure, Equifax sent consumers to a sketchy-looking website, “Equifaxsecurity2017.com,” that asked consumers to put in their SSN to check if they were hacked. It didn’t work for many consumers.
The company also offered free-for-now credit monitoring but required consumers to consent to forced-arbitration, voiding their rights to sue. Though the company maintained that this forced-arbitration was not connected to this monitoring product, Equifax’s acting CEO later told Congress that the company still may block consumers’ rights to sue.
Anyway, consumer advocates say may be much, much worse.