The Equifax hack was not difficult to pull off
Posted by: Howard Dvorkin, CPA
Date of post: September 18, 2017

American businesses and citizens haven't taken identity theft seriously. They might from now on.

Identity theft and child-rearing have something in common.

As a father, I never got mad at my young children when they did something wrong or even dangerous — as long as they didn’t know better. However, once they understood what was moral and safe, I held them accountable for their decisions.

In a weird way, that describes how America has responded to the skyrocketing crime of identity theft. Like a child who puts his hand on a hot stove, we’ve learned what it’s like to be burned by this crime. As reported this summer, 44 percent of Americans fear financial fraud — which is more than those who fear a terrorist attack.

At the same time, we’re not doing much about it. With more than 12 million identity theft victims per year, more than half us refuse to do even simple things like change passwords or shred any personal documents before throwing them away.

We’re like children who keep putting our hands on that hot stove. Maybe now is when we start to grow up.

The silver linings to the Equifax disaster?

Last week, one of the Big Three credit bureaus was hacked. Equifax’s breach of 143 million Americans’ records wasn’t the largest. That distinction is still held by Yahoo, which had 1 billion records exposed in 2013.

Yet this particular breach has resonated with the public in ways that other huge cases haven’t. One big reason is the simple irony, which I noted last weekend:

Equifax advertises on its homepage, “Take control with a one-stop credit monitoring and ID theft protection solution from Equifax.” That’s right, Equifax want you to pay $19.95 a month for its Complete Premier Plan that will “Help monitor your credit and Social Security Number.”

In addition, Americans could reassure themselves that they didn’t even log into Yahoo, or shop much at Target, or bank at JP Morgan Chase. All these breaches involved millions of records, but it was still possible to believe your own denial.

No such luck with the Equifax breach. That’s because you can’t choose to be involved with Equifax. You already are, and the information it collects is much more detailed than anything you reveal to any other single business. After all, Equifax tracks every debt you have. That’s its job.

So how can this be a good thing? Because it’s such a bad thing, the country might be jarred into action.

What’s happening now

Already, the Federal Trade Commission has launched a probe, and U.S. Senator Chuck Schumer has called this “one of the most egregious examples of corporate malfeasance since Enron.”

In an era of hyper-partisanship, both Fox News and MSNC have attacked Equifax for preaching online security for others but not taking precautions itself.

Of course, any time one fraud is perpetrated, scammers see an opportunity for more. The FTC is warning people, “Equifax isn’t calling.” In other words, scammers are calling people who might have heard about the Equifax breach and are pretending to be from Equifax — and they’ll ask you to verify your personal information, which they’ll now have and can use for nefarious purposes.

This is also a time-honored scam, but hopefully the high-profile nature of the Equifax breach will make Americans wise to this, too.

Yes, I realize I’m being optimistic here, yet at some point, Americans will suffer so badly, they’ll be forced to act. I just hope this is as painful as the lesson has to get, and we’ll stop putting our hands on that hot stove.