How not to treat customer security
Financial services companies assure us they will handle the confidential information they often demand from us responsibly and securely. As many Americans have learned from data breaches in the past, those are promises not always kept.
Now Equifax, the giant credit reporting agency, has made itself the poster child for how not to deal with customer security.
Equifax collects and stores information that is a turn-key kit for criminals bent on stealing money through identity theft. Names, addresses, birth dates, Social Security numbers, driver’s license numbers and other information are held by Equifax.
Last week, the company revealed a massive data breach involving as many as 143 million people.
Company officials learned of the breach on July 29, but waited more than a month to inform customers.
Three Equifax executives did act immediately, however. A few days after the data hack was discovered, they sold $1.8 million in shares of stock in the company. That protected them from losing money when Equifax stock plunged last week.
No doubt, there will be congressional hearings regarding Equifax’s actions. Whether there are laws against how the company as a whole — and those three executives — is unclear.
Obviously, however, this is a situation in which there ought to be a law, if there isn’t one already. Failing to warn customers they are at increased risk for identity theft is inexcusable.