PSA: no matter what, Equifax may tell you you’ve been impacted by the hack
Those hoping to find out if their Social Security number and other identifying info was stolen, along with a potential 143 million other American’s data won’t find answers from Equifax.
In what is an unconscionable move by the credit report company, the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.
I started noticing most people who’d tested out the site in my Facebook and Twitter feeds had been given the message that they may have been part of the millions whose information was affected. It stood to reason that was likely, given the scope of the leak would affect possibly one out every two people I know in the country.
However, I then decided to try it out for myself. First, I entered my real information…and received the bad news.
“Based on the information provided, we believe that your personal information may have been impacted by this incident,” the site said.
I was then encouraged on the next line to continue my enrollment in TrustedID Premier. I was not aware I was enrolling in anything simply by giving my information. I had been instructed to add my last name and the last six digits of my Social Security number only to find out if I’d been impacted.
So then I decided to test the system with a different last name and six random numbers. I used the more popular English spelling of my last name for this purpose, entering “Burr” instead of “Buhr” and entered six random numbers I don’t even remember now.
Sure enough, this made-up person had also been impacted. I tried it over and over again and got the same message. The only time I did not get the message I’d been impacted was when I entered “Elmo” as the last name and “123456” as my Social Security number.
Some of my colleagues also tried to fool the system and came up with different outcomes. Sometimes, after entering a made-up name, the site said they had been impacted. A few times it said they were not.
Others have tweeted they received different answers after entering the same information.
The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID.
What this means is not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.
It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.
Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.
This language is unacceptable and unenforceable. My staff has already contacted @Equifax to demand that they remove it. https://t.co/vT0x7f5Xhc
— Eric Schneiderman (@AGSchneiderman) September 8, 2017
New York attorney general Eric Schneiderman has hammered Equifax for using language meant to discourage arbitration and is asking Equifax for answers over the data breach. The company has stated since it would not bar consumers from joining breach-related lawsuits.
No doubt, those who sold company stock before publicly admitting the issues are going to face some legal trouble of their own as well.
I’ve since reached out to the company but so far for this story and inquiries I’ve made in the last two days, I have yet to hear back.
These actions, and many others, are disgraceful, especially for a company of this size and responsibility and I truly hope Equifax feels the heat they are under for mishandling what is the largest data breach in the history of the U.S.