File this one away under ‘utterly repulsive’. As you probably heard, yesterday the US-based credit reporting agency Equifax announced a massive cyberattack that affects as many as 143 million consumers.
Names. Birth dates. Addresses. Social Security Numbers. Even some credit card numbers were stolen.
Literally over one third of the entire US population is at risk of identity theft now thanks to Equifax’s bungling.
Bear in mind this is the THIRD TIME in 16 months that Equifax has been hacked– there was another breach earlier this year, and another in May 2016.
Even worse– this wasn’t an overnight attack. Hackers spent MONTHS probing the Equifax network, burrowing deeper into the system and gaining access to more and more data with each attempt.
Yet Equifax’s defenses failed to detect anything.
Finally on July 29, a whopping TEN WEEKS after the attacks started, Equifax realized that something was wrong.
Senior executive responded to the data breach by… selling their stock.
Yes, in the days following their discovery of the hack, three of the company’s executives sold nearly $2 million worth of stock.
Bear in mind, these “insider sales” have to be reported to the Securities and Exchange Commission, so there is a public record every time a company executive sells stock.
These executives would have known this, and that the public would find out they sold their stock right after the data breach was discovered.
This suggests to me that these guys are either complete idiots… or they simply don’t care… both of which seem par for the course at Equifax.
Moreover, given that the company is responsible for making the SEC filings, it’s obvious that Equifax knew about these executives selling their stock. Clearly they don’t care either.
In another weak, spineless, immoral decision, Equifax waited six weeks between discovering the hack and informing the public.
I find this appalling.
Equifax has access to our most sensitive data. And by the way, they collect this data WITHOUT OUR CONSENT.
No credit reporting agency ever asked me if I’m OK with them storing every bit of information about me, including information that can easily be used to engage in potentially life-wrecking fraud.
And when this information was stolen, they sat on the news for weeks.
In what is perhaps the most insipid, pathetic apology in recent memory, Equifax CEO Richard Smith released the following zinger in prepared remarks:
“I apologize to consumers and our business customers for the concern and frustration this causes.”
This is the sort of insensitive, out-of-touch PR bullshit that makes people despise the system. How about a shred of raw honesty instead?
“Due to our utter incompetence and failure to learn from recent mistakes, we totally screwed 143 million people who never even consented to us monitoring them. And rather than even let them know right away, we quietly took care of ourselves first. We have that little respect for the public.”
The worst part about all of this is that you can’t opt out.
If you’re tired of Google tracking your every click across the Internet, for example, you can simply stop using their services (and start using competitors which don’t track you– like DuckDuckGo.com)
Or if you get tired of being screwed by the banks, you can choose to hold cash, buy pre-paid cards, or open an account overseas at a conservative, well-capitalized foreign bank.
Point is you can typically opt out of the system.
Except with the credit reporting system. If you get screwed by Equifax, you have almost no recourse.
There are three major credit reporting agencies– TransUnion and Experian being the other two– and they have a stranglehold over all consumer data.
Banks and credit card companies (among others) make heavy use of this data to decide whether or not to loan you money.
And this does make sense: it’s a lot easier to make a loan decision if you can review a potential borrower’s credit history.
But that’s all theory.
In practice, in addition to their utter incompetence when it comes to safeguarding data, the credit reporting agencies also have a LONG history of inaccuracy.
The US government’s Federal Trade Commission issued a report in 2013, in fact, showing that one in five Americans discovered a material error in his/her credit report.
That’s a pretty big failure rate for an industry that’s supposedly been in the business of maintaining accurate information SINCE 1899!
And that’s precisely the problem– the need for an accurate credit history is obvious. But the entire method behind gathering, storing, [not] verifying accuracy, etc. is totally antiquated.
It’s a slow, cumbersome, bureaucratic system that boasts business practices from the mid-20th century at best.
Think about it: it’s 2017. How absurd is it that consumers are still identified by the Social Security Numbers and birth dates?
With all of the digital technology we have at our disposal, is this the best that the credit reporting industry can come up with? Relying on a 9-digit number that was created in the 1930s? Seriously?
The complete lack of innovation in this industry ranks almost as highly as its incompetence and immorality.
It also means that credit reporting is RIPE for DISRUPTION.
The basic model in credit reporting is to properly identify consumers, collect information about their loan history, and make that history available to lenders.
All the tools required to do this in the digital world already exist.
For example, consumer loan payments could be published directly to the Blockchain, which would ensure objective reporting and 100% accuracy of your credit history.
Consumers could even have a choice whether or not to participate in this system.
There are so many tools available to fix these problems, none of which are being used by the Big Three reporting agencies.
That’s why they probably won’t be around in ten years.
And when you see how financial technology can be applied to other industries like Credit Reporting, it’s easy to understand just how big Blockchain and cryptocurrencies can become.