What Equifax Was Lobbying Congress for Before the Hack Will Sicken You

11 | By Shah Gilani

What we know about Equifax being hacked is frightening.

What the public doesn’t know, however, is far more frightening. Equifax had been trying to limit its own financial exposure and culpability in the event of a hack.

Besides spending millions of dollars on lobbying, Equifax’s PAC (political action committee) has been doling out money to legislators who, in turn, write bills to protect the company from consumers suing if their data is stolen and from regulators who could investigate and fine the company in response to negligence.

In fact, the day Equifax reported it had been hacked, a House Financial Services panel was discussing a bill being pushed by Equifax to limit credit reporting companies’ liability if hacked.

Here’s what Equifax wanted Congressional protection from and what you need to do to protect yourself after this breach…

Equifax’s Dirty Secret

Equifax is one of three giant credit reporting companies. They all keep data on consumers’ borrowing and bill-paying habits.

Credit rating agencies, as they’re sometimes called, calculate credit scores for banks, lenders, insurance companies and other “creditors” who are the rating agencies’ real customers.

Consumer credit history is their bread and butter; it’s what they sell. What’s worse is that they also sell credit protection services to the same consumers whose data they’re already storing.

Credit rating companies are essentially depository institutions, like a bank. But it’s not your money they keep; it’s your personal data and credit history related to money you borrowed and how you paid it back.

They know they have liability if they are robbed. And in Equifax’s case, 143 million consumers’ names, addresses, birthdays, Social Security numbers, driver’s license numbers, and 209 thousand credit card numbers were exposed. In this context, being hacked is the same as being robbed.

Why the company waited a month to report the theft is mystifying. Then again, maybe it isn’t.

The Wall Street Journal reported: “Executives said the company waited more than a month to announce the breach in part because of the need to set up a website for affected consumers and decide on services for them, according to a person familiar with the matter.”

Or, maybe the company waited to tell the public and regulators about the breach to give their lobbyists and paid-for legislators time to ram bills through Congress to limit their responsibility after the hack.

Equifax spent $1.02 million on lobbying in 2015 and $1.1 million in 2016. Its congressional-lobbying-disclosure reports state it has spent $500,000 lobbying Congress and federal regulators in just the first half of 2017.

According to its own lobbying disclosures, the principal issues Equifax has lobbied Congress and regulators for included: limiting the legal liability of credit-reporting companies, issues around “data security and breach notification,” and “cybersecurity threat information sharing.”

Additionally, Equifax wants to change rules governing how companies “repair” consumers’ credits. The disclosures also mention that the company wants to offer credit-education and identity-protection services without being subject to the rules governing actual credit-repair companies.

Equifax also lobbied the Consumer Financial Protection Bureau and the Federal Trade Commission, two principal agencies that regulate most aspects of credit-reporting companies.

More to the point, the company’s political action committee made contributions to 13 members of the Financial Services Committee during the 2016 election cycle, according to data from the Center for Responsive Politics.

Another recent WSJ investigative piece stated: “Rep. Blaine Luetkemeyer (R., Mo.), chairman of the Financial Institutions and Consumer Credit subcommittee that directly handles matters relating to the reporting companies, received $2,000. Also receiving $2,000 was Rep. Barry Loudermilk (R., Ga.), sponsor of the bill that would place a $500,000 cap on the statutory damages consumers could win in a lawsuit against the credit-reporting companies, as well as eliminate punitive damages against them entirely.”

Rep. Loudermilk has subsequently denied the bill was “a credit bureau protection act,” saying it was intended “to protect consumers and all Americans.”

Of course, Equifax’s PAC contributions “are made in a legal, ethical and transparent manner” and in accordance with federal laws and regulations, the company says.

Sure, that’s why the company waited a month to disclose the massive breach. Sure, that’s why some of Equifax’s top executives sold stock immediately after they knew about the breach, but before notifying the public, which would have tanked the stock. Just look at what happened once they did make the breach public.

We know Equifax was aware of the breach. We know executives dumped stock. We know the company had legislators in Congress trying to pass a bill. And we know the purpose of that bill: to limit a credit company’s liability in the event of a hack. But we don’t know if the timing was purely coincidental or when Equifax disclosed the hack to regulators. Hopefully all of that will come out in the not-too-distant future.

What You Need to Do Now

In the meantime, you must protect yourself.

The first step you can take is a security freeze. It will be a pain, but so is having your data exposed. A security freeze restricts anyone from opening any account or credit facility in your name. The only drawback is that this same security freeze slows you down when you open a new account or take out a loan. But it’s worth it.

You must set up a security freeze at each of the three bureaus. Here are the websites you’ll need:

Here’s a link to the FTC’s identity theft page that will give you step-by-step instructions on how to protect the rest of your information.

You can also make sure to protect yourself and your data by using strong passwords for your accounts. The BBC reported this week that the Argentinian branch of Equifax had a database with thousands of customers’ national identity numbers that could be accessed by typing “admin” as both the login and the password. Really.

Taking your security into your own hands, even if just a little bit, could change everything for your future. Imagine what the people who will be affected by this breach will be wishing they had done before some hacker tanked their credit.

You now have the tools you need to protect yourself, so I expect you all to take advantage of it.



11 Responses to What Equifax Was Lobbying Congress for Before the Hack Will Sicken You

  1. Robert Schiff says:

    Thank you Shah for the very good info and advice. You seem to be be very sincere and concerned about your fellow Americans. I applaud you!!

  2. Felix Mosso says:

    Shah, very nice article. I’ve been reading many over the past weeks but this one gives me more info. I think Trump’s SWAMP may be deeper than we know. What a shame people can’t be ‘programed’ for
    Honesty ! We try to elect and then pay for representation only to be stabbed in the back!

    • Karl says:

      Stabbed in the back by our Representatives and Senators is right on the mark. This is only the latest such betrayal against the American citizen.

      Term Limits: that would go a long way to draining out the swamp of illicit lobbying and legislating. Need to keep pressure on Congress to pass the Constitutional Amendment limiting time in office to no more than 10-12 years; any longer, and most legislators become greatly corrupt.

  3. Phi says:

    Equifax should be required to give lifetime fraud protection for those hacked, not just one year. And fined big-time for withholding info on hack in timely manner and prison time for insider trading for those involved.

  4. Jerry Collins says:

    Equifax waited over a month to report the hack in order to give their executives time to sell their stock in Equifax; because their liability exceeded the total value of their company. Think insider trading is illegal? It is perfectly legal as long as they report their trading within 30 days.
    If they did not want to get hacked, all they had to do was not connect their computer system to the Internet. This is not perfect, since an employee could steal the info; but at least it would not be exposed to the whole wide world, including Nigeria, famous for illegal charges to your credit cards.

  5. J D says:

    The victims may not realize the seriousness of this security breach. Credit reporting agencies are trusted with our vital information and they should be held liable for any damages that occur. Fines and or jail time are appropriate for those responsible for acting so irresponsibly with people’s credit information. Owners of the affected accounts need to be notified that their credit information is now available to thieves who can use the information to silently digitally steal money directly from their personal and business accounts and that the hackers can sell their information to other thieves that can set up numerous unapproved digital accounts in the victim’s name or their business’s name to run up debt that could bankrupt them. Since the thieves can use the information for years after this breach, a minimum of free life time credit protection is needed to protect the victims.

  6. Kevin Beck says:

    If I operated a business that relied upon credit reports of my customers, the first thing I would do would be to refuse giving any customer information to Equifax. Thankfully, all my customers pay in cash or certified funds.

    The idea that a depository with my information would be trying to limit its liability for their own gross negligence is disgusting. Rules and punishments need to be strengthened, and should be based upon the amount of information each company holds. The more information held within the files, the higher the penalty (to be paid to customers, not the government) for negligent handling of the information. Sort of like insurance: More information creates a higher likelihood of a claim; therefore, the cost of doing business negligently is higher.

    And maybe the company can claw back some of the money paid out in the form of options exercises to help pay the penalties they should incur.

  7. Laszlo Erdosy says:

    Equifax really messed up and taking so long to admit it reeks badly. I guess they waited to ensure that they could unload shares before the public knew.

  8. Daniel L O'Connor says:

    The Equifax slime should spend major time in jail. Their assets should go to the
    victims of this disaster.

  9. Carolyn says:

    We have no say about our information being collected by any credit card bureau, which is not right. And it is quite a hassle to change anything that is wrong on your report, yet they can report what they want. They should be held responsible for all problems and identity theft that may occur from the breach, especially since it was not reported immediately so people could protect their personal information. Since having such personal info on everyone they should have had super extra security protection, knowing this info had an effect on everyone’s life. Social Security numbers need to be hidden. Now many people could have their identity stolen and put them in a turmoil for years, as well as financial losses.

Leave a Reply

Your email address will not be published. Required fields are marked *