Equifax faces federal legal repercussions, case of corporate carelessness leads to hack


Cartoon by Christopher Perez/The Guilfordian

On Sept. 7, Equifax, one of the three major credit reporting bureaus, reported a data breach of their customer information. Hackers reportedly responsible for the breach have access to information such as names, social security numbers, credit card numbers, birth dates, phone numbers and addresses of around 143 million people, or 44 percent of the U.S. population. Equifax may have data on the customers of any business that use its services, so people who are not direct customers may also be impacted.

This is the largest sensitive data breach a U.S. company has experienced. People with access to this information may be able to apply for fraudulent loans and open bank and credit card accounts.

Equifax has offered a free identity theft protection service to those affected. However, a phrase in the company’s terms and conditions may indicate that by joining the service, customers lose their right to file a class action lawsuit against the company.

“I am not going to check if I was hacked,” said student Brendan Ferrell. “I know I’m not hacked.”

Adding to suspicions, three senior executives sold almost 2 million dollars in company stocks days before the hack was announced to the public.

Equifax is facing legal, political and financial repercussions. As of Sept. 16, their stock price has plummeted by 13 percent, over 30 class action lawsuits have been filed and the Federal Trade Commission is investigating the breach.

“By law, you are not required to do business with the three major credit reporting agencies,” said early college instructor Rebecca Johnson-Kaiserman. “Equifax did not invest the proper amount in security, so this will be an example to the other two credit reporting agencies.”

Some politicians are gearing to fight for remedial legislation. On Sept. 15, Democratic senator Elizabeth Warren introduced the Freedom from Equifax Exploitation Act and the Equal Employment For All Act. The Freedom from Equifax Exploitation Act would require Equifax and its competitors to allow customers to freeze their credit free of charge. The Equal Employment For All Act would prevent employers for asking for a worker’s credit history.

“Companies like Equifax make billions selling access to your data without your consent, then charge you if you want to stop them,” said Warren on Twitter. “It’s nuts.”

The hack may have been prevented, as Equifax used an open source software called Apache Struts to build their website. The hack occurred through a vulnerability in the software which was known since March. A repair was apparently available, but Equifax did not utilize it and continued to do business normally.

The hack has brought a larger national issue to light. There is little national oversight over what companies do with user data. Regulations vary state by state. Equifax is based in Georgia, where there is no legal obligation to warn consumers about security breaches. They had discovered and halted the hack on July 29, but the company announced it to the public over a month later on Sept. 7. Company officials have declined to explain the extended delay.

Equifax is the agency millions of people trusted to guard against identity theft. Although they may potentially stop predatory practices by credit bureaus and employers, neither of Senator Warren’s bills would require companies to better secure consumer information. Many activists are advocating for the creation of a kind of internet bill of rights to ensure protections for online data.

“The company itself has the free rights to use this information, but as long as it does not harm or infringe on only violation on the parties,” said Justice and Policy Studies professor Ziwei Qi. “So I believe that the information withheld by the Equifax,that is related to the private information of millions of people, that is not just a private matter, so they should be held responsible for their behavior. Government should post certain regulations in order to control the practices of companies like Equifax, but only to a certain extent.”

Some Guilford students are fearful that an internet bill of rights would limit internet freedom.

“There should not be an internet bill of rights. Regulating the internet is an area politicians are not good at, and creating an internet bill of rights could lead us to have to comply to many difficult regulations,” said Early College junior Braxton Bensel. “In Europe, Google is constantly censored. An online bill of rights would actually lead to censorship and a loss of net neutrality.”

Although people disagree on what action should be taken, the Equifax hack could serve as a warning to companies.

“I think this issue really touches base on what is the legitimacy of the society and what law should cover,” said Qi. “When looking at any problem in our society, we need to think what is the purpose of the law, and what is the foundation of our society. And that is really related to whether government should implement a law or leave the market to operate on its own.”