Equifax Data Breach and the Continued Potential to Inadvertently Share Customer Data

Equifax Potentially Sharing Customer Data With More Third Parties

Worried you may be affected by Equifax’s massive data breach? The credit bureau has set up a site, equifaxsecurity2017.com, that allows you to check whether your personal information was exposed. But regulators are becoming concerned that the site could pose risks to consumers. As a result, you may want to think twice about using it. Here’s why.

https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-know-before-you-check-equifaxs-data-breach-website/

What is most troubling is that Equifax’s data breach site demands the last name and the final six digits from the potential identity theft victim’s Social Security number.

Equifax exposing more than 100 million Americans to the potential for identity theft is bad enough, but demanding more personal information and then potentially sharing that personal information with third parties without an apparent disclosure of their practice in their privacy policy is baffling.

At a time when Equifax would want to demonstrate competence and trust, Equifax charges ahead perhaps confusing matters even more.

The Equifax web page that requests personal information also includes software from the Google Recaptcha service. This puts Equifax into the position of potentially sharing with an undisclosed third party whatever information that is entered into the form (i.e. a part of user’s legal name and SSN).

  1. The Recaptcha service is an inconvenience to users. Having to select street signs or to pick vehicles from a series of pictures is an annoyance for users of a website.
  2. Requiring customers to jump through these hoops upon signup and/or upon every login attempt is absolutely ridiculous and counter-productive.
  3. Equifax may not realize this, but by adding this Google/Recaptcha app to their website, Equifax may be actually selling out their visitors by sharing their information with Google.
  4. If this is true, then this would be a clear violation of the Equifax published privacy policy – http://www.equifax.com/privacy/ (notice that the equifaxsecurity2017.com website has no specific privacy policy of its own and interested parties must wade through seven poorly worded and onerous privacy policies; only to find that this potential for information sharing with third parties is not addressed)

If Equifax truly wants to move forward from the privacy and data breach issues, then Equifax is going to have to rethink their strategy.

UPDATE: Just noted that the Consumer Financial Protection Bureau (CFPB) and the New York Attorney General’s office have commented on this Equifax fiasco. Equifax may be trying to protect themselves legally by requiring those who use the equifaxsecurity2017.com to accept arbitration and to further restrict their legal rights by “bar[ring] those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident”.

  • Facebook
  • TwitThis
  • StumbleUpon
  • Digg
  • del.icio.us

, , , , , , , , , , ,

One Response to “Equifax Data Breach and the Continued Potential to Inadvertently Share Customer Data”

  1. search engine optimization on September 10th, 2017 at 12:58 am

    “Those hoping to find out if their Social Security number and other identifying info was stolen, along with a potential 143 million other American’s data won’t find answers from Equifax.”

    “In what is an unconscionable move by the credit report company, the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.”

    “It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.”

    “Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.”

    “These actions, and many others, are disgraceful, especially for a company of this size and responsibility and I truly hope Equifax feels the heat they are under for mishandling what is the largest data breach in the history of the U.S.”

    https://finance.yahoo.com/news/psa-no-matter-equifax-may-010153057.html