Credit Denial
One thing that we've learned as we approach our 35th year in publishing is that, collectively, we really haven't learned that much at all.
Of course, the technology has improved. What we've gained in such a relatively short period is almost tantamount to some sort of fantasy. Speed, capacity, the overall scope of what technology can do... but then, a constant feeling of amazement is something we've almost all grown used to as we see the latest advancements being rolled out. It's what we've come to expect.
Sadly, we've failed to keep up when it comes to such issues as privacy, data protection, and consumer empowerment. Sure, we have all kinds of enlightened discussions about how best to protect our identities, we have our key signings, and we go through all the right motions, but how far have we actually advanced? Again, on a collective level, a very disappointing amount.
Data leaks are nothing new. Whenever there's a company and a computer network, there's a good chance that data is going to be compromised at some point. Most times, hackers take the blame for this, but the real culprit is nearly always poor security.
What we've seen more recently is a tremendous growth in the scope of some of these breaches. If thousands of data records were compromised in the past, that was considered bad. Then it became tens of thousands, hundreds of thousands, and eventually millions. Earlier in 2017, when Yahoo! finally got around to admitting the true scope of their 2013 data breach, we were hit with the staggering amount of three billion accounts. In other words, all of them. (No, we had no idea they - or anyone - had that many users. We almost get the feeling that they didn't either.)
This would serve as a prime example of what not to do if it were an isolated incident. It's not. In fact, it's way closer to the norm than the exception. We can almost expect that if there's a database somewhere with private information on us in some context that there has already been a breach of some sort. Phone companies banks, governmental agencies, dating services... there really hasn't been any company or institution that has served as a model for security. And the mistakes they've made are the ones they've been making all along: poor passwords, unencrypted data, leaving sensitive information in places where it has no business being (like on a laptop in a parked car or on a publicly accessible website).
But by far, the most egregious example of the kind of carelessness we're outlining here has been the Equifax incident. Sensitive credit data on around 150 million people in the United States was compromised last summer, exposing things like credit card numbers, Social Security Numbers, birth dates, addresses, you name it. Now, think about what this means. The entire population of the United States is around 300 million. Many of those people don't have a credit history for whatever reason. Children alone account for around 75 million of the remaining number. So it's very conceivable that everyone in the United States who has a credit card, mortgage, or who simply pays bills has had their private data accessed and copied to any number of entities anywhere in the world. The implications of this are staggering: credit can be applied for with this info, all sorts of unauthorized charges can be made in our names, identities can be stolen, existing credit can easily be destroyed. On every single last person who has a credit history in this country.
What makes all of this particularly maddening is that, unlike most other data breaches that expose our personal details, we aren't customers of the company that did this to us. Instead, we're their product.
When a company you're doing business with lets you down and betrays your trust, you can at least have the satisfaction of cutting off your ties with them. It may not fix the problem they caused, but it will at least keep them from doing more harm to you. Plus, the bad publicity may help to punish them in a manner they deserve. You might also even blame yourself a little for choosing a company that did such a poor job. But none of this applies to Equifax. You never asked to enter into a relationship with them. They certainly never asked you. And, despite all that has happened, they are still in the business of watching over and collecting your personal data.
It gets even worse. A day or two after the Equifax breach was discovered (but before it was made public two months later), four senior executives sold nearly two million dollars of their personal shares in the company. At the very least, the timing of this screams of suspicious behavior by the very people who would likely have known about the incident. But we are told that, after an investigation, it was determined that they hadn't done anything wrong. Who led this investigation? Why, Equifax, of course. Nothing to see here.
Incredibly, Equifax tried to worm its way out of this mess by requiring anyone who checked their website for the status of their personal data to waive their rights to a class action lawsuit! After widespread outrage, that attempt was rescinded. The company continued to show its incompetence and flagrant disregard for consumers by putting up confusing websites with different domain names that set off phishing detectors everywhere, instead of operating something within their own existing domain. It was as if they were literally trying to cut any connection between themselves and this crisis. And to make matters even worse - yes, that was still possible - Equifax was reported to have had its website compromised in October, resulting in malware being given out to visitors.
This is not a company that instills us with confidence in anything but their own ability to consistently get things as wrong as they could possibly be.
And yet, like so many abusive relationships, finding a way out is so much harder than it should ever have to be. The consumer is expected to do all of the work. Equifax won't send you a letter telling you that your data has been compromised. They won't freeze your credit to prevent others from accessing your information. (You can do this yourself, but then you won't be able to apply for a loan, get approved for a credit card, rent an apartment, or do anything that requires a credit check. And Equifax will also charge you for the privilege, in case you were looking for something to get even more steamed about.) They won't help you to change all of your credit card or bank account numbers or to make the necessary alterations for each and every one of your auto-pay transactions.
Instead, you will be expected to remain vigilant and look for any suspicious activity. And if you miss it, you're the one that will have to either pay up or spend months or even years fighting to get your good credit back.
Now, before you grab your torches and pitchforks and go looking for the nearest Equifax building, keep in mind that it's precisely for situations like this that we have regulatory agencies that are set up to protect consumers like us. No matter how you may feel about the government, we can all agree that they're supposed to protect us from danger and injustice, and that it would be a challenge to find a better example than this for them to tackle.
Well, we have some more bad news. Even after all of this happened, lawmakers in Congress were backing legislation that would deregulate credit agencies and limit class action damages for violations of the Fair Credit Reporting Act. It's part of an overall push to give banks and other financial entities more freedom from regulation. Yes, more freedom from regulation. This,after record breaking profits in the past year and ample evidence of how they've screwed people over in the past when left unchecked. That Congress can advocate this sort of thing with straight faces after the Equifax scandal is nothing short of astounding.
The Consumer Financial Protection Bureau (CFPB) was formed after the 2008 financial crisis, when banks were found to have been engaged in all manner of nefarious behavior. Since then, this bureau has played a key role in preventing such institutions from continuing to abuse their power - or at least continuing in as blatant a manner as they had been in the past. Yet, as we go to press, the CFPB is in the process of being gutted by the current administration. Its newly appointed director has publicly stated that he is actually opposed to CFPB even existing.
It is unfathomable that, even after such unprecedented privacy invasions, abuses, and incompetence, we're not seeing consumer protection as the number one priority. Instead, our leaders are doing everything in their power to protect and strengthen these predatory institutions, while the rest of us are left to pick up the pieces. Do we need a clearer indication of whose interests are the priority here?