Following the Equifax breach, CFPB Director says the big three credit bureaus need constant oversight.
The Equifax data breach compromised sensitive financial data and personal information of over 143 million Americans. Unlike previous data breaches of retailers or private service providers, this breach can affect people regardless of how careful you are about giving out your information. No matter how careful you are and what protective actions you take, everyone has a credit file with Equifax. You simply can’t avoid it.
That idea is the driver behind CFPB Director Richard Cordray’s explanation of why the credit bureaus need embedded regulators.
“If they’re going to restore public confidence in this marketplace, and if they’re going to create the kind of reforms necessary, they’re going to have to recognize the old days of just doing what they want, being subject to lawsuits now and then, are over,” Cordray said in his interview with CNBC.
It’s not just the breach that has federal regulators at the CFPB worried. It’s the response. Equifax took six weeks after they discovered it to disclose the breach to the public. They caught even more flack when consumer watchdogs found that people waived their right to class action arbitration if they signed up for Equifax’s free credit monitoring service that was offered in the wake of breach.
Who can you trust with your personal data?
Unfortunately, the answer to that question seems to be no one. Up until this point, consumers had extensive trust in the credit bureaus. No one ever really questioned the security of bureaus maintaining credit reports that detail practically everything about our financial lives. If your records were part of the breach, your Social Security number and all account numbers would be vulnerable.
What’s more, Equifax isn’t the only shocking breach of personal data this year. A Republican voter data firm admitted earlier this year that thieves hacked over 198 million voter records. The data wasn’t finanical, but it was highly personal. Most of us would prefer that hackers not know our political leanings, voting records and even social media usage.
Even government agencies are vulnerable to hacking. The Securities and Exchange Commission revealed a breach that led to insider trading information against businesses. It didn’t affect consumers, but if one federal agency is vulnerable, it hardly gives you confidence in the others.
“These days there is no such thing as being too careful when it comes to protecting yourself against identity theft and fraud,” says Gary Herman, President of Consolidated Credit. “People need to be ultra-vigilant and take every precaution available.”
Herman admits that often identity theft measures are reactive instead of proactive. Services like credit monitoring can help you catch potential theft early, but they don’t prevent it. Tools like virtual credit cards offer advance protection, but have limited availability.
“Often the best measures are the traditional measures that credit counselors have advocated for to our clients over the years,” Herman explains. “Things like creating strong passwords, checking monthly statements for suspicious transactions and checking your credit reports annually. People need to be diligent about taking these basic steps consistently to ensure their information is secure.”
Don’t neglect the free tools at your disposal
As mentioned above, federal law says that every credit user can check their credit report once every year. You can download your reports for free every twelve months without any strings attached through annualcreditreport.com.
“Even if you haven’t been put at risk by a data breach of a retailer, government agency or credit bureau, use these reports to your advantage,” Herman encourages. “Check to make sure you recognize all the accounts in your report. Make sure you don’t have duplicate accounts.”
Herman also says it’s worth the few minutes it takes each month to check monthly statements as they arrive. Reviewing the transactions on all your accounts helps prevent fraudulent transactions on legitimate accounts.