Tag Archives: consumers

Equifax Data Breach – The Aftermath

Equifax recently suffered a massive data breach compromising the sensitive information of over 140 million Americans. The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers. 

As the week progressed details of the breach are raising some serious questions. How do consumers protect themselves? What happened? What is the company doing?  is Congress doing about it? Did executives know of the breach and dump stock? 

These questions demand answers. African-American consumers need to understand the incredible impact of this data breach and how to respond. First and foremost we need to focus on how we can protect ourselves from fraud and identity theft.

How do you protect yourself?

First things first. Go to EquifaxSecurity2017.com.  Click the “potential impact” tab that directs consumers to a form where you can check by entering your last name and the last six digits of their social security number. Equifax has also set up a telephone hotline at 866-447-7559.

That is the standard corporate reaction to a data breach. But here is the problem with that. People are asking why should they give the company more information when they failed to protect the data they already have? You’re stuck. This is all  Equifax can do. But you can take other steps.

First, check you credit reports. You can get a free copy of all three credit reports at AnnualCreditReport.com.  Make sure you get reports from all three agencies. Be on the look out for suspicious accounts or charges you don’t immediately recognize. Report any suspicious activity to the police, the credit reporting agencies and all your creditors. Immediately!

Second, check all your charge accounts and bank statements. Again, look for suspicious activity. Change the passwords on all your online accounts. You need to do this immediately and often. At least once a month or more. Its a good idea to check your balances daily and be on the look out for small charges like $2.00. This may indicate that someone has your data and is preparing to use it. Make this a regular practice for the rest of your life. The stolen information is out in the wild of the Internet and could be used years from now. So be vigilant. Experian offers a service that scans the dark web for your information. Make use of it. Most stolen information is sold on the dark web from one criminal to another.

You may want to consider placing a freeze your credit reports. This stops thieves from opening new credit cards or loans in your name. But, keep in mind that it also prevents you from opening new accounts. So if you want to use credit for a purchase you will need to  lift the freeze a few days beforehand.

Also, protect your children. Check their credit report if they have one. Make sure you freeze their credit file if you can. For older children make sure they understand what has happened and what to do. Identity theft is rampant on college campuses.

How did this happen?

That’s the big question. Equifax Chairman and CEO Richard Smith said hackers  “exploited a U.S. website application vulnerability to gain access.” 

But analysts are asking what application vulnerability the attackers might have exploited. The danger in the potential answer is; If Equifax, one of the nation’s biggest credit-check companies was hacked, then many other organizations are also at risk.

According to a Baird Equity Research report on Equifax  hackers exploited a flaw in the Apache Struts computing platform. This is highly technical so let me explain as best I can. The software code that operated Equifax’s network and data storage contained a flaw that hackers understood and used to gain access. This flaw may or may not have been patched or updated.  Equifax is blaming the technology company, Apache.  Apache is denying it.  No one knows and no one is talking…yet. Cue the lawyers! That’s about the best explanation we can get right now.

What is Equifax doing?

So far Equifax has been offering free credit monitoring. Again, this has become a standard, and often weak, response to a data breach.  But other actions are being criticized by consumers. First of all Equifax came under fire for asking consumers to give up their right to sue for damages as a result of the hack.

Equifax backed down and changed its conditions after being sharply criticized for trying to force consumers to sign over their rights to legal action in order to enroll. Equifax removed the language from their Terms of Use agreement on a third-party website victims use to sign up for the credit monitoring service. It also changed the FAQ in its own website to confirm that enrolling in the credit monitoring offer does not nullify any rights to take legal action.

The company has also been criticized for what some consumers are a calling a bait and switch scam. According to consumers the company offers the free credit monitoring for a short period and requires the consumer to enter credit card information so Equifax can charge them for the service after a pre-determined period of time.

Again, Equifax caved to the demand saying it will no longer require a consumer’s credit card information when they enroll in the supposedly free service. Many thought the offer was basically sleazy because Equifax could end up making money off the breach.

What is Congress doing?

Of course Congress is going to ask questions and hold hearings. There is bi-partisan outrage at the data breach and if you to want to know the truth that’s about all you’re going to get. In the past, and it continues to this day, the elected leaders of this nation have refused to pass any, ANY, substantial laws that protect consumer information or punishes companies for these repeated data breaches.  That includes the Protect Children from Identity Theft  Bill. So what is Congress doing or going to do? NOT A DAMN THING!

Did Equifax executives dump stock?

Of course they say they did not and they knew nothing of the data breach before selling the stock. But we need to look at the evidence and it is telling a different story.

First of all the data breach became known to Equifax more than a month before they informed the public. According to CNBC three executives of Equifax sold the shares days after the data breach was discovered. 

The executives were named as Chief Financial Officer, the Workforce Solutions president and the U.S. Information Solutions president. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.

According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”

Question; how can a data breach this big be withheld from top company officials? Especially the chief financial officer and the the president of information solutions? These are two key people who should have been notified immediately of the breach.  So Equifax is asking us to believe that they knew nothing. 

And why would they sell their stock? Here’s why. Since Equifax announced the breach, the company’s shares plummeted by over 20 percent erasing billions of dollars in market value. In roughly 90 minutes Equifax shares went from $142.70 to around $111.30. Some financial experts believe prices will drop to around $100 by mid-October. ‘Nuff said.

Now you know.

 

 

 

Retailers are Watching Everything You Do

ID-10022465

Courtesy Salvatore Vuono

You are being watched. From the moment you enter the store to the moment you leave. Every step you take. Ever aisle you walk down and every item you look at. They are watching you.

The Federal Trade Commission recently unveiled the scary details of this practice. Nomi Technologies had been hired by multiple retailers to place tracking sensors around their stores. According to the FTC these sensors tracked the physical movement of more than nine million customers via their smartphones in just the first nine months of 2013.

The tracking worked like this. Nomi’s technology tracked the smartphones of customers as the device are searched for Wi-Fi signals within stores or almost anywhere the owner went. Nomi stored this information making their equipment capable of tracking the movement of people throughout its clients’ retail outlets. This tracking information could also possibly be used to track people’s shopping habits between stores.  The same MAC address appearing in several different stores reveals valuable information about the person whose smartphone possesses that address.  So basically you are being watched even if you are not in the store!

The FTC is not however accusing Nomi of providing any individual’s information. But the agency did accuse Nomi of tracking consumers both inside and outside of its clients’ stores. According to the FTC Nomi allegedly;

  • Used the tracking information to inform its clients how many consumers passed by store entrances without entering.
  • How long people remained in particular stores.
  • How many people who entered a store had been in that store or other stores of the same chain within a certain period of time.
  • And various other forms of tracking data.

Is this illegal? No. Retail tracking is not illegal. Many retailers use advanced methods and technologies to track customers including bionic mannequins. But the FTC took action because Nomi may not have informed, or even mislead consumers of the tracking. According to Nomi’s privacy policy consumers were  supposed to be able to opt out of  being tracked.  The consumer could use Nomi’s website or “at any retailer using Nomi’s technology.” Nomi did provide an opt-out option on its website. But the FTC claims that at various stores using Nomi’s technology there were no disclosure notices that the technology was in use and no way for consumers to opt out.

Nomi’s settlement with the FTC was pretty favorable to the company.  Nomi is prohibited from future misrepresentations. In other words they have to do a better job of informing the consumer they can opt out of this tracking. This means that much better notices must be posted at stores, and easier onsite opt-out options will be made available.

Nomi is not the only company in the consumer tracking business. And retail tracking is only going to grow more widespread over the next few years. But other stores have decided to stop tracking customers. In 2013 Nordstroms was testing a consumer tracking technology. As soon as the public discovered it Nordstrom shut the program down.

Consumers who do not wish to be tracked can change their phone setting, use airplane mode or turn off the WiFi.   But politicians are becoming more aware of the tracking and have begun to take action. Although not a law,  Sen. Schumer (D-NY) brokered a code of conduct aimed at companies that provide tracking technology and analytical services. The agreement was  signed by eleven analytics companies such as Euclid and Path Intelligence. The agreement allows consumers to opt out of tracking at SmartStorePrivacy.org

The Maryland State Legislature is currently mulling a bill that would require retailers to post signage about tracking at every door. However the bill stops short of requiring retailers to track only consumers who opt in. The focus of the bill is to force retailers to reveal the practice. Consumers could then choose to participate or not by  turning off their smartphones or taking their business elsewhere.

Breaking It Down

Why is it your responsibility not to be followed like a common criminal? The thinking process of the consumer is completely turned upside down. Retailer’s hunger to sell you something has gotten to the point that they have to know exactly where you are in the store at all times. Oh, and they need to know where you are in other stores and when you even walk past their store. And its your responsibility to to keep this information from them? Ridiculous! Would you walk into a store that had a sign in the window saying, “We are watching you!” Probably not. That’s why Nomi did not post those signs and thus the FTC action against them however weak it was. But there needs to be a law that forces stores to post just such a sign in big obvious letters.  The consumer needs to demand that the stores take more responsibility when it comes to their privacy. Tell these stores; stop watching me like a shoplifter. If you want me as a customer let me shop in peace.  To the consumer I say; speak with your pocketbook.