Credit reporting company Equifax launched a tool to help customers discover if their personal information was compromised in a massive data breach, but you should think twice before using it.
The service is supposed to let customers see if their data was stolen, but it’s causing more confusion than clarity, and may even be waiving people’s right to file a class action lawsuit. The tool first asks customers for their name and the last six digits of their social security number. That should raise some red flags considering the request is coming from a company who just lost millions of customer’s personal data.
https://twitter.com/alicegoldfuss/status/905920396674777089
Those who do punch in their information will be greeted to one of two messages. A) Equifax thinks your data is safe, or B) you’re now enrolled in TrustedID Premier.
The tool never explicitly says your data was compromised, and there isn’t a third answer that’s any clearer. Instead of being candid about the status of their data, the tool is leaving people wondering why they’re suddenly being enrolled in a program they’ve probably never heard of.
@equifax is so far declining to comment beyond release. But I'm confused why checking whether I'm impacted just enrolls me in this thing: pic.twitter.com/VpWIkcTscv
— David Muller (@DayvMuller) September 7, 2017
https://twitter.com/roadchickie/status/905906798749663232
But that’s not all. As TechCrunch points out, “agreeing” to TrustedID Premier may mean losing your right to file a class action lawsuit against Equifax. Of course, you have to dig through the terms to find that out. But here it is:
https://twitter.com/nerdsquawk/status/905951204253061120
It’s still not clear if Equifax is automatically enrolling people into TrustedID or if it’s simply giving them the option to. You’ll note that the breach tool specifically says: “Your enrollment date for TrustedID Premiere is:…,” and later asks people to visit its FAQ site to continue through the enrollment process on or after that date. We suggest you err on the side of caution. If you haven’t used the data breach help service, you should avoid doing so until Equifax explains what it all means.
If you have, try calling the company (866-447-7559) and asking them about your status with TrustedID. You’ll need to be patient. I called the number three times without much luck. The first time I got through but was immediately hung up on and the second time the line was down. I finally got a voice on the other end on my third try, but the customer service representative said she didn’t know how to help me. Even her manager didn’t have answers. I was the third person to ask the rep about opting out of TrustedID Premier.
Users in Oregon already filed a class action lawsuit against Equifax late Thursday evening alleging the company was negligent in protecting user’s data.
Equifax revealed on Sept. 7 that the personal information of 143 million Americans was compromised. It said in a statement on Thursday that hackers exploited an application vulnerability between mid-May and July this year. This gave them access to consumer’s names, social security numbers, birth dates, addresses, and driver’s licenses.
Days after it discovered the hack and weeks before it notified the public, three senior executives sold $1.8 million worth of shares in the company.
As Bloomberg points out, regulatory filings show chief financial officer John Gamble sold 6,500 shares worth $946,374 while president of U.S. information solutions and Joseph Loughran sold 4,500 shares worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 worth of stock on Aug 2. These trades were not pre-scheduled.
“The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares,” an Equifax spokesperson told Gizmodo.
The company’s stock plummeted 13 percent in after-hours trading yesterday.
We’ve reached out to Equifax regarding its data beach tool and TrustedID Premier. We will update this article if we hear back.
H/T TechCrunch