Personal Finance: The mother of all data breaches

Personal Finance: The mother of all data breaches

September 20th, 2017 by Chris Hopkins in Business Diary

Related Article

Equifax says it had a security breach earlier in the year

Read more

It's bad enough to hear from Home Depot or Target that your credit card information has potentially been compromised. It's another thing entirely to learn that one of the national credit bureaus responsible for archiving your financial history has left the back door unlocked. That's what happened last week, as Equifax belatedly disclosed a massive breach putting half of the adult population of the U.S. at risk for identity theft. This is the big one, and because of the magnitude and sensitivity of the lapse in diligence, change may finally be coming.

Equifax is one of the three main credit reporting agencies (with Experian and Transunion). Those agencies amass voluminous records of individual credit transactions that are then purchased by lenders to assist in assessing the creditworthiness of potential borrowers. For years, an uneasy truce has prevailed that balanced the rights of consumers against the legitimate needs of lenders. Legislators and regulators have periodically imposed additional safeguards and consumer protections to maintain this delicate balance. Equifax has now obliterated the fragile détente and virtually guaranteed the imposition of substantial alterations in how consumer data is collected and reported.

Inspector Clouseau could hardly have flubbed the incident more ineptly. While it was discovered internally on July 29, Equifax waited five weeks until Sept. 7 to disclose the hack which may have exposed 143 million credit files, including Social Security numbers, home addresses, and over 200,000 credit card numbers.

Christopher Hopkins

Christopher Hopkins

Photo by Contributed Photo /Times Free Press.

To make matters worse, the company became aware of a security vulnerability in its software system in March, and was in possession of a patch to repair it, but had failed to make the requisite fixes.

To top it off, three executives of the firm sold $1.8 million worth of their company stock two days after the breach and before the public was informed. Equifax maintains that the executives were not aware of the data theft, but the timing clearly complicates the optics of an already inept response.

A few heads are already rolling. Equifax announced the "early retirement" of its chief information officer and its chief security officer (who interestingly has no educational background in data security but does hold a master's degree in music composition). But with the stock price down 35 percent and the continuing series of embarrassing disclosures, we should expect more casualties, likely including CEO Richard Smith as the company's missteps are subjected to heightened public scrutiny.

Expect Congress to jump into the fray as well. Already, several lawmakers including Sen. Elizabeth Warren (D-Mass.) are sponsoring legislation to provide consumers with additional remedies. And both the Republican chairman and the Democratic ranking member of the Senate Social Security Committee have called on the Social Security Administration to cancel a consulting arrangement with Equifax and bar the company from future government contracts. Alas, for Equifax shareholders, the road ahead appears long, winding and downhill.

Individuals should take quick action to protect their records from potential infiltration. Check the Equifax site to see if you may be at risk. If so, placing a credit freeze on your files at the three credit bureaus will lock down your information and prohibit anyone other than current creditors from pulling your credit report unless you unlock the files. There may be a small fee involved but the extra protection is worth it. The Federal Trade Commission has an excellent blog on the topic at

It has been a long time coming, but public outrage at the Equifax debacle is likely to be a welcome and overdue turning point in how our personal data is safeguarded and disseminated.

Christopher A. Hopkins, CFA, is a vice president and portfolio manager for Barnett & Co. in Chattanooga.

Related Article

Business Bulletin: Here are some steps to protect your credit in wake of Equifax hack

Read more
Getting Started/Comments Policy

Getting started

  1. 1. If you frequently comment on news websites then you may already have a Disqus account. If so, click the "Login" button at the top right of the comment widget and choose whether you'd rather log in with Facebook, Twitter, Google, or a Disqus account.
  2. 2. If you've forgotten your password, Disqus will email you a link that will allow you to create a new one. Easy!
  3. 3. If you're not a member yet, Disqus will go ahead and register you. It's seamless and takes about 10 seconds.
  4. 4. To register, either go through the login process or just click in the box that says "join the discussion," type your comment, and either choose a social media platform to log you in or create a Disqus account with your email address.
  5. 5. If you use Twitter, Facebook or Google to log in, you will need to stay logged into that platform in order to comment. If you create a Disqus account instead, you'll need to remember your Disqus password. Either way, you can change your display name if you'd rather not show off your real name.
  6. 6. Don't be a huge jerk or do anything illegal, and you'll be fine.

Chattanooga Times Free Press Comments Policy

The Chattanooga Times Free Press web sites include interactive areas in which users can express opinions and share ideas and information. We cannot and do not monitor all of the material submitted to the website. Additionally, we do not control, and are not responsible for, content submitted by users. By using the web sites, you may be exposed to content that you may find offensive, indecent, inaccurate, misleading, or otherwise objectionable. You agree that you must evaluate, and bear all risks associated with, the use of the Times Free Press web sites and any content on the Times Free Press web sites, including, but not limited to, whether you should rely on such content. Notwithstanding the foregoing, you acknowledge that we shall have the right (but not the obligation) to review any content that you have submitted to the Times Free Press, and to reject, delete, disable, or remove any content that we determine, in our sole discretion, (a) does not comply with the terms and conditions of this agreement; (b) might violate any law, infringe upon the rights of third parties, or subject us to liability for any reason; or (c) might adversely affect our public image, reputation or goodwill. Moreover, we reserve the right to reject, delete, disable, or remove any content at any time, for the reasons set forth above, for any other reason, or for no reason. If you believe that any content on any of the Times Free Press websites infringes upon any copyrights that you own, please contact us pursuant to the procedures outlined in the Digital Millennium Copyright Act (Title 17 U.S.C. § 512) at the following address:

Copyright Agent
The Chattanooga Times Free Press
400 East 11th Street
Chattanooga, TN 37403
Phone: 423-757-6315