After the massive data breach at Equifax, many cybersecurity experts have advised consumers to freeze their credit.But that very measure could mean paying fees that go to none other than Equifax, said Senators Brian Schatz (D-Hawaii), in a series of tweets today.
A credit freeze is one of few measures affected Americans can take to protect against identity theft, or at least make it very hard for potential thieves, now that their personal information could be up for sale online.
For an individual person, a credit freeze fee isn't exactly prohibitive.
It can range from $2 to $12 to initiate and then lift a credit freeze, depending on which state a person lives in. But when you consider the scope of the Equifax hack — an estimated 143 million people were impacted — the back-of-the-envelope math means the firm could make a lot of money as people try to protect themselves from the fallout.
The senator isn't just speaking out online.
Schatz has teamed up with Elizabeth Warren (D-Massachusetts) and Claire McCaskill (D-Missouri) to re-introduce a bill Monday — it was called the Stop Errors in Credit Use and Reporting (SECURE) Act when it was last introduced, in 2015 — to help Americans catch and correct credit report errors.
“This is one of several important steps Congress can take in the wake of the Equifax cybersecurity breach,” Senator Schatz said in a press release about the bill. “Because these credit agencies operate in the dark, they are allowed to be terribly unfair and unaccountable. Millions of Americans have bad credit because of mistakes from credit agencies, and it can ruin lives, stopping people from getting a job or owning a home or car. While I look forward to hearing Equifax management testify under oath before Congress very soon, this bill is another way we can protect consumers.”
Schatz also published a letter to Equifax CEO Richard Smith with steps to better serve those impacted by the breach.
Fees for freezing your credit vary by state and go to each of the three credit agencies – Equifax, Experian and TransUnion. Each state has laws that waive the cost for special cases, like minors, senior citizens, victims of identity theft, and their spouses. But there are no special clauses for instances when the credit bureaus themselves are to blame for data being stolen in the first place.
The House Financial Services Committee plans to hold hearings about the data breach, which exposed 143 million customers to identity theft. Even worse, it's been alleged that three executives sold nearly $1.8 million in stocks prior to announcing the hack.
This is the third largest hack ever. The two largest were the massive 2013 and 2014 Yahoo data breaches, which weren't reported to users until 2016. Even so, this has the potential to be the most damaging for the victims because a credit bureau, by its very nature, collects all the most sensitive information about people.