THE EQUIFAX DATA BREACH The Facts and What to Do

equifax-data-breachTHE EQUIFAX DATA BREACH
The Facts and What to Do 
By Jeff Sipes, Owner, Blue Water Credit




If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax:

 – The breach lasted from mid-May through July.

 – The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

In response, Equifax will provide U.S. consumers  a year of free credit file monitoring and identity theft protection. You can get further information on this at  You have until November 21, 2017 to enroll.

Consumers have quickly pointed out that Equifax’s terms of service include a consumer-unfriendly piece of legalese known as an arbitration clause, which bans parties from joining class action lawsuits. If a court finds that Equifax was negligently lax with cybersecurity, people bound by the terms might be locked out of benefits, unless they file a new suit. Equifax issued a new statement last week further clarifying its stance on the arbitration clause. “To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action,” Equifax said. The company said it has now removed the arbitration language from the terms of use on its data breach notification site.

There are steps to take to help protect your information from being misused.

1.  Visit Equifax’s website to see if you were impacted. You also can access frequently asked questions at the site.

2. Check your credit reports from Equifax, Experian, and TransUnion – for free – by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.

3. Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts. If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.

4. Monitor your existing credit card and bank accounts closely for charges you don’t recognize.

5. File your taxes early – as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Was Equifax Negligent?  
While this new Equifax breach may be considered one of the worst abuses of consumer trust in history, it is not the largest data breach ever. In fact, about 500 million had their account information and data stolen when Yahoo was hacked previously. As we’ve seen, many large institutions and businesses are hacked these days, with cybercrime the fastest growing form of crime in the world. So what makes the Equifax hack so disturbing and even anger inspiring? Five things:Equifax’s security should be lock-tight. As one of the three major credit bureaus in the U.S. (along with Experian and TransUnion), Equifax is tasked with protecting the sensitive financial data for nearly every American. To allow a hack of this magnitude is inexcusable, and puts into question the validity, credibility – and even motives of the company and its leadership, as we’ll see. Basically, if Equifax (who also sells credit theft protection services!) can be so easily hacked for 147 million consumers, who exactly can we trust?Equifax makes money collecting and selling your data – and it’s not voluntary. Equifax is not in existence to perform a public service, nor or they affiliated or even closely regulated by the government. In fact, Equifax – like all of the credit bureaus – is a private entity in existence for one sole purpose: to make money for its shareholders. In fact, the credit giant makes billions in profits by collecting financial and demographic data on American citizens and then selling that information (in the form of credit reports) to banks, lenders, auto dealers, credit card firms, and marketers. But for U.S. consumers, having their data and credit history tracked and recorded by Equifax is not voluntary. Therefore, you are forced to participate and contribute to Equifax’s profitable ventures whether you want to or not, and without permission – and that now includes having your data hacked.

They knew about the hack but took weeks to go public This is where Equifax’s motives and even integrity seriously come into question. In fact, Equifax reports that knew about the massive data breach as early as July 29 (and who knows if they really found out earlier). However, they didn’t announce the hack publically and warned consumers until early September. That’s six weeks where hackers had their hands on the personal and sensitive data for 143 million consumers and Equifax customers. Due to the fact that Equifax chose not to tell people that they were hacked, the criminals got a head start of about 1/10th of a year to engage in whatever criminal activity they wished, undeterred and unmitigated. As of yet, Equifax hasn’t adequately explained the reason for delaying the disclosure that they were hacked.

Did Equifax Insiders Profit from the Hack?

It’s been revealed that in the time between the data breach was discovered by Equifax (July 29) and the hack was publicly announced (September), at least three high-level Equifax executives sold shares of stock in their own company. In fact, these three executives sold their stock only a couple of days after the breach was discovered internally, but still made $1.8 million from the sales of that stock. The questionable sellers include Equifax’s Chief Financial Officer, John Gamble, who dumped 6,500 shares for $145.60 for a profit of $946,400.

Of course, after the data breach was made public, the stock plummeted, and soon sat at $123 a share, down 13% from his sale price and still plummeting. What does the firm say about the shady stock sales? To date, Equifax sticks to the story that those executives “didn’t know” about the massive data hack – including the CFO.


No doubt there will be substantially more investigations and likely legal action as details about this insider trading continue to be revealed through investigations by civil attorneys, public authorities, regulating agencies, and Congress.


If you would like assistance in understanding your credit report, your exposure to the Equifax data breach, and any immediate actions you should take, please contact Jeff Sipes at Blue Water Credit in Roseville, CA.  You can reach Jeff at or by phone at 916-315-9190.


For over 20 years, the attorneys of BPE Law Group, P.C. have been assisting our clients the buying and selling of businesses and providing guidance and representation in the administration and growth of their businesses as well as their estate and succession planning.


If you have questions concerning business, real estate, estate planning or administration, or any other legal matter, give us a call at (916) 966-2260 to schedule a Consultation with one of our experienced attorneys. If you have an immediate question on this topic, please email Keith Dunnagan at

This article is not intended to be legal advice, lending advice, or a specific recommendation of any particular lender or company, and should not be taken as such advice.