Yesterday, Equifax finally got around to announcing that, back in July, its systems were struck by a massive cyberattack that may have impacted up to 143 million people.
The hack and delayed response to it have consumers furious, but in fact, Equifax has a very long history of being in the negative spotlight. The company was founded in 1899 under the name Retail Credit Company. Pretty quickly, it ticked off consumers by collecting massive amounts of data on them–data that it turned over to banks, insurance companies, department stores, or anyone who wanted to know whether or not to extend credit to individuals. Consumers hated it, because they couldn’t access the reports and couldn’t really fix them. Retail Credit Company was sued by customers for invasion of privacy and even libel, but it didn’t change much.
In March 1970, Alan Westin, a Columbia University professor of public law, took to the pages of the New York Times to let consumers know that their Retail Credit files may include “facts, statistics, inaccuracies and rumors” about basically every aspect of a person’s life, as detailed in a 1995 Wired magazine article. That included everything from people’s jobs and schooling to details about their marital troubles and sex lives. Companies, Wired notes, used that information to deny credit to those they found “morally lacking.”
That same month, Retail Credit Company was on the brink of making its files digital, so Westin went to Congress to continue the argument he made in the Times. Congressional hearings on the matter led to the Fair Credit Reporting Act in 1970.
What’s In A Name?
In 1975, Retail Credit was so hated and distrusted that it decided to change its name to Equifax in the hopes that rebranding would shake off some of its bad reputation. It also changed the focus of its business: It no longer just sold credit reports to businesses, but to people. That shifted the burden of credit report monitoring to individuals, and if people wanted to make sure their credit report was correct, they were given one free report a year, but had to pony up for any other reports.
Just as Congress was considering even more regulation on credit bureaus, Equifax beat them to the punch. Per a 1992 Fortune article, it underwent new efforts to focus on consumer services. It also set up a public ombudsman and hired one of its fiercest critics, Alan Westin, to determine if it was adequately protecting people’s privacy.
Now the recent cyberattack is raising that question once again, particularly in light of the company’s delay in informing consumers. Equifax is also being criticized for not being forthcoming about who has been directly affected, instead setting up a website that asks consumers to surrender additional personal data.
All of this is scary because Equifax credit reports include tons of sensitive data on our financial histories, like when we report a lost or stolen credit card, our previous addresses, and probably the name of our employer, spouse, and much, much more. Equifax also manages databases for automotive, healthcare, financial, mortgages, insurance, and a whole lot more, including government databases. But now it’s clear that its databases–and the very private information held in them–aren’t quite as secure as everyone would hope.