PROTECT YOUR DATA, CONTROL YOUR CREDIT
In 2017, Equifax — one of the nation’s “big three” credit reporting agencies — lost the financial information of 147 million Americans in a catastrophic data breach, information that could be used by identity thieves.
We never hired credit reporting agencies like Equifax to collect information on us that could be used to drain our savings accounts. So it’s only fair to expect them to be extremely careful with that data.
But, too often, they aren’t: Equifax ignored a security researcher's warnings long before the breach, stored unprotected data on public-facing servers, and, incredibly, used "admin" as an internal password and username.
And Equifax isn't the only company that’s lost massive amounts of our sensitive data recently. In 2019, hackers were able to access 100 million Capital One credit card applications and accounts. Marriott, Target and Google have suffered similar breaches.
Breaches like this will happen again. It’s clear: We need more control over our data, more tools to protect ourselves from theft, and stronger repercussions for companies that lose our information.
Credit report freezes stop identity thieves in their tracks.
With our coalition partners, we fought to establish the right of consumers to “freeze” their credit reports to protect them from identity thieves. Only after the Equifax breach did Congress finally step in and pass a national law to make credit freezes free.
Here's how it works: When you (or an identity thief posing as you) apply for a new line of credit, such as a new credit card or loan, the lender checks your credit reports. If your credit reports are frozen, the lender can’t access them, and won’t issue you (or an identity thief) a new line of credit. Consumers can lift the freeze at any time to make a legitimate transaction.
Free credit report freezes make us all safer — but it’s not fair to ask us to remember to freeze a report we never asked to be compiled in the first place. That’s why our next step is to make “frozen” the default status for credit reports.
We’re supporting legislation at the federal level that would make default credit freezes the law of the land.
Holding companies accountable makes them take better care of our data.
Despite the massive scale of the 2017 breach, Equifax only ended up paying $650 million in fines and consumer redress. That’s not enough to compensate consumers for the full scale of their losses.
That’s why we’re supporting the Data Breach Prevention and Compensation Act, which would provide more oversight at large credit reporting agencies and impose strict penalties against companies that fail to protect customer data.
If this bill had been law before the Equifax breach, for example, the credit agency would be paying out not $650 million, but $1.5 billion.