Start the conversation
What we know about Equifax being hacked is frightening.
What the public doesn't know, however, is far more frightening. Equifax had been trying to limit its own financial exposure and culpability in the event of a hack.
Besides spending millions of dollars on lobbying, Equifax's political action committee (PAC) has been doling out money to legislators who, in turn, write bills to protect the company from consumers suing if their data is stolen and from regulators who could investigate and fine the company in response to negligence.
In fact, the day Equifax reported it had been hacked, a House Financial Services panel was discussing a bill being pushed by Equifax to limit credit-reporting companies' liability if hacked.
Here's what Equifax wanted congressional protection from and what you need to do to protect yourself after this breach…
Equifax's Dirty Secret
Equifax Inc. (NYSE: EFX) is one of three giant credit-reporting companies. They all keep data on consumers' borrowing and bill-paying habits.
Credit-rating agencies, as they're sometimes called, calculate credit scores for banks, lenders, insurance companies, and other "creditors" who are the rating agencies' real customers.
Consumer credit history is their bread and butter; it's what they sell. What's worse is that they also sell credit protection services to the same consumers whose data they're already storing.
Just-Released: Tips and Tricks to Maximize Your Retirement at Any Age
Credit-rating companies are essentially depository institutions, like a bank. But it's not your money they keep; it's your personal data and credit history related to money you borrowed and how you paid it back.
They know they have liability if they are robbed. And in Equifax's case, 143 million consumers' names, addresses, birthdays, Social Security numbers, driver's license numbers, and 209,000 credit card numbers were exposed. In this context, being hacked is the same as being robbed.
Why the company waited a month to report the theft is mystifying. Then again, maybe it isn't.
The Wall Street Journal reported: "Executives said the company waited more than a month to announce the breach in part because of the need to set up a website for affected consumers and decide on services for them, according to a person familiar with the matter."
Or maybe the company waited to tell the public and regulators about the breach to give their lobbyists and paid-for legislators time to ram bills through Congress to limit their responsibility after the hack.
Equifax spent $1.02 million on lobbying in 2015 and $1.1 million in 2016. Its congressional lobbying disclosure reports state it has spent $500,000 lobbying Congress and federal regulators in just the first half of 2017.
According to its own lobbying disclosures, the principal issues Equifax has lobbied Congress and regulators for included: limiting the legal liability of credit-reporting companies, issues around "data security and breach notification," and "cybersecurity threat information sharing."
Additionally, Equifax wants to change rules governing how companies "repair" consumers' credit. The disclosures also mention that the company wants to offer credit education and identity protection services without being subject to the rules governing actual credit-repair companies.
Equifax also lobbied the Consumer Financial Protection Bureau and the Federal Trade Commission, two principal agencies that regulate most aspects of credit-reporting companies.
More to the point, the company's political action committee made contributions to 13 members of the Financial Services Committee during the 2016 election cycle, according to data from the Center for Responsive Politics.
Another recent WSJ investigative piece stated: "Rep. Blaine Luetkemeyer (R-MO), chairman of the Financial Institutions and Consumer Credit subcommittee that directly handles matters relating to the reporting companies, received $2,000. Also receiving $2,000 was Rep. Barry Loudermilk (R-GA), sponsor of the bill that would place a $500,000 cap on the statutory damages consumers could win in a lawsuit against the credit-reporting companies, as well as eliminate punitive damages against them entirely."
Rep. Loudermilk has subsequently denied the bill was "a credit bureau protection act," saying it was intended "to protect consumers and all Americans."
Of course, Equifax's PAC contributions "are made in a legal, ethical, and transparent manner" and in accordance with federal laws and regulations, the company says.
Sure, that's why the company waited a month to disclose the massive breach. Sure, that's why some of Equifax's top executives sold stock immediately after they knew about the breach but before notifying the public, which would have tanked the stock. Just look at what happened once they did make the breach public.
We know Equifax was aware of the breach. We know executives dumped stock. We know the company had legislators in Congress trying to pass a bill. And we know the purpose of that bill: to limit a credit company's liability in the event of a hack. But we don't know if the timing was purely coincidental or when Equifax disclosed the hack to regulators. Hopefully all of that will come out in the not-too-distant future.
What You Need to Do Now
About the Author
Shah Gilani is the Event Trading Specialist for Money Map Press. In Zenith Trading Circle Shah reveals the worst companies in the markets - right from his coveted Bankruptcy Almanac - and how readers can trade them over and over again for huge gains. He also writes our most talked-about publication, Wall Street Insights & Indictments, where he reveals how Wall Street's high-stakes game is really played.