Right or wrong, Equifax was portrayed as the bad guy after its September 2017 announcement that it had been the victim of an unprecedented hack, in which thieves stole the personal data of 145.5 million consumers.
The Atlanta-based credit-reporting agency received plenty of blame, even more than the hackers who committed the theft. New York Times tech columnist Farhad Manjoo wondered why the 119-year-old company should be allowed to stay in business.
The hard lesson for companies of all sizes is: Don’t let anyone put that black hat on your head.
That warning was the basis of a recent webinar for employee benefits brokers sponsored by CyberScout, titled “Identity Theft: Don’t Become the Bad Guy.”
Equifax is “not a bad company,” said Tinker Kelly, president of Voluntary Employee Benefit Advisors (VEBA). “They’re a victim, in my opinion, and it’s unfortunate, but that’s the way it is. But it’s true, whether it’s Equifax or Anthem or whatever the big breaches have been over the years. They all become the bad guys.”
To avoid this stigma, benefits advisers and brokers who offer identity theft protection to their companies’ employees as a voluntary benefit—or those who are thinking about adding it to company portfolios—should choose a vendor that understands the complex nature of data breaches.
Identity protection services have evolved from emphasizing resolution of a client’s troubles following a breach to helping them detect a breach in progress, to contain the damage. When crisis strikes, clients and their employees want undivided attention, not merely to be left to their own devices to sort out the financial nightmare that often accompanies a stolen identity.
The demand for such protection is getting louder as breaches keep coming, at some of the nation’s biggest and most respected companies. Yet as bad as the attacks on Target (in 2013, with 40 million accounts affected), Home Depot (2014, 56 million) and Anthem (2015, 37.5 million) were, “those were all tremors,” Kelly said. “The Equifax breach really is the earthquake.”
Hackers stole the personally identifiable information (PII), including birth dates, Social Security numbers (SSNs) and driver’s license numbers, from 145.5 million people. That’s about 80 percent of working Americans who have credit histories. And the damage may have only just begun. So far, Kelly says, it appears that those SSNs have only been sold in limited batches. It’s only a matter of time before the rest are sold.
There’s a wide array of identity theft protection services available to benefits managers, at various price points. Companies should perform their due diligence to find the plan that’s best for them and their employees.