Regulate or Dismantle U.S. Credit Bureaus

1. Regulate or Dismantle U.S. Credit Bureaus to secure the identities of the American People
2.  
3. United States credit reporting agencies and credit bureaus track, with or without consent, many private details of millions of American’s every day. They track expenses, credit lines, bills. They have access to records filled with many personal details such as dates of birth, names, social security numbers, previous addresses, license numbers, credit card numbers, etc. We Americans do not have a simple and direct way to expunge these personal details from these agencies’ or bureaus’ databases or file stores. And as such, we do not have direct control over the security of our own data and must rely on the security of the various agencies and bureaus to protect such data on our behalf.
4.  
5. However, it has been shown through various security breaches over the many years that these companies cannot be trusted to protect our identities or our information. We, as Americans, should not be powerless when it comes to protecting our identities just as we are not powerless to protect our own lives.
6.  
7. September 7th, 2017: Equifax announces cybersecurity incident involving consumer information
8.  
9. Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
10. At the time of writing, according to United States Census Bureau, the population of the U.S. is around 326 million people. The amount of people potentially affected by this breach is an astounding, 43% of the entire U.S. population.
11.  
12. The significance of this breach does not end there. The amount of information that potentially has been breached could be further used to attack other American citizens’ accounts with other institutions. For example, account recovery options that use various alternate methods of verifying a user can now be exploited using information such as your previous addresses or credit card information. Although those methods shouldn’t be used at all, there are most definitely institutions that do use those methods regardless such as tax preparation agencies. Another attack vector could be Change of Address requests during tax season which is another huge concern.
13.  
14. Equifax attempts to appease their users by providing them identity theft protection for a year:
15.  
16. Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers - all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information.
17.  
18. But to verify if you’ve been affected by this security breach, they require you provide them additional personal information which they’ve been shown to be incapable of protecting. They even have the gal to suggest information on how the American people can protect their personal information. To use an analogy along the same lines, this would be like a bank who’s vault has just been raided by criminals telling you how to protect your money while at the same time asking for money that they can put into their vault.
19.  
20. This goes with what I mentioned earlier, we Americans have no freedom to protect our own personal information and must rely on these third parties to protect it for us which they are demonstrably incapable of doing.
21.  
22. The worst part of all of this, none of the potentially breached information they’ve listed are simple things to change. It’s not like someone breaching your Facebook account by figuring out your password. You can change your password. This is more like someone stealing your fingerprint and using it to access your phone or computer. You can’t change your fingerprint without great pain.
23.  
24. The most absolute way to be secure is to have nothing to secure in the first place. Is it possible in the age of internet prominence, Credit Bureaus are too much of a security risk for the American people. They either need to be dismantled as they provide minimal benefit with a high cost of personal security or they need to be regulated by the U.S. government to instill significant protocols and policies to protect our information.
25.  
26. As for this happening multiple times:
27.  
28. October 1st, 2015: “Experian hack exposes 15 million people's personal information” - The Guardian
29. March 12th, 2013: “Top Credit Agencies Say Hackers Stole Celebrity Reports” - Bloomberg Technology
30.  
31. And those are just for the breaches that are reported publicly… People might not see the effects of these breaches for years to come, but be sure the information the criminals got will be floating around on the net auctions to the highest bidder. Some one needs to take responsibility for this failure to the American people and it isn’t the American people as they have no real power to control their personal information’s security with it’s solely in the hands of these credit bureaus.