So Your Personal Information Was Stolen From Equifax…

Data breaches are common in today’s society. Breaches have impacted some of the world’s most well-respected and famous companies.

Recently, the consumer credit agency, Equifax, was subject to one of the largest data breach in history of the world.  Approximately 143 million records may have been compromised in this brazen attack, which included names, addresses, and social security numbers.

While there is plenty to learn from the Equifax data breach, here are the top three takeaways consumers and businesses should glean from the breach:

Your Information Is Never Safe

Even companies that are intended to safeguard and monitor your credit and personal data are susceptible to data breaches. Equifax, which touts its credit monitoring service, maintains millions of records on consumers on an electronic basis.  As with all companies that store data digitally, such data is susceptible to being hacked.  This data is used in a variety of legitimate situations by Equifax and potential lenders.  For example, the data is often used to aid consumers in obtaining credit, such as credit cards, car loans, home mortgages, and even leasing apartments.

While consumers can in certain instances limit the amount of data that is collected or obtained by third parties, no consumer who is engaged in modern commerce can fully eliminate third parties collecting data about himself/herself. Consumers, in theory, can reduce some of the data collection by using cash as a form of payment instead of electronic means.

Assume Your Data Was Compromised

Consumers should assume that their sensitive information, such as names, addresses, email addresses, and social security numbers have been compromised. This is a safe assumption not only related to the Equifax breach but also scores of other data breaches, many of which may not even be known or public information.  For example, some industry experts speculate that over 85% of data breaches go unnoticed by the victim of the breach.

Consumers should utilize their access to free annual credit reports to monitor their credit history. Consumers can also consider additional paid credit monitoring services, including those offered by the three major consumer credit agencies Equifax, TransUnion, and Experian.  Consumers may also consider “locking” their credit accounts, which places restrictions on who can access your credit, and in theory, block would-be cyber criminals from utilizing your credit.  This service comes with a nominal charge which is paid to each credit bureau, although Equifax is offering their service for free in response to its data breach.

The contact information for the credit agencies is as follows for those who may be interested in learning more about “locking” their credit account:

  • 1-800-349-9960 (Equifax)
  • 1-888-397-3742 (Experian)
  • 1-888-909-6872 (Transunion)

Businesses Should Limit The Amount Of Sensitive Data They Collect

Businesses incur significant expense with data breaches. In many instances, businesses collect more information than they legitimately may need to operate their businesses.  Having excess or otherwise unnecessary data incurs costs for storing such data, as well as far greater costs associated with responding to a data breach.  If a business is subject to a breach, the breach should be reported consistently with applicable law.

In Equifax’s situation, the company appeared to wait longer to report the breach than may be allowed under some applicable laws. Equifax learned of the breach but waited to publicly report it for approximately 40 days.  Such a delay may be in part why the New York Attorney General’s Office has launched an investigation into Equifax’s breach.

Bottom Line

In today’s society, the question is not if a data breach will occur, but when it will occur and how pervasive it will be. Businesses and consumers alike should take reasonable safeguards and remain vigilant about monitoring the integrity of their data.  If you believe you are victim to a data breach or cyber fraud, you may wish to contact your local police department, technology attorney, and/or credit bureaus.

Jon L. Farnsworth is a shareholder at Felhaber Larson in Minneapolis, Minnesota.  He regularly represents clients in complex intellectual property disputes and aids clients in protecting their intellectual property rights.  He can be reached at and 612-373-8455.