After Equifax’s negligence allowed hackers to steal the personal information of 145.5 million Americans, the company promised to give everyone free credit monitoring for a year. But House Democrats have formally requested that Equifax extend the monitoring from one year to three years. Even that, however, feels pretty damn inadequate.
“We are writing to request that you extend from one year to at least three years the credit protection and identity theft services you are providing to victims of last year’s massive data breach at Equifax, particularly since your own top IT official warned that one year of protection is inadequate,” the Democratic members of the House Committee on Oversight and Government Reform wrote in a letter dated February 20th.
The letter, made public this morning, explains that this request was made after considering what they heard during a hearing in October, when Equifax’s chief information security officer testified in front of the committee. Less than a month before the hearing, former CEO Richard Smith retired with a golden parachute of $90 million.
Why do the Dems want three years of protection? As both Democrats and the Consumers Union note, “the risks to consumers due to this breach are not limited to one year — data exposed to hackers could be used to open fraudulent accounts several years in the future.”
Which is to say that if you’re going to have your identity stolen or credit cards taken out in your name, the timeframe is really indefinite. Things like your Social Security number and birthdate are with you for life, and this breach was so incredibly massive that essentially half of America is at risk.
As the letter notes, when the Office of Personnel Management (OPM) was hacked in 2015, exposing the information of 21.5 million people, Congress passed a law giving those people free credit monitoring for 10 years.
“Given the sensitive nature of the personal information that was stolen — and the ability of criminals to store and use that information for years to come — we believe that the millions of U.S. consumers whose personal information was compromised in the Equifax data breach should receive the most robust form of credit protection and identity theft services available,” the Democratic Members wrote.
Equifax did not immediately respond to a request for comment, but we’ll update this post when we hear back. A couple more years of credit monitoring is literally the least that Equifax could do. And frankly, it’s amazing that not a single Equifax executive has gone to jail yet.
Update, 4:38pm: Equifax just sent us this statement:
We have successfully launched Lock & Alert which is a service that we are providing for free, for life, to all U.S. consumers who are 18 years or older. This service allows a consumer to lock and unlock their Equifax credit file via an app or online. We are engaged with both federal and state regulators and are having ongoing discussions about appropriate remediation for consumers.
That didn’t answer the questions we asked, nor is Lock & Alert free credit monitoring. It doesn’t even work, according to Ars Technica. But we’ll have to see how this all plays out when the company responds to the Democrats.