Six months before the breach, a researcher warned Equifax that all its data was unprotected

Originally published at:

I need a tiny open-source violin.


With regards to EquiFax, I keep reading in related stories that we, as the product in their database, have never actually done business with EquiFax nor given them any form of permission to collect our data.
If so, how can EquiFax claim that we are subject to forced arbitration? If we have not interacted with them in some way, e.g. opened shrink wrap, signed a contract, or clicked an “I Agree” button, how would they have been able to enforce contractual terms?


On Monday night, the Republican-controlled Senate voted to rescind a consumer protection rule that guaranteed Americans the right to sue negligent and fraudulent financial institutions.

Well thank goodness. That must mean there isn’t any problem, after all!


You’re correct. The now-blocked consumer protection rule that was to limit forced arbitration for financial firms does not have any effect for those who have never been party to such a contract.

Even for those who have, through their credit protection service, entered that kind of a contract, there is a very good argument that the agreement is unconscionable. The CFPB rule would have lessened that hurdle, though.


I thought I had heard that this is IF you agree to the terms of the free credit monitoring they are offering to affected customers (AKA half of America, or something insane).

1 Like


No but seriously, wtf?!

1 Like

Unlikely, unless you’ve entered into some kind of contractual arrangement with them. I can’t imagine a consumer doing so, unless they clicked through on something to get a “free credit report.”

Pitchforks plz


If you’ve ever tried to get Equifax (or the other two credit-reporting biggies) to correct an error about you in their files…it’s like pulling teeth; they couldn’t give less of a flying Philadelphia fark about you or whether the info they peddle about you is accurate or not! Same thing for IT security: as long as Equifax keeps getting real businesses to pay them, they don’t care how many Russian hackers also get your personal information!

1 Like

The only thing we could do is collectively spoil their data. Then they would be worthless.

This topic was automatically closed after 5 days. New replies are no longer allowed.