Equifax Sells Private Information To Debt Collectors In 'Biggest Privacy Breach In Our Time': Report [UPDATE]

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.huffingtonpost.com/2013/01/30/equifax-sells-private-information_n_2584518.html

Financial information is considered by most to be very private, but
that isn’t stopping one credit reporting agency from sharing it
without your knowledge, according to a report by NBC News.

Equifax, one of the nation's largest credit reporting agencies with
one of the most expansive private databases of information, has
accumulated the salary and employment records of more than one-third
of U.S. adults, according to NBC. In turn, the agency has sold some of
this information to debt collectors and other financial service
companies. That data can make debt collectors' jobs easier by giving
them access to information individuals thought only their employers
knew.

"It's the biggest privacy breach in our time," Robert Mather of
Pre-Employ.com, an employment background company, told NBC.

How does Equifax do it? The credit agency gets the sensitive
information from U.S. businesses and feeds it into one of its
subsidiaries, The Work Number. Used by lenders and employment
screeners, The Work Number serves as a verification of employment and
income information.

According to NBC, once the information is compiled, Equifax sells some
of it to debt collectors and financial services companies without
expressly notifying the individual whose information is being
distributed.

Demitra Wilson, a spokesperson for Equifax, verified that debt
collectors can request employment data from The Work Number.

Chi Chi Wu, an attorney at the National Consumer Law Center, said that
unfortunately, as more data gets dumped into big computer systems,
Americans will see more of this type of massive data sharing. Wu added
that Equifax’s sharing of information with debt collectors and
financial service companies is currently legal under The Fair Credit
Reporting Act.

“It is somewhat disturbing when you consider that someone is taking
information about you and about your behavior and owning it and
selling it for a profit,” she said. “But that is what is allowed under
the law. If consumers are bothered by it, then they should let
Congress know.”

In July, the Consumer Financial Protection Bureau began supervising
U.S. credit reporting agencies, including Equifax, TransUnion and
Experian. The Fair Credit Reporting Act requires the agencies to keep
accurate information about consumers, yet recent reports have
questioned the veracity and legality of some of their practices.

Come September, the watchdog found that 20 percent of Americans are
likely to see a different personal credit score from the one a
potential lender would see.

UPDATE: 7:40 p.m. -- A spokesperson for Equifax responded to
HuffPost's request for comment after the story was published. This
story has been updated to include Equifax's statement.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.