Data breaches are a growing fact of digital life. Every year, hundreds of millions of consumers—and hundreds of breaches—occur, according to a June 2017 report from the Federal Reserve Bank of Philadelphia. But the Equifax breach raises the warning bell on digital security to a new level. In the coming weeks and months, business reporters can look into one or more of these stories.
Report on consumer-first initiatives
The “peace offering” extended to victims by Equifax of free credit monitoring for a year isn’t enough, say privacy activists. The credit bureaus have “shown themselves to be terrible stewards of very sensitive data, and are long overdue for more oversight from regulators and lawmakers,” security expert Brian Krebs, a former Washington Post reporter, told the Los Angeles Times. Develop a story focusing on the specific ways that credit reporting agencies need to change. Laws should allow companies to “only collect the bare minimum of data necessary,” Beth Givens of the Privacy Rights Clearinghouse in California told Vox.com. Other guidelines can address how long a company can store data and encryption requirements. Reporters can search for an expert in their area on kroll.com.
Investigate the state of consumer protection in your state
“Congress is not known for strong consumer protection laws,” says Givens. In 2015, a proposal by President Obama requiring companies to notify consumers 30 days after a breach was voted down. The tougher challenge lies at the state level. Only eight states specify notification between 30 and 90 days. In Georgia, where Equifax is based, no timeline is specified, and in Alabama and South Dakota, no law existed at all as of September 1, 2017. What regulations are on the books in your state? Find out by calling the attorney general’s office in your state.
Look into the emotional toll of data breaches
Data breaches have a profound effect on consumers, with 14 percent of victims suffering out-of-pocket losses, according to the Federal Reserve Bank of Philadelphia. Survey readers in your circulation area who have been victims of a previous data breach. How did they recoup? What advice can they offer those who may be affected by the Equifax breach? Talk with a behavioral psychologist or call the National Center for Victims of Crime for some insight and information.
Discuss the fallout for online lenders
How will the Equifax hack affect how online lenders do business? Talk with firms such as LendingClub Corp. and Kabbage Inc. They are two of the more than 200 digital lenders in the U.S. often promising near-instant approval for personal or small-business loans online or through a mobile app. Quicken Loans Inc.’s Rocket Mortgage, which relies on a consumer’s credit report when evaluating a home loan, is another source. How will they check personal information going forward? Unlike traditional lenders, which lend to people they already know or who come into a branch for an in-person meeting, “those checks could become less effective in weeding out someone putting in a loan application with a false identity,” says the Wall Street Journal.
Resources for Reporters
• Beth Givens, executive director of Privacy Rights Clearinghouse, 619-298-3396.
• Maureen Ohlhausen, acting chair of the Federal Trade Commission. Contact the Office of Public Affairs, 202-326-2180.
• Brian Krebs of Krebs Security. Contact him at his website.
• Scott Sanborn, CEO of Lending Club, 888-376-6642.