Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

Why Is Equifax Keeping Tabs On Me?

Credit reporting agencies don't need your permission to collect your personal information.

Posted on September 7, 2017, at 6:48 p.m. ET

Why does one company have personal and financial of 143 million people in the first place? That's the question many consumers are asking after Equifax, one of the three major credit reporting agencies, announced a major hack of personal and financial information.

The company said that "approximately 143 million U.S. consumers" may have been affected thanks to a "U.S. website application vulnerability." That includes "names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers" as well as 209,000 consumers' credit card numbers and other personally identifying information for another 182,000 people.

Leon Neal / Getty Images

Equifax, along with its rivals Experian and TransUnion, operate massive databases of personal and financial information for basically anyone in the US who is involved in the consumer credit system. When you apply for a credit card, for example, the card issuer looks up your financial information from the bureaus.

The credit reports generated by these companies include a vast cache of personal information, from which credit cards you carry (or used to carry) to how frequently you pay on time. The companies know how long you've had your accounts, and how many times you've applied for loans.

This makes the three institutions both incredibly powerful in individuals' lives and huge repositories of personal, identifiable information. Equifax said in a statement that it had "found no evidence of unauthorized access to Equifax’s core consumer or commercial credit reporting databases."

@oyebee / Twitter / Via Twitter: @oyebee

Credit reporting agencies have been a major target for hacks in the past — about 15 million T-Mobile customers had personal information stolen from Experian between 2013 and 2015. T-Mobile had given the company customer information for credit checks for prospective customers.

In 2013, hackers got their hands on financial information of several celebrities, including Michelle Obama, through Equifax.

Equifax offers other services besides credit reporting, including credit monitoring for consumers, identity theft protection, and business and government services like eligibility verification for government services, marketing services for lenders, and, ironically, internet security.

These identify protection services have been criticized by some experts for offering only the illusion of security and asking consumers to just give up more personal information. "We have no further information to contribute at this point other than what is in the news release," an Equifax spokesperson said in response to a request for comment on what Equifax services were hacked.

Philippe Wojazer / Reuters

Identity protection services "do little to block identity theft: The most you can hope for from these services is that they will notify you after crooks have opened a new line of credit in your name," cybersecurity journalist Brian Krebs wrote in 2015. "Many of these third party services also induce people to provide even more information than was leaked in the original breach."

"It is critical for business entities to take the proper measures to safeguard the PII (Personally Identifiable Information) they obtain," a recent Equifax corporate publication said. "PII can include a wide range of components such as an individual’s name, home address, telephone number, mother’s maiden name, date of birth, social security number, driver’s license number, passport number, or government-issued unique ID number."

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.