Equifax is Collecting & Selling Consumer Social Media Data

The Equifax hack will turn out to be one of the worst data breaches in U.S. history. If you thought the OPM hack, the Target hack, or the Yahoo! hack were bad, the Equifax hack wait until you realize what type of data the company was collecting on consumers.

While the OPM hack contained biometric data points along with government personnel information on 20 million people, and the Yahoo! hack contained the emails of hundreds of millions of users, and the Target hack was mostly credit card information, the Equifax hack may become the “mother of all hacks” because of its breadth and depth.

Why? Because Equifax and other data brokers collect a massive amount of personal information on consumers which is then sold to banks, insurance companies, educational institutions, cyber criminals, governments, etc. Approximately 150 million U.S. consumers have already had their personal information compromised and it wouldn’t surprise me if that number increases dramatically.  The data brokerage industry is opaque and for years has refused to become transparent and accountable.

Trying to opt-out of data collection is like a game of whack-a-mole because our current laws do not give consumers ownership over their personal information. The Fair Credit Reporting Act which has been the main law governing consumer reporting companies for more than 40 years, it is not as robust as it should be because the data brokerage industry spends millions of dollars per year lobbying against stronger regulation and oversight.

Over the years, there has been numerous efforts to try to update FRCA, including the recently introduced, Data Broker Accountability and Transparency Act; however, every time new legislation is discussed it goes nowhere.

Data brokers are collecting not just your payment history, salary data, job history, address information, credit card debt, but also your social media account information, and Internet browsing data, it wouldn’t surprise me if one day it they also are able to include any data from Direct To Consumer DNA tests that consumers may take.

The bottom line is that the data brokerage and personal information collection industry needs to become more regulated. As a lawyer and entrepreneur, I am not a fan of greater regulation. Unfortunately, due to the lack of transparency and accountability in the data collection industry and threat that cyber criminals pose, it is imperative that greater oversight is needed.