After announcing that millions of people were affected by an unprecedented hack on its systems, Equifax Inc. faced a customer service nightmare as panicked masses turned to a website and a customer service line set up to answer whether their most sensitive information had leaked.
Equifax first learned of the breach in late July but announced the issue affecting as many as 143 million people on Thursday evening, Sept. 8. Some of the main ingredients for identity theft — including Social Security numbers, addresses, birth dates and driver's license data — were compromised in the hack. Some credit card information was also put at risk.
In revealing this 21st-century catastrophe, the credit reporting service set up a website so users could quickly assess if their information had been made vulnerable. Users, however, were asked to enter the kind of information they're often warned not to reveal online, in this case a combination of their last names and the last six digits of their Social Security numbers. The request was met with skepticism, as many already shaken consumers felt unsafe giving up crucial identity data to a company that just admitted being penetrated. A malfunctioning "captcha," a program used to distinguish humans from bots, added irony to insult.
If users chose last night to enter their information on the Equifax website to see if they had been affected, one of three messages appeared: one saying that the users had indeed been affected by the cyberattack, one that they hadn't been affected, or an unclear message listing a date at which the user could enroll in Equifax's "TrustedID Premier" service without further information as to whether their identities had been stolen. The third option listed a date and said: "Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process."
Not Equifax's finest hour, users complained. After receiving this message, one less-than-satisfied Twitter denizen wrote: "Great customer service: put all burden on me." Another criticized the company for offering only one year of their "TrustedID" service.
Customer service agents contacted by phone on the emergency telephone line said they couldn't provide further clarity on the matter. One agent, who identified himself as Kevin, said he worked for a third-party customer service agency hired by Equifax.
Although the telephone line was set up to help customers determine whether they had been put at risk by the breach, the operator said he had no access to such information.
"At this time, we do not have a database of impacted individuals. I am unable to tell you whether you are impacted," Kevin explained. Another customer service agent, reached via phone according to an account in Fast Company, said they weren't familiar with the hack at all.
Equifax didn't immediately respond to a request for comment made outside normal business hours.
The penetration and its aftermath was complicated by news that three senior executives, Chief Financial Officer John Gamble, President of U.S. Information Solutions Joseph Loughran, and Rodolfo Ploder, president of workforce solutions, sold stock worth almost $1.8 million in the days following the company's discovery of the hack, potentially the largest in history.
A spokeswoman for Equifax said the men "had no knowledge that an intrusion had occurred at the time." After news of the hack broke, the company's shares fell 13 percent and "Equifax" became the No. 1 trending topic on Twitter.