Did the Equifax Credit Glitch Hurt You?

In early 2022, Equifax provided incorrect credit scores to lenders for nearly three weeks. While the miscalculated scores were corrected on April 6, hundreds of thousands of American consumers potentially applied for credit cards, mortgages or other loans with an artificially low credit score. An error like this by a credit reporting agency can impact your personal finances.

In an official statement posted on the Equifax website on Aug. 2, 2022, the company admitted to a coding issue in their system, which caused inaccurate scores to appear on millions of U.S. consumer credit reports. Lenders, big and small, pulled those scores.

Equifax quickly pointed out that none of the information in the consumer's credit file was affected. The error was in the credit score itself, not in the details of the report.

The primary action Equifax took since detecting the error was to get a fix in place for the coding issue on April 6 and correct consumer credit scores. In an Aug. 4 statement, the company assured consumers that scores were updated.

The company also stated that it has been providing lenders with updated scores and "continues to work with (lenders) closely to best meet the needs of consumers." The statement did not specify what the ongoing work consisted of.

In an open letter, Equifax CEO, Mark Begor, noted that the company would be "engaging a third party for independent review" of the consumer impact of the glitch.

The most significant fix Equifax has in place is a long-term, large-scale investment in transforming the technology it uses. According to Begor, the company's ​$1.5 billion​ migration promises to expand the accuracy and depth of consumer data and better serve Equifax customers.

For those seeking to attain credit or secure a loan between March 17 and April 6 of 2022, a miscalculated credit score could mean being denied completely or offered a higher interest rate than they deserved.

Equifax has access to the personal data and credit reports of over ​800 million​ Americans. On the Consumer Impact page of the Equifax website, the company boasts of helping over ​151 million​ Americans secure loans or financing in 2021. Equifax definitely has an impact on consumer finances.

For those seeking to attain credit or secure a loan between March 17 and April 6 of 2022, a miscalculated credit score could mean being denied completely or being offered a higher interest rate than they deserved.

In a second statement, Equifax noted that an internal analysis of affected credit scores proved that only about 300,000 credit scores shifted 25 points or more. The company emphasized that a "shift" may or may not have triggered a different decision by a lender.

Depending on an applicant's credit score, a shift of 25+ points could push them into a different FICO score range. Since different lenders use different combinations of credit bureau scores and vary in how they make a final decision, a consumer may or may not have been inched over the edge.

Many lending institutions, especially mortgage lenders, pull reports from all three major credit reporting agencies and aggregate or compare report data and scores. Some lenders may only pull one.

For these reasons, it is difficult to pinpoint how many loan or credit applicants were adversely affected. Equifax encourages consumers who believe they were negatively impacted to reach out to their lender. As of now, there is nothing Equifax is doing to mediate or compensate other than to send corrected scores to lenders.

But a class-action lawsuit may dig a little deeper.

On Aug. 3, 2022, a class action was filed in the Northern District of Georgia on behalf of a consumer whose monthly car payment skyrocketed after the lender received her erroneous credit score.

The consumer, Nydia Jenkins, claims she was denied a car loan in early April, for which she had been preapproved in January 2022. In Jenkins' case, the credit score was off well above 25 points; it was inaccurate by ​130 points​ and increased the monthly cost of her car loan by more than ​35 percent.​

The lawsuit seeks statutory, compensatory and punitive damages against Equifax to compensate all plaintiffs for all damages.

Morgan & Morgan, the law firm representing the plaintiffs in the case, also filed the class-action lawsuit against Equifax for the catastrophic 2017 data breach case.

While the recent credit score glitch reflected a serious mishandling of consumer data, the depth and impact of this recent issue may be overshadowed by Equifax's data breach in 2017 that affected about ​147 million​ consumers.

In the 2017 breach, a cyberattack by hackers exposed consumers' data, including names, physical addresses, Social Security numbers, driver's license numbers, birth dates, credit card numbers and other sensitive data. According to a timeline created for a study by Harvard Business Review, Equifax first learned of the breach on March 8, 2017, and shared the information internally. The hackers continued collecting data through July 29, when Equifax was able to shut them down.

The breach wasn't announced publicly until Sept. 7, nearly six months after it was suspected. Investigations and resignations began in the early fall, and a settlement was disclosed in a press conference on July 20, 2019.

The data breach cost Equifax at least ​$575 million​ in a settlement with the Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB) and all 50 U.S. states and territories. FTC chairman Joe Simons stated: "Equifax failed to take basic steps that may have prevented the breach."

As part of the settlement, Equifax was required to improve cybersecurity and assist affected consumers in protecting themselves from identity theft and consumer fraud. Provisions included compensation for losses, lots of free credit reports, identity theft protection and free credit monitoring services.

In addition, Equifax was tasked with revamping its security program, conducting annual assessments, obtaining annual certifications and obtaining third-party reviews of its security program every two years. The company must also update the FTC regarding the status of consumer claims every year.

The Equifax hack and subsequent mishandling, inaction and lack of transparency rocked American consumers' faith in the credit reporting agency. It rocked investors, too. Bloomberg reported a ​35 percent drop​ in shares shortly after the disclosure. The U.S. Securities and Exchange Commission charged two former Equifax employees with insider trading after they sold off company stock shortly before the breach was announced. Jun Ying, former chief information officer of Equifax U.S., was sentenced to federal prison.

In short, the Equifax data breach was nothing short of a consumer data nightmare.

Other credit bureaus and credit card companies have also had their share of breaches. In 2019, Capital One announced that the personal information of approximately ​100 million​ Americans, including one million Social Security numbers, was exposed in a cybersecurity incident. In 2015, a hacker breached an Experian server and accessed the personal records of ​15 million​ T-Mobile users.

Upon hearing about misreporting and cyberattacks, you may wonder if there is a way to remove your sensitive personal data from Equifax's database. Unfortunately, since the credit reporting agencies do not need your permission to collect your data, you can't revoke it from any credit bureaus.

According to the Consumer Financial Protection Bureau, when you apply for credit from a bank, car dealership, mortgage company or any other lender, you voluntarily give credit bureaus access to your information.

You can't keep your information from being accessed by a credit reporting agency, but you can take steps to protect it. Whenever a breach happens, the FTC recommends that the affected business provide credit monitoring services and free credit reports to customers.

There are tools and resources available to you when it comes to protecting your sensitive information and protecting yourself against identity theft. Some services and tools are free, and others require a paid account.

Even if your data wasn't exposed, visit the FTC's IdentityTheft.gov website to learn about essential steps you can take to protect yourself regularly. Take advantage of annual free credit reports and free credit monitoring services your credit card company provides.

Consider free services that offer fraud alerts, identity protection and credit monitoring. Experian, Credit Karma and TransUnion offer free and paid options. Some services have a free trial of their paid services, which you can cancel anytime.

When you know what's in your credit report and have monitoring set up to alert you, it is much easier to notice suspicious activity before initiating a credit freeze and doing damage control.