Skip to main content
Iowa Attorney General
Main Content

September 15, 2017

Miller, State Attorneys General Convey “Profound Concerns” to Equifax about Data Breach Response

Consumers report failed attempts to contact Equifax call center; attorneys general express concerns over company’s terms and conditions to services offered to affected consumers, fees, and public messaging

DES MOINES – Attorney General Tom Miller today joined state attorneys general from 33 states plus the District of Columbia in raising “profound concerns” with Equifax Inc. over the credit reporting agency’s response to the massive data breach the company disclosed last week.

“Our concerns have only been heightened by Equifax’s conduct since its disclosure of the breach,” the attorneys general wrote in a letter sent today to Equifax. In addition to concerns about the breach itself, the attorneys general raised additional concerns about the company’s service terms for consumers affected by the Equifax breach, fees, confusing messages to consumers on its website, and inadequate call center resources.

Equifax publicly disclosed the breach September 7, after admitting to discovering it July 29. The stolen data includes personal information from 1.1 million Iowans and 143 million consumers nationwide. The compromised information includes names, addresses, dates of birth, Social Security numbers and, in some cases, credit card and driver’s license information.

Earlier this week Miller opened an investigation into Equifax, and has since joined a multistate investigation by a bipartisan group of state attorneys general.

Equifax Call Center Complaints
The attorneys general conveyed concerns to Equifax about its call center. “It has been generally reported that consumers are encountering long wait times or are unable to get through to your call center,” the attorneys general wrote. In Iowa, large numbers of consumers complained to the Consumer Protection Division about trying repeatedly to reach Equifax call center representatives without success.

Free Credit Monitoring Terms, Marketing & Fees
After disclosing the breach, Equifax agreed to offer free credit monitoring. Initially, the company required consumers enrolling for the free service to waive certain rights, including requiring consumers to accept mandatory arbitration and forbidding them from joining class-action lawsuits. Equifax later backed down following intense backlash from state attorneys general and consumers nationwide.

Though the company agreed to remove the objectionable service terms, the attorneys general object to Equifax "seemingly using its own data breach as an opportunity to sell services to breach victims," they wrote, and called on the company to disable its links to fee-based services.

"We believe continuing to offer consumers a fee-based service in addition to Equifax's free monitoring services will serve to only confuse consumers who are already struggling to make decisions on how to best protect themselves in the wake of this massive breach," the attorneys general wrote. "Selling a fee-based product that competes with Equifax's own free offer of credit monitoring services to victims of Equifax's own data breach is unfair, particularly if consumers are not sure if their information was compromised."

Additionally, the attorneys general urged Equifax to extend its free credit monitoring services by a minimum of 72 days, from November 21 to at least January 31.

Credit Freeze Fees
Also in the wake of widespread backlash from state attorneys general and the public, Equifax agreed to waive credit freeze fees for those who would otherwise be subject to them.

However, consumers must still pay the other two credit bureaus—Experian and TransUnion—for credit freezes through their companies. In Iowa, consumers must pay $10 to each of the other two bureaus for a credit freeze--a fee allowed by state law. The attorneys general urge Equifax to reimburse consumers who incur these fees to completely freeze their credit.

Previous Letter Seeks Information about Breach
In a letter sent to Equifax late last week, the attorneys general requested information about the circumstances that led to the breach, the reasons for the months-long delay between the breach and the company’s public disclosure, what protections the company had in place at the time of the breach and how the company intends to protect consumers affected by the breach.

Consumer Advice
Earlier this week Miller’s office issued a consumer alert, urging all Iowans to check to see if they have been affected by the breach. Consumers can find out through a special website at www.equifaxsecurity2017.com. Consumers with questions can also call an Equifax breach call center at 866-447-7559 from 6 a.m. to midnight, Central time. Miller notes, however, that many Iowans have complained about not getting through to the call center.

The consumer alert offers additional advice about credit monitoring, security freezes, initial fraud alerts, and other tips.

###

« Back

Sitemap
© 2019 State of Iowa Office of the Attorney General. All rights reserved.