This morning we woke to the news that Equifax, one of the nation’s largest credit bureaus, had been hacked, exposing the personal and financial information of 143 million individuals.
According to the Federal Trade Commission, during the breach, which lasted from mid-May through July, hackers “accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.”
As an agency that works almost exclusively with community banks and credit unions, I am reasonably sure that every client is trying to answer one question. . . “what do we tell customers and members?”
Before you post anything, I have one piece of advice – don’t. Or if you do, don’t do more than direct customers to an unaffiliated resource such as the Federal Trade Commission.
As tempting as it may be to do more, it has been less than 24 hours since the breach was revealed, and we just don’t know enough.
Even as I write this, there is a controversy brewing because consumers signing up for free credit monitoring provided by Equifax are being forced to waive their right to participate in a future class action lawsuit.
Add to that the revelation that Equifax executives sold stock before the hack was revealed, and what you have can only be defined as a “hot mess.” By commenting too early you risk putting out information that is not just inaccurate, but could do actual harm to your customers.
It’s an important lesson that sometimes, even in the age of instantaneous communication, it’s better to say nothing at all.