Get the facts on Equifax and other credit reporting agencies

The enormous Equifax data breach compromises the personal information of as many as 143 million Americans, more than half of the nation’s adult population. It’s no different from the credit reporting agency essentially handing over your Social Security number, address, birth date and credit card numbers to hackers.

The potential risks and repercussions are enormous — to your credit, your economic security and potentially even your medical, employment and driving records. It is a nationwide financial disaster, one that should spur Congress and President Donald Trump to act.

Equifax is one of the country’s three major credit reporting bureaus. It aggregates personal financial data and translates it into a credit score — a product it sells to banks, lenders, marketers and data-analytic firms. You can’t get a loan, mortgage or credit card, or often even rent an apartment, without participating in this system. You have little control of the information or process. And the big three sell consumers monitoring services and other ways to supposedly protect themselves.

Equifax’s data was compromised before and it clearly didn’t learn from its mistakes.

The company’s response to the situation, which happened in July but wasn’t made public until last week, has been nothing short of abysmal. Three Equifax executives sold nearly $2 million worth of company stock before the data breach was announced and the shares’ value tumbled. Equifax claims they didn’t know hackers had accessed the company’s electronic records.

When Equifax did go public, it gave those affected an impossible choice: Sign up for credit monitoring and other help, but give away your right to sue. After a public outcry, Equifax backed off. This happened while Equifax lobbies to repeal federal rules that bar financial companies from forcing aggrieved customers into arbitration for the company’s mistakes, making them unable to join powerful class action lawsuits. The House of Representatives voted to repeal those rules. The Equifax debacle must remind the Senate why the rules should stay.

More important, the Equifax breach sheds light on an industry that’s been in the shadows for too long. Equifax and its fellow credit monitoring giants, TransUnion and Experian, have long been the black hole of financial services, usually escaping the regulatory spotlight.

All three are overseen by the Consumer Financial Protection Bureau for customer-related mistakes; but the Federal Trade Commission has oversight over data breaches like this. Neither has the teeth nor power to force real reforms or exact meaningful penalties.

It’s up to Congress and federal regulators to investigate the entire Equifax mess, but also to scrutinize the broader industry, to question its power and reach, and to start putting consumers first.

Overcoming identity theft is a miserable and lengthy experience. But even when credit companies’ vulnerabilities are responsible for a breach, somehow it is the consumer who has to figure out how to fix it.

We are in a time when regulation is a bad word, when government is considered an impediment. The Equifax debacle reminds us that sometimes, there’s a very good reason for stronger rules. Sometimes, the monitor needs the most monitoring.