If you’re one of the 140 million or so people affected by Equifax’s failure to keep its data secure, the credit bureau is offering free access to its TrustedID credit monitoring service (though we don’t recommend you enroll in it). At the same time, the company is continuing to charge everyone else for access to TrustedID, and some consumers affected by the breach are inadvertently paying for a service they can get for free. That’s why dozens of state attorneys general are asking Equifax to stop trying to sell TrustedID for the time-being.
In a letter [PDF] sent today by Connecticut Attorney General George and more than 30 other attorneys general, the states argue that Equifax is causing a “great deal of confusion and concern” by simultaneously offering the free monitoring to victims of the breach, while continuing to market its paid subscription version of TrustedID.
“Consumers who view Equifax’s homepage are offered both Equifax fee-based credit monitoring services, as well as its services offered at no cost,” explains the letter. The AGs acknowledge that Equifax did tweak its website to make the free service more prominent, but that this change hasn’t addressed all of their concerns.
The many millions of Americans who are now waiting to find out if their data was stolen and, if so, if it’s being misused, already have enough to worry about and to sort through, say the AGs, and continuing to market two versions of the same service is not helping to bring clarity to the situation.
There is also the larger concern of Equifax using its own incompetence as an excuse to market its paid monitoring service.
“Selling a fee-based product that competes with Equifax’s own free offer of credit monitoring services to victims of Equifax’s own data breach is unfair, particularly if consumers are not sure if their information was compromised,” reads the letter. “Equifax cannot reap benefits from confused consumers who are likely only visiting Equifax’s homepage because they are concerned about whether the breach affects them and their families.”
It’s unclear from the marketing descriptions on the Equifax site if the paid subscription to TrustedID provides any additional benefits beyond what breach victims are being offered through the free version. If there is a difference between the two, the AGs say that breach victims should be getting the full suite of protections made available by Equifax. If there is no difference between the two, “then we fail to understand why Equifax continues to offer its fee-based services to those affected by the breach if equivalent services are obtainable at no cost.”
The letter asks Equifax to stop marketing its paid monitoring service until after the company halts enrollment in the free version. Speaking of which, the current deadline for victims to sign up for the free service is Nov. 21, 2017. The AGs say this is too short of a window of time and should be extended to at least Jan. 31, 2018.
“Consumers are understandably angry and upset about this breach, and their feelings are entirely warranted given the extremely sensitive nature of the compromised information,” said CT Attorney General Jepsen. “This breach has also caused considerable confusion, which could lead breach victims, who are already vulnerable, to inadvertently sign up for a costly program instead of the free service. Additionally, consumers, who are at absolutely no fault in this situation, should not have to pay anyone to completely freeze their credit.”
Whether Equifax heeds the AGs’ requests remains to be seen. Earlier this week, the company responded to concerns from the public, lawmakers, attorneys general, and consumer advocates about a clause in the TrustedID terms of service that strips the customer of their right to sue the company in court. Equifax removed that clause, but only from the free version available to breach victims.