If it is not yet apparent, cybersecurity is the biggest risk facing independent RIAs.
When the fraud protector becomes the weakest link, it is time to take notice.
From mid-May through July 2017, the personal information of approximately 143 million consumers was exposed during a long running data breach at Equifax (one of the nation’s three major credit reporting agencies).
The personal information that was accessed during the breach included:
In response to the breach, Equifax published a press release late on Thursday (9/7) announcing the breach and the availability of resources on the Equifax website, www.equifaxsecurity2017.com to protect individuals from identity theft. The site will verify who has been affected by this breach. If an individual’s information was exposed, they can receive a year of free credit monitoring and other identity theft protection services. Once they enter their name, the site will give them a date when they can come back to enroll. Affected individuals must remember to write down the date and come back to the site and click “Enroll” on that date. The deadline to enroll is November 21, 2017 .
Initially, by agreeing to the terms and conditions for Equifax's monitoring, individuals were waiving key consumer rights, such as agreeing to settle disputes through arbitration and waiving the right to participate in class-action lawsuits. After the waiver of rights was exposed by the news media (see the CNBC articles linked here and here ), Equifax amended its terms and conditions and issued the following FAQ: “the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com .”
The fact that Equifax attempted to bury arbitration clauses and class action waivers into the terms of use of the free credit file monitoring and identity theft protection creates concerns about whether their actions are about fixing the issue or purely an attempt to limit their liability. However, the free credit file monitoring and identity theft protection may make sense as a measure to mitigate some of the negative effects of the breach.
Related: SEC Risk Alert: Cybersecurity