Everyone Should Have Unlimited, Free Access to Their Credit Reports

A few years ago at lunch, a former student who at the time ran computer security for Wells Fargo Bank said to me, "Jeffrey, there are two kinds of banks. The ones who have been hacked, and the ones that don't know they've been hacked." What is true for banks is even more true for individuals. Given the recent Equifax debacle in which not only were 143 million people's records exposed, but company executives sold stock between the time the breach was uncovered and the news was made public. we should assume that everyone has had their identity compromised, either by this incident or some other, and is subject to identity theft. After all, this is not even the first problem at Equifax. The latest episode is "the third major breach of sensitive consumer information...in the past year." Nor is Equifax the only institution that has had trouble keeping customer information secure. Hackers penetrated JP Morgan Chase for information on 76 million households and 7 million smaller businesses, and the list of organizations successfully hacked for personal information includes various retailers and even the Federal government.

Given the pervasiveness of data breaches and their seriousness in an era in which so many financial transactions are conducted online and credit reports are ubiquitous, the remedies available to consumers seem ridiculously inadequate. As Ron Lieber noted, Equifax's proposed help to consumers is both too short in time (one year) and too limited in scope. Farhad Manjoo complained that Equifax had failed at its primary task, but nonetheless the company faced minimal sanctions and financial loss because keepers of financial information are virtually completely unregulated.

At the moment, consumers can access their credit reports for free one time a year at each of the three major credit agencies. That means that potentially people can get a look at what is going on with their credit every four months. That's not enough given what is going on.

The idea that people should be charged for accessing their credit reports as much and whenever they want is ridiculous given what has gone on with the (lack of) protection for personal financial information. The Fair Credit Reporting Act, the law that provides that free credit information access, was originally passed in 1970. The law was updated in 2003. In internet security terms, that's a lifetime ago. And lest anyone feel sorry for the credit reporting bureaus, who as Lieber noted, try to make a living out of selling identity protection products to people who are harmed by their malfeasance, as recently as 2015 a Federal Trade Commission report found that "23% of consumers identified inaccurate information in their credit reports."

Congress should act immediately to provide people at least the minimum protection that they deserve in a world in which people's personal information is being bought and sold regularly on the dark web. Perhaps the only thing that can provide even some minimal level of safety would be to let people have unlimited, free access to their credit reports--and then encourage people to check them regularly to guard against the hideously serious consequences of identity theft.