Your Hard Earned Money: Finally, Some Solutions From Equifax for your Data Breach Questions

Your Hard Earned Money

By RON LIEBER

Within the last couple of days, hundreds of individuals have sent me questions or tweeted concerning the Equifax breach and it is credit freeze process. I do not blame you, considering that you’ve melted their websites and make contact with banks since the organization announced a week ago that as much as 143 million people might have had their Social Security figures along with other data stolen.

Even without the much, or no, cogent response from Equifax in the past of their crisis, I’ve been delivering the questions you have to the representatives and putting them, unanswered, within my posts after i can’t obtain a reply.

Now, the organization is finally answering a number of them. Here’s what I’ve discovered, amongst other things, Equifax’s credit freeze process, whereby people secure their files to ensure that no crook could possibly get new credit by impersonating them. One cautionary lesson: The organization doesn’t always get its solutions right.

Do Equifax’s website and make contact with systems really work at this time?

Yes, the organization maintains, though barely if all of the messages within my email are any suggestion. Many people are waiting before the midnight to try and use Equifax’s security freeze website as well as failing then to obtain through. It’s like looking to get Bruce Springsteen tickets, except my own mail to determine this specific show.

Equifax explained that it’s not deliberately throttling lower its web servers to help keep individuals from getting freezes. (It’s tempting to think they would do that, considering that freezes allow it to be tougher for the organization to earn money off your private data.)

“We have a higher amount of demands for security freezes and also have been experiencing some intricacies,Inches a business spokesman, Wyatt Jefferies, stated, within an emailed statement. “We will work diligently to solve individuals intricacies.Inches

Within an earlier form of this column, I recommended while using company’s credit freeze line for the time being. However when a lot of you known as, you found you could not develop a credt freeze in the end.

At this time, I am not sure what to let you know except to help keep trying through the website. As the Equifax systems are doubtless receiving tremendously more pings than normal, there’s no excuse for the truth that their systems aren’t functioning 7 days into all this.

The organization stated it had been indeed experiencing a higher amount of demands for security freezes and guaranteed it had become spending so much time to repair the intricacies.

I’ve received a large number of emails from people who is able to get freezes through the website but encounter technical problems when their PIN (that they may use later to lift the freeze temporarily when they would like to make an application for credit) should really show up on their screens. What’s going on here?

The organization understands this and believes it is due to some people’s browser settings. It’s focusing on a fix, however — this can be avoided if you attempt to rather.

If you are getting trouble obtaining a PIN from Equifax’s website and you’re seeing error messages associated with Adobe, PDFs or printing, you may want to improve your Adobe software.

I’ve requested Equifax what individuals must do if they didn’t obtain a PIN, and I’m awaiting an answer. If you’ve requested the freeze online, Equifax stated that it’s not “currently” delivering PINs through the U . s . States Postal Service in cases like this (apologies to readers who I emailed independently guessing they could be mailing them — I suspected wrong).

Because of the mess the organization makes using these PINs, It must send PINs with the U . s . States mail to ensure that everybody impacted by the breach doesn’t have to consider any more steps.

Interactive Feature The Fallout In the Equifax Breach Online hackers broke into Equifax, being able to access data for 143 million Americans. Here’s what went down, how it’s being handled and you skill to safeguard your data.

Should you rather requested a burglar freeze over the telephone or by mail, you would really obtain a notice with the mail which includes your brand-new PIN.

About individuals PINs: If you want brand new ones, considering that older PINS weren’t at random generated figures and therefore might be insecure. What should people do in order to request one?

“Our technology team is evaluating this problem. We’ll talk to you when a procedure continues to be defined,” Mr. Jefferies stated.

Within the interim, people who wish to get a new PIN must call 1-866-349-5191, make contact with a live agent and supply identity verification information to get a substitute PIN.

Contributing to individuals phone representatives: Most of them appear have no knowledge, yet others don’t have up-to-date information. Choose to comment?

“We know about difficulties with our sales departments and we’re spending so much time to supply additional training to the agents,” Mr. Jefferies stated.

You’re refunding credit freeze charges to individuals who compensated them before you decide to made the decision to prevent charging them. Will which happen instantly?

It’ll, Equifax guaranteed yesterday. This is applicable to individuals who froze their files after 5 p.m. on Thursday, Sept. 7, utilizing a charge card. The organization continues to be exercising the procedure for those who compensated by check or money order.

Meanwhile, I’m still hearing scattered reports that individuals still need to purchase their freezes. Equifax, would you please, pretty please, improve your site in connection with this?

Now, for that questions that Equifax continues to have not clarified:

• What made you believe people should need to pay to safeguard themselves out of your mistake?

• Why don’t you make freezes free forever?

• Why don’t you request free freezes forever at Experian and TransUnion, too, considering that thieves can use information they stole from Equifax to setup accounts with lenders that just pull credit history from individuals other two companies?

• What should people do who don’t have U . s . States addresses?

• Why exactly would you hate freezes a lot?

I’ll update this piece assuming I recieve these solutions. A minimum of, the organization is beginning to interact, that is greater than I’m able to say for Experian and TransUnion, that have overlooked the majority of my detailed questions previously couple of days, both via email to company spokespeople as well as on Twitter.

Look, I recieve the offer here. All of us have it now. These businesses don’t consider us as customers. They consider us as products. They get lenders yet others to transmit over our payment histories for them, aggregate it and re-sell the information elsewhere. And until lately, they clarified to nobody, pretty much.

Now, however, Equifax has to work under many of us consumers yet others, since they’re likely to be sued and investigated to kingdom come. And Experian and TransUnion needs to be more forthcoming.

To these, I only say: Want less freezes? Less Twitter outrage? Answer our reasonable questions, therefore we can safeguard ourselves now that it’s absolutely obvious that lots of the supposed experts within this industry canrrrt do so. Silence helps nobody at this time.

Correction: September 14, 2017

‘It Was a Frat House’: Inside the Sex Scandal That Toppled SoFi’s C.E.O.

SAN FRANCISCO — For months, the text messages came. Some were flirtatious, asking her to meet him late at night. Sometimes, the texts were sexually explicit.

The messages were directed at Laura Munoz, an executive assistant at the online lending start-up Social Finance. The texts were from her boss, Mike Cagney, the company’s chief executive, according to five people who spoke with Ms. Munoz or saw the messages. Given Mr. Cagney’s stature at Social Finance, known as SoFi, Ms. Munoz was at a disadvantage.

That became apparent when SoFi’s board was informed of Mr. Cagney’s communications with Ms. Munoz in late 2012. The board said it found no evidence of a sexual relationship. Ms. Munoz was then paid about $75,000 to leave the company, according to three people familiar with the proceedings who spoke on the condition of anonymity because they were not authorized to talk publicly. Ivo Labar, a lawyer representing Ms. Munoz, said matters were resolved between his client and SoFi.

Around the same time, SoFi’s board and executives also heard complaints from investors that Mr. Cagney had made misstatements to them over the start-up’s student loan products, according to emails between investors, executives and the board that were obtained by The New York Times. Directors stood by Mr. Cagney in that instance, too.

The board’s support allowed Mr. Cagney to build SoFi into a fast-growing start-up that is trying to take on the big banks by offering lending, insurance and asset management online. The company has been valued at more than $4 billion.

But within SoFi, Mr. Cagney, a married father of two, continued to raise questions among employees with his behavior. He was seen holding hands and having intimate conversations with another young female employee, according to six employees who saw the two together. At late-night, wine-soaked gatherings with colleagues, he bragged about his sexual conquests and the size of his genitalia, said employees who heard the comments.

Mr. Cagney’s actions were echoed in other parts of SoFi. The company’s chief financial officer talked openly about women’s breasts and once offered female employees bonuses for losing weight, according to more than a dozen people who heard his comments. Some employees said on a few instances, they caught colleagues having sex with supervisors at SoFi’s main satellite office in Healdsburg, Calif., which was the subject of a sexual harassment lawsuit filed last month.

Even as other Silicon Valley companies such as ride-hailing giant Uber have been in the spotlight this year for inappropriate treatment of women, Mr. Cagney’s case goes a step further. Although many of the issues at other firms stemmed from the actions of midlevel executives or investors, Mr. Cagney personally faces questions about his role. His conduct was described by more than 30 current and former employees, most of whom asked to remain anonymous for fear of retribution.

The behavior went largely unchecked until Monday, when SoFi’s board acted after weeks of growing scrutiny of the company. The start-up said Mr. Cagney, 46, would leave as chief executive by the end of the year and that he would step down immediately as chairman. In a statement announcing Mr. Cagney’s departure, SoFi did not explain the executive change.

The company said its business was performing well, and that SoFi was becoming a “major, innovative player in consumer finance.” A SoFi spokesman said the company did not comment on personnel matters and disputed that its business had taken on too much risk. Through the spokesman, Mr. Cagney also said he “vehemently denies” any improprieties at after-hours events with colleagues.

Yet Mr. Cagney’s position had become increasingly delicate after the filing of the sexual harassment suit, which accused him of “empowering other managers to engage in sexual conduct in the workplace.”

His situation was also exacerbated by claims about his approach to SoFi’s business, which uses money from Wall Street investors to fund student loans, personal loans and mortgages. At several points, Mr. Cagney ignored warnings from colleagues that he was being too aggressive with the business, according to more than a dozen employees who were involved in the conversations.

That included a time when Mr. Cagney decided to put customer service representatives in charge of lending determinations, despite them having no experience in the area. Another time, he told investors that SoFi had $90 million in debt financing for a loan product; the company did not in fact have the money, according to the internal emails reviewed by The Times.

SoFi’s board, which includes representatives of Japanese conglomerate SoftBank and the influential hedge fund Third Point Capital, now faces questions about whether it needed more checks and balances on Mr. Cagney.

Companies like SoFi show how boards are incentivized to prioritize cash flow and growth over governance, said David F. Larcker, a professor at Stanford University’s Graduate School of Business who specializes in corporate governance. “The board now has a duty to correct for things that have gone wrong,” he said.

The board said that it found “no allegation or evidence of a romantic or sexual relationship” between Mr. Cagney and Ms. Munoz and referred all other questions to SoFi.

Workplace Pursuits

Mr. Cagney, who was born in New Jersey, started his career in finance in 1994 at Wells Fargo, where he climbed the ranks to the trading desk. He later left the giant bank to begin a financial software company, and then his own hedge fund, Cabezon, in 2005. On the side, he attended Stanford’s business school.

In 2011, Mr. Cagney began SoFi with several co-founders. The start-up, established as venture capitalists were getting excited about financial technology, raised nearly $100 million in its first year. In total, SoFi has now taken in $1.9 billion from investors including SoftBank, Discovery Capital and Baseline Ventures.

Even with other co-founders, Mr. Cagney quickly established himself as the company’s center of gravity. SoFi’s offices, with glassed-in conference rooms and cheap Ikea furniture, were set up in San Francisco’s Presidio, the park near the Golden Gate Bridge, because Mr. Cagney’s hedge fund already had its offices there. His home was less than a mile away.

Mr. Cagney exhibited an aggressive attitude at the office that he may have learned as a trader at Wells Fargo. He sometimes shouted obscenities and excoriated employees in front of others when they made mistakes.

Mr. Cagney hired deputies who had similar characteristics. One was Nino Fanlo, a former executive at Goldman Sachs and the private equity firm Kohlberg Kravis Roberts, who became SoFi’s chief financial officer in 2012.

Mr. Fanlo, 57, sometimes kicked trash cans in the office when angry. He also commented on women’s figures, including their breasts; said that women would be happier as homemakers; and once told two female employees he would give them $5,000 if they lost 30 pounds by the end of the year, according to more than a dozen people who heard the comments and witnessed the weight-loss offer.

Mr. Fanlo said it was “patently false” that he did not respect women and that his team at SoFi had many women who received promotions and professional accolades. He also attributed his shouting and kicking of trash cans to frustration about deals and start-up pressures.

“You’re under extraordinary pressures at a company that is growing that fast,” Mr. Fanlo said.

More than two dozen former SoFi employees said they were uncomfortable with Mr. Cagney’s pursuit of women in the office. In 2012, he sent the text messages to Ms. Munoz, the executive assistant, until her colleagues took the issue up with executives and the board, according to the five people who spoke with Ms. Munoz about the matter.

Even as Mr. Cagney was texting Ms. Munoz, he also chased another young female employee. Six employees said they saw Mr. Cagney and the employee holding hands and talking intimately. One day in 2013, when Mr. Cagney was flirting with her at the office in front of colleagues, she grew enraged and left, according to three employees who witnessed the episode. Soon after, she left the company.

Around that time, SoFi’s board asked Mr. Cagney to not engage in inappropriate conduct with employees, according to two people with knowledge of the conversations. The situations were awkward in the office given that Mr. Cagney’s wife, June Ou, began working at SoFi in 2012, rising to become the company’s chief technical officer. Her desk was near Mr. Cagney’s. Ms. Ou did not respond to a request for comment.

Pushing the Business

SoFi’s business works in the following way: It loans money to students, home buyers and individuals with high credit scores. The company funds those loans with money from hedge funds and banks, who buy the loans through securities or bonds that SoFi creates.

As early as 2012, Mr. Cagney ran into trouble with some of his investors. That year, the company said it had secured $90 million in debt financing for one of its loan products, called Refi A. But some investors who had bought the securities noticed their returns were not in keeping with SoFi’s estimates and voiced concerns to executives and to a board member, according to the emails obtained by The Times.

About 10 SoFi executives met to discuss the situation; it was then that some of them learned Mr. Cagney had not actually secured the $90 million for the loan product, according to people who were at the meeting. Some attendees said they were dismayed at the possibility that they had made material misstatements to investors.

In October 2012, SoFi bought back the Refi A securities from investors for what they had paid, plus the investment return they had anticipated, or gave them the option to put their money into a different product. Mr. Cagney said in an investor letter that the product had been “imperfect,” but did not offer any details about the $90 million. The SoFi spokesman said that “no consumers were harmed in the process.”

In 2015, SoFi began offering mortgages. In meetings with the compliance officer overseeing the program, Mr. Cagney was told that SoFi was not doing enough to document the income of borrowers and was rushing to offer loans more quickly than competitors did, according to a person involved in the mortgage business. A SoFi spokesman said the company complied with all laws.

Mr. Cagney also led a push into personal loans last year. To strengthen that business, he asked customer service representatives to review and approve loans, a job that had previously been done by the company’s underwriters, said two people involved in the loan business. Many employees opposed the change because customer service representatives do not have the experience of approving loans, but the move helped SoFi double the amount of loans it issued in just a few months.

That created another problem: SoFi did not have enough money to fund all the loans it was giving out. Mr. Cagney told employees that because of the funding shortfall, it could take as long as 30 days for some new customers to get the money they borrowed. But the employees who dealt with the customers were told by a supervisor to say that people would still get the money within 72 hours as promised.

“We had to lie to them and tell them that we were a little behind or that the transfer got lost — just something to keep them off our backs,” said Marie Lombard, who worked from 2014 to 2016 at SoFi’s operations center in Healdsburg.

Mr. Cagney eventually took customer service representatives off the underwriting decisions.

A SoFi spokesman said that customer service representatives did not approve loans and that the company’s proprietary software made those decisions. He added that SoFi always communicated timing changes on its loans to borrowers and that delays have never run as high as 30 days.

An Internal Toll

Mr. Cagney’s risk-taking outside of SoFi also created problems. In January 2015, his hedge fund, Cabezon, suffered big losses on a currency trade. In the aftermath, SoFi’s board agreed to buy Cabezon for $3.25 million and give the hedge fund’s employees jobs at SoFi. That caused resentment at SoFi among some workers.

A SoFi spokesman said the company bought Mr. Cagney’s hedge fund partly because the board was concerned about Mr. Cagney’s ability to focus on both companies.

At the time, SoFi was growing rapidly. Since 2011, when it had five people in a one-room office, the company has grown to 1,200 employees and lent more than $20 billion to about 350,000 customers. Earlier this year, the private equity firm Silver Lake Partners led a new round of fund-raising that gave SoFi another $500 million and valued the company at $4.3 billion.

Mr. Cagney’s co-founders nonetheless left the company one by one, and Mr. Fanlo departed this summer. (Mr. Fanlo said that he left to pursue a new opportunity.)

In 2015, an anonymous email was sent to everyone in the company, complaining in detail about the work environment and nepotism in hiring, according to five employees who received the email. SoFi said that it takes every complaint seriously.

At the start-up’s office in Healdsburg, Yulia Zamora, who worked as an underwriter there from 2015 to 2016, said it often seemed as if there were no rules. She said she was propositioned by a supervisor numerous times.

“It was a frat house,” Ms. Zamora said. “You would find people having sex in their cars and in the parking lot. It was a free-for-all.”’

SoFi has recently been taking steps to contain the damage. Earlier this month, the company started an investigation into the harassment claims in the Healdsburg satellite office. At the same time, questions over Mr. Cagney’s own behavior also surfaced.

In recent days, Mr. Cagney canceled a trip to Singapore to attend a board meeting at SoFi’s offices in San Francisco on Monday. At the meeting, Mr. Cagney argued for his job — but eventually lost out to board members who viewed him as a liability, according to two people with knowledge of the meeting.

“I want SoFi to focus on helping members, hiring the best people, and growing our company in a way consistent with our values,” Mr. Cagney wrote in a letter announcing his departure. “That can’t happen as well as it should if people are focused on me, which isn’t fair to our members, investors, or you.”

Equifax Hack Exposes Regulatory Gaps, Departing Consumers Vulnerable

Equifax warehouses probably the most intimate information on Americans’ financial lives, in the charge cards within their wallets to how big their hospital bills.

But the organization doesn’t face the continual monitoring and auditing which help strengthen banks’ systems and knowledge protections. Regardless of the insightful sensitive information in the databases, Equifax, essentially, doesn’t happen the regulatory cracks.

The risks of these poor oversight grew to become apparent on Thursday when Equifax disclosed that online hackers had compromised the private and private information, including Social Security figures, of up to 50 % from the American population.

Equifax has become scrambling to retain the legal and financial fallout.

New York’s attorney general, Eric T. Schneiderman, has opened up an analysis in to the data breach, while two potential class-action suits happen to be filed. Shares of the organization were lower nearly 14 % on Friday.

Someone backlash keeps growing within the company’s reaction to the breach. The remedy that Equifax has offered — twelve months of free credit monitoring — struck many as insufficient. Compounding the frustration, three senior executives, such as the chief financial officer, offered $1.8 million price of shares dads and moms after Equifax discovered the breach.

Equifax and 2 other credit bureaus, Experian and TransUnion, produce the reports accustomed to calculate credit ratings, the ever-present three-digit figures that banks, insurers, lenders and employers depend onto make various decisions. Individuals scores, the algorithmic assessment of the consumer’s entire credit history, help decide whether somebody will get employment or perhaps a new house.

The bureaus have files on roughly 200 million Americans. And consumers haven’t much choice, since banks along with other companies give financial information along with other data straight to the bureaus. The continues to be damaged by complaints of mistakes on credits reports and difficulties in fixing them.

The information breach at Equifax, which affected 143 million people, could compound the issues, departing consumers susceptible to identify thievery. It had been the 3rd hacking disclosed by Equifax this season.

“You cannot fire the 3 credit agencies,Inches stated Rohit Chopra, an old assistant director in the Consumer Financial Protection Bureau and today a senior fellow in the Consumer Federation of the usa. “Credit reporting agencies would be the plumbing in our economic climate but they are significantly less controlled than a lot of lenders.Inches

TransUnion stated it had been investigating the character of Equifax’s attack and just what, or no, actions may be appropriate. Experian and Equifax didn’t return requires comment. Equifax released an announcement apologizing to customers for “the concern and frustration this will cause.Inches

The loan bureaus fall under something of the regulatory grey area in Washington.

They are handled by most of the same data security laws and regulations that affect banks. But banks face much stricter oversight, having a group of agencies cooperating to audit institutions and monitor their compliance. Non-bank companies, such as the credit agencies, generally are scrutinized once something went wrong.

Federal laws and regulations require all companies to consider reasonable steps to guard consumer data. As the Consumer Financial Protection Bureau has some supervisory and enforcement authority within the credit agencies, the company generally leaves data privacy enforcement towards the primary regulator responsible for it, the Ftc. And also the trade commission lacks the legal right to impose big fines.

Recently, the commission punished TaxSlayer, a tax preparation website, for any weak home security system that permitted online hackers to get into nearly 9,000 customer accounts. TaxSlayer decided to strengthen its systems and undergo compliance audits. However it compensated no financial penalty, since the commission doesn’t have capacity to levy fines for first-time violations of certain rules.

“Both when it comes to sources and authority, exactly what the F.T.C. can perform clearly doesn’t measure to the proportions of the issue,Inches stated William McGeveran, a professor in the College of Minnesota School which specializes in privacy law.

Interactive Feature Are You Currently a target of Id Theft? The Brand New You are able to Occasions want to listen to those who have been victims of id theft.

A spokeswoman for that Ftc, Juliana Gruenwald Henderson, stated the company doesn’t discuss its investigations and declined to state whether it had opened up one on Equifax.

The Customer Financial Protection Bureau is “looking into” the information breach at Equifax, based on Mike Gilford, a spokesman, but he declined to comment further.

Credit rating is very large business. Equifax made $3.1 billion in revenue this past year, collecting the great majority from companies like banks along with other financial service companies.

However the industry continues to be the topic of critique over its data collection and reports. In certain examples, a couple were combined right into a single file. In other instances, the bureaus have placed an individual’s information in to the wrong credit history, which could occur when a couple have similar Social Security figures.

2 yrs ago, a coalition in excess of 30 condition attorneys general cracked lower around the credit agencies, negotiating an offer that needed sweeping changes. The bureaus dropped some error-ridden data sources using their reports and decided to provide more details to consumers who disputed data around the reports.

Problems have endured. This season, Equifax and TransUnion decided to pay a combined $23 million to stay allegations through the Consumer Financial Protection Bureau they made “false promises” to lure customers into buying credit-related products. Individuals products were promoted as free, but included monthly charges if customers didn’t cancel throughout the free trial.

The information breach at Equifax could expose the organization to legal and financial challenges, even though the regulatory atmosphere isn’t prone to become stricter underneath the current presidential administration.

On Friday, Representative Ted Lieu, Democrat of California, sent instructions towards the leaders of the home Judiciary Committee with a hearing to deal with the breach. In the letter, Mr. Lieu requested that representatives from the three bureaus be known as to testify by what steps appeared to be come to prevent future intrusions.

“Congress includes a strong role to experience in stopping such attacks on the financial and that i.Capital t. infrastructure, and should hold individuals entrusted with this most sensitive data to account,” Mr. Lieu authored within the letter.

As consumers digested the scope from the hacking, an internet site setup by Equifax to assist was inundated. The website presupposed to see whether people’s data was compromised, after visitors joined six digits of the Ssn along with other information.

It offered only vague responses, saying private information wasn’t impacted or it “may happen to be impacted.” Individuals who used the website rapidly observed that entering bogus names and figures frequently generated exactly the same messages.

“It requires trust where there’s no trust,” stated Justin Baxter, someone lawyer in Portland, Ore., who’s a lawyer inside a suit seeking class-action status against Equifax. “Asking individuals to key in private information to determine if their private information continues to be breached — many people will not do this.Inches

Equifax also suggested registering for a monitoring services. However the program initially needed users to give up their legal rights to law suit and accept use arbitration to stay disputes.

It immediately came outrage, with Mr. Schneiderman, the brand new You are able to attorney general, contacting Equifax to get rid of language that may deny victims the authority to sue. Equifax has since altered the clause, giving consumers the opportunity to opt out.

The organization presenting twelve months of free credit monitoring to any or all consumers, not only victims from the breach. It’s also supplying people the opportunity to freeze their Equifax reports, which, theoretically, should prevent thieves from trying to get credit within their name.

“This is really a one-year solution to have an eternal problem,” stated Adam Levin, chairman of CyberScout, which supplies data breach defense services. “The collateral damage could be devastating, and when you’re speaking about Social Security figures the only real expiration date a Ssn has is up to you.Inches