Advisers must assume all clients are affected by identity theft
The Target, Anthem, LinkedIn, etc. breaches were bad. But, it's important for benefit professionals and clients to understand the magnitude and difference between those highly publicized breaches and what's happened with the Equifax breach, which is an earthquake in comparison to those tremors.
Why is it worse? Equifax is a consumer credit reporting agency and one of the big three credit bureaus. PII, or Personally Identifiable Information, includes your name, Social Security number, date of birth, street address, and, in some instances, driver’s license numbers. All of these were compromised during the Equifax breach. PII is all that’s needed to open a new credit card, file a tax return, buy a new car, purchase a few new iPhones, etc.
Soon, the criminals will to go to work, stealing identities and creating financial havoc for employees. Using history as our guide, whomever hacked Equifax will soon begin to sell smaller blocks of data on the dark web, but will take a few months so they can maximize revenue by not flooding the market with a 143 million new financial records all at once.
How impactful are 143 million compromised records? Let’s do some back-of-the-envelope math:
There are approximately 185 million Americans in the U.S. credit system. That number minus the 143 million reported by Equifax means that close to 80% of working Americans now may have their name, Social Security number and date of birth in the hands of fraudsters.
Millions of reasons
Make no mistake. Unfortunately, the cyber fraudsters and criminals now have our data. Period.
If you have a client company with a large number of employees, there were many good and solid reasons to offer ID theft as an employee benefit prior to the Equifax breach on Sept. 7. There are now more than 143 million more reasons to offer ID theft coverage. As I heard a speaker say at a conference recently, "If it’s almost 80% of working Americans, then we should assume from a business perspective that its everyone."
Currently, industry experts estimate it takes about 18 hours to recover from identity theft fraud. An impacted employee likely cannot deal with the issue only after work, but will need to address it immediately, which will involve calling places that are only open during working hours. Giving employees access to a top-of-the-line ID theft coverage at a discounted rate through payroll deduction will save a lot of time, effort and money by resolving (and should help to prevent) a future identity fraud problem for the employees of our clients.
Clients might think the Equifax breach was just another tremor. As benefit professionals, we have an obligation and opportunity to make sure employers know the implications of this recent earthquake before someone else tells them.