Equifax’s data breach, that I wrote about this morning, was already problematic due to timing and when the public was notified.

Keep in mind that the hack started in May. Equifax didn’t “discover” it until July.

Equifax executives were definitely informed no matter what the company PR team is saying. Which makes this even worse:

Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans. [Emphasis Added]

Well folks, this disaster is turning into a 5-alarm Dumpster Fire, and Equifax is fueling the fire.

Equifax tweets out 'Happy Friday' one day after the massive breach is revealed https://t.co/fvY8QIx4mi

— CNBC (@CNBC) September 8, 2017

WOW. 

Those worried that their data may be compromised were asked to provide the last SIX digits of their SSN’s in order to verify. Umm, guys? If they haven’t fixed the system yet, why would we give the hackers any MORE ammunition? Oh, and it gets even better…or worse, depending upon your point of view.

In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.

Terrific. So the phishing attacks have already started AND Equifax doesn’t even have its act together in terms of helping worried consumers!

Then there’s this little gem in the fine print if one goes to the equifaxsecurity2017 site:

However, fine print deep in the company’s terms of service for the website includes an arbitration clause waiving the users “ability to bring or participate in a class action, class arbitration or other representative action.”

The individuals who click the “I agree to terms of service” button on the site, therefore might waive their rights to sue the company over the data breach in a class-action suit. Instead, they must resolve legal disputes in private arbitration. Many companies with agreements like this, including Equifax, argue that arbitration is a “quick and cost effective” means of resolving legal matters.

So if you sign up for the credit monitoring service, which only lasts for 12 months, and your data is STILL compromised, you’re out of luck.

PSA: If you check Equifax's site to see if your data was stolen, you *waive your rights* to sue Equifax or be part of a class action suit. pic.twitter.com/p4AlmmLQ3r

— Zack Whittaker (@zackwhittaker) September 8, 2017

Sort of. Maybe.

After conversations w my office, @Equifax has clarified its policy re: arbitration. We are continuing to closely review. pic.twitter.com/WcPZ9OqMcL

— Eric Schneiderman (@AGSchneiderman) September 8, 2017

Given how Equifax has been handling things thus far, do you believe them? I don’t. By the way, people are finding out that the cute little credit monitoring service isn’t available yet!

so you can compromise my personal info, but not send me reminders to help me deal with an issue you caused. thnks @Equifax #equifaxbreach pic.twitter.com/CoLa679Xl0

— Rachel Sapin (@Rachelsapin) September 8, 2017

But there’s a catch concerning the free credit monitoring. To sign up you have to provide, as outlined in the terms which were dated September 6, 2017, a credit or debit card number, which is total irony right there, that will remain on file. Once the 12 months are up, unless YOU the consumer proactively cancel the service, Equifax will bill you! Gosh, so helpful aren’t they?

Meanwhile, there are multiple reports in comments on articles and across social media that many who get hold of someone at Equifax and ask for their credit report to be frozen are getting argued with or are being hung up on! So helpful, right?

Assessments like this from Moody won’t help.

Moody's comments on the #Equifax data breach #equifaxbreach #CyberSecurity https://t.co/fe17F0sLFQ pic.twitter.com/3MM7ep9cdO

— Moody's InvestorsSvc (@MoodysInvSvc) September 8, 2017

This regarding Equifax’s CEO isn’t setting well with many.

Our Chairman and CEO Richard F. Smith has been named one of Atlanta's Most Admired CEOs! Read more @AtlBizChron: https://t.co/51Z4sEmqkC

— Equifax Inc. (@Equifax) September 1, 2017

So he accepted the award, all the time knowing that everyone in the audience had their data compromised? Stay classy, Dick!#equifaxbreach https://t.co/Zl0WMTgSfS

— SA (@GadgetArgo) September 8, 2017

Equifax’s breach and their atrocious mishandling of the incident along with their massive PR failure today has left over 148 million people at risk for identity theft. Geoffrey James over at Inc is right, why would we want to trust Equifax with anything now or ever? We shouldn’t.