Equifax, one of the largest credit bureaus, set up a website that allows users to check whether or not their information was included in their recent cyber breach. But the Washington Post reports the legal language on this website "potentially restricts your legal rights" by essentially forcing users into an arbitration clause if they use this service.
Why it matters: 90% of U.S. citizens and Social Security Number holders use Equifax.
The problems, per ArsTechnica:
- If you use the equifaxsecurity2017.com site, you forfeit your legal right to pursue any class-action lawsuits, per the site's legal language.
- The domain to the site doesn't belong to Equifax.
- The site is hosted on the WordPress content management system, meaning it doesn't have the proper security in place, particularly for a site that hosts users' SSNs.
Getting heat: New York State Attorney General Eric Schneiderman's office demanded Equifax remove the legal language. FTC Commissioner Terrell McSweeney tweeted "people shouldn't have to trade their rights for taking steps to protect their data security after breach."