Being in the industry, I understand how difficult it is to secure an organization, so I have some sympathy for Equifax. As an ex-NSA colleague noted (paraphrasing), “A defender has to protect everything, an attacker only has to find one hole.” That said, their business is PII, so there is a higher standard there.

In the end my concern is less that the hack happened, than the difficulty in navigating their site and ultimately receiving the credit protection. First of all, the initial page they are telling “customers” isn’t intuitive:


It is mostly PR material. You ultimately need to go to the “POTENTIAL IMPACT” button on the bottom:


Then when you do sign up, they tell you you’ll have to wait for roughly a week then sign up at a different URL. You had better write down the URL because they say, “you will not receive additional reminders”. The URL, if you made the mistake of not writing it down is:


Then “click through the link to continue through the enrollment process”. What link that is, god knows.

In fact if you click the above “faq.trustedidpremier.com” today, it goes back to, well, “www.equifaxsecurity2017.com”, which I assume then you are supposed to click the “ENROLL” button on the bottom???:


Just mildly confusing.


  1. Aron Griffis Avatar
    Aron Griffis

    Classic case of “you are not the customer” 🙁

    If it weren’t for the FCRA and FACTA, I don’t think the credit reporting agencies wouldn’t provide consumer-facing sites at all. They exist as a shared resource for creditors, not for consumers.

    Although it seems like poor UX in this case translates to missed future sales. I’m assuming they will eventually charge for the free credit monitoring they’re offering at the moment to remediate the hack, so everybody they can sign up now translates to a potential future paying customer. Good time to buy EFX? Sigh.

  2. Matt Fahrner Avatar

    I have no idea if this comment system will give you notices, however well put article and thanks for the forward Aron!

    Hope you are doing well BTW. Miss working with you – it was truly a pleasure. Know that your Linux kick got Burlington got us started down the long road of use here. Your legacy lives on!

Leave a Reply

Your email address will not be published. Required fields are marked *