UNTIL something goes wrong, few people give much thought to the surveillance they undergo by credit-reporting agencies (CRAs). Yet these agencies’ business is deeply intrusive: quantifying character. They assign individuals credit scores based on how they previously managed debt. The scores are then sold to lenders. In America, Equifax, Experian and TransUnion, the “Big Three” CRAs, have gathered credit histories and identifying information for nearly every adult.
On September 7th Equifax admitted that something had indeed gone very wrong: hackers had gained access to personal information on about 143m people, mostly Americans. It reported that, from mid-May to July, hackers exploited a vulnerability in its website. The data compromised included Social Security numbers (SSNs), dates of birth and driving-licence numbers, and for 209,000 people, possibly their credit-card numbers as well. Equifax also noted that data about some Britons and Canadians may have been stolen.