The Wall Street Journal writes that from the middle of March through early April, Equifax sent out inaccurate scores on consumers applying for auto loans, mortgages, and credit cards with banks and other lenders of varying sizes. The WSJ adds that millions of people in the US were impacted by Equifax’s mistake, with some scores off by as much as 20 points in either direction. Credit scores generally range from 300 to 850; a score of 670 to 739 is considered good, 740 to 799 is very good, and 800 and over is excellent. That 20-point discrepancy was enough for some borrowers to reject a person’s application.
In a small number of cases, applicants went from having no credit score at all to a score in the 700s, or vice versa. Equifax started disclosing the errors to lenders, which included Ally Financial, JPMorgan Change, and Wells Fargo, in May. Equifax says fewer than 300,000 consumers experienced a score shift of 25 points or more. It claims the problem was due to “a coding issue within a legacy, on-premise server environment in the U.S. slated to be migrated to the new Equifax Cloud infrastructure,” which resulted in the miscalculation of certain attributes used in model calculations. The company emphasizes that credit reports were not changed due to the issue. “We know that businesses and consumers depend on our data and Equifax takes this technology coding issue very seriously. We can confirm that the issue has been fixed and that we’ve been working closely with our customers on analysis to best meet the needs of consumers,” the company said in a statement. In September 2017, Equifax announced one of the worst data breaches in history. Around 143 million US consumers were impacted, as well as others worldwide, with credit card numbers and personally-identifying information stolen. A week before the news broke, then-CIO Jun Ying exercised his stock options and sold them for almost $1 million, thereby avoiding $117,000 in losses he would have incurred otherwise. He was jailed in 2019 for insider trading. Equifax was also given a $700 million fine by the FTC over the breach and was hit with a class-action lawsuit for which it agreed to pay at least $380.5 million. Correction: The previous headline incorrectly stated that the issue persisted for three months. It was three weeks before Equifax addressed the problem.