Last week, 1 or more parties hacked my Equifax account, set up an account at TransUnion, and ran up charges on a cloned credit card in Brazil. To resolve this, I’ve interacted with the FTC, police, card issuer, and credit bureaus. Here’s what I learned about the credit bureaus: 1. Equifax has no escalation path for security breaches on weekends. Even if a breach potentially affects millions of accounts, there is no way to report it until Monday. 2. TransUnion has no ability to investigate hacks or security breaches. They can only generate a reference number for the customer to file a police report with. (Note that their top product category is Credit Management & Protection.) 3. TransUnion and Equifax do not cooperate on investigations. Despite evidence that suggests the same hacker was at work, neither credit union indicated any interest in even talking with the other. 4. If your TransUnion account is hacked, you will lose online access for life. You will never be able to download your credit report from TransUnion again, and can only get it via mail. For life. 5. Experian displays your mother’s maiden name on your profile page. There is no way to hide this, obscure your mother’s maiden name, or select a different security question. 6. Experian agents cannot view support ticket numbers or track tickets. Only a supervisor can access ticket numbers. Of course, that means you need to talk to a supervisor… 7. Equifax and Experian are extremely reluctant to generate a ticket or escalate to a supervisor. At Equifax, I requested to speak to a supervisor 7 times. At Experian, the agent awkwardly tried to resolve a CloudFlare server error by asking if I was using Internet Explorer. It felt endemic. I did not sense this at TransUnion. This experience has eroded my naive confidence in the consumer credit system. The burden for prevention, monitoring, and remediation is borne almost entirely by the customer. This doesn’t seem right.