And how...
If we're sufficiently angry about this, can we tell Equifax "I don't trust you to hold my data; I require you to delete every piece of data you hold on me"?
It would seem a reasonable request in the circumstances - but is it possible? If not, data protection laws are worth very little. We need the ultimate sanction, as individuals, of being able to easily compel companies and organizations to delete all identifiable data they hold on us.