Equifax Breach

[RJM62]

I'm surprised no one has started a thread on this, so I will. Long story short, Equifax got hacked, so there's a very strong chance that your personal financial data is on the street if you live in the U.S., and some possibility if you live in Canada or the UK.

https://www.forbes.com/sites/leemat...h-impacts-143-million-americans/#4c6bccd4356f

http://www.bbc.com/news/business-41192163

https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/

After my own most-recent identity theft incident (which went as far as someone filing tax returns in my name as well as the more mundane sorts of fraud), I found Equifax to be an utterly incompetent company to deal with. Their Web site errored out when I first tried to apply the freeze, and their phone system was looped so I could never talk to an actual person. It also took multiple letters and the intervention of the NYS Attorney General's office for me to get the PIN associated with the security freeze. They were the most frustrating non-governmental entity I'd ever dealt with.

Experian and Trans-Union, on the other hand, were very helpful. Experian in particular bent over backwards to be helpful, even to the point of providing me with a "secret" phone number for Equifax that actually worked. I was impressed enough with Experian that I subscribed to their paid three-bureau credit-monitoring product through USAA, which costs about half the price of what it otherwise would cost, despite already having been enrolled in numerous free (and generally useless) credit-monitoring as a result of previous breaches.

ChexSystems, a low-key company that keeps data regarding things like people who bounce checks on deposit accounts, were also very helpful. I had to file a freeze with them to prevent people from opening checking or savings accounts in my name. Practically all financial institutions check to see if an applicant is on the ChexSystems **** list before allowing them to open an initial account.

Back to Equifax, I shudder to think of the effect this will have on Americans. I haven't even come close to being back to normal financially. I can't apply for a loan, buy a phone, get an insurance quote, change utility companies, or open a deposit account without planning it in advance, finding out which agency the vendor uses, and temporarily lifting the freeze so the check can be run. But I've lost count of the attempts to pull my credit, so I can't unfreeze the reports.

I also have been inundated with spam and telemarketing calls, which I believe were also due to the previous breach because my email address and telephone numbers were also compromised. Filing my routine tax returns is more complicated, as well.

In addition to ****ing off a lot of Americans, I shudder to think of the effect that this will have on the financial industry in general. Can you imagine the number of fraudulent credit applications that are going to be filed? I expect them to outnumber legitimate applications, possibly by many orders of magnitude.

I plan to call my idiot congressman again today to remind him of my last call and letter wherein I lambasted Congress for allowing the use of SSNs for credit purposes and as de facto national identity numbers. With any luck at all, he's a victim of the Equifax breach as well; so maybe the dirtbag will actually listen this time.

Rich

 

[DFH65]

If you were worried about their executives don't some cashed out large amounts of stock prior to the news breaking so they should be OK.

They ought to have a penalty paid out to the person who's data is breached and restitution for any future loss. Particularly in this case as while they say it is customer data it really isn't. You are not a customer of Equifax they just have your stuff. Breach is a strong word in this case really what happened was someone took the data without paying for it. Equifax is happy to sell your information to people.

I am in IT breaches and exposures are almost impossible to prevent due to humans being humans. What needs to happen is make the data useless or make it very expensive to lose sensitive data to the point where people no longer want to store it.

 

[rtk11]

Agreed that they're incompetent. But they're established as one of the major credit score providers, so all of us will have some sort of history with them.

Sigh... I checked yesterday and their website wasn't fully advising of status. This morning, I see that my data was leaked. Lovely. Registration for "free credit monitoring" starting Sept 12. What a farce...

 

[murphey]

It took over a month for them to admit publicly there was a hack. Guess I'll spend the morning dealing with the other two services, get ducks in a row, then workmon Equifax.

 

[azblackbird]

I'm surprised no one has started a thread on this, so I will. Long story short, Equifax got hacked, so there's a very strong chance that your personal financial data is on the street if you live in the U.S., and some possibility if you live in Canada or the UK.

Checked last night, I'm good. Plus it helps to have a business partner who is on the "dark web" side of things. He lets me know if any of my passwords or financial info is floating around out there somewhere.

 

[Everskyward]

In the past week I got letters in the mail from both the state of Colorado (jury pool), and an aviation insurer, telling me my information may have been inadvertently released. The insurer has paid for two years of credit monitoring with Equifax, so I signed up a few days ago. LOL.

 

[pkuhns]

Thank you for posting this. The Equifax system for dealing with this is slightly comical: how can we expect them to help us monitor our credit when they were just the victim of data theft? Just being Mr Obvious over here...

 

[mscard88]

Just tried annualcreditreport.com, completed the online for one, TransUnion, went thru the verification process, and then hit submit. Result online unavailable, call. This should be fun.

 

[gkainz]

"May be impacted." Gave me a date 5 days out to "Check back" ??? WTH is that all about?

 

[murphey]

Just tried annualcreditreport.com, completed the online for one, TransUnion, went thru the verification process, and then hit submit. Result online unavailable, call. This should be fun.

Server is definitely overloaded...I'm still on the request page (where you enter name & details) and it's "waiting for...."

So what else is new? I've been hacked twice (at least) back in 2014 with the OPM hack.

Ok, we're back. TIme to order reports.

 

[Clark1961]

I'm way ahead of you guys. The IRS and Bluecross lost my data to hacks. Yup, had a fraudulent tax return filed using my data. The IRS claims that is somehow a crime against me and they really don't want to have it pointed out that someone attempted to defraud them. The grudgingly admit some responsibility but insist it is my problem and that I should guard my data better.

The problem is that they require my data and manage to lose it. Maybe it is way past time for lawsuits? The hacking incidents seem like are minor things and other people's problems to these "institutions".

 

[luvflyin]

In related news, 3 high up Eqifax executives, including the CFO, dumped stock on August 2 and 3. The breech was discovered on July 29. They told us yesterday. Your move SEC.

 

[paflyer]

In related news, 3 high up Eqifax executives, including the CFO, dumped stock on August 2 and 3. The breech was discovered on July 29. They told us yesterday. Your move SEC.

Just a coincidence, IMO.

 

[Anymouse]

Just tried annualcreditreport.com, completed the online for one, TransUnion, went thru the verification process, and then hit submit. Result online unavailable, call. This should be fun.

Got tired of that deal and just simply stopped checking. Now I use CreditKarma.com. It's 100% free, and they notify you by email if there are changes (like new accounts added) to your record.

 

[RyanB]

If you were worried about their executives don't some cashed out large amounts of stock prior to the news breaking so they should be OK.

It amazes me how ignorant and stupid people can be. Do those executives really think that officials will believe that they "hadn't heard about the breach prior to selling their shares." C'mon. EFX is in the toilet today and surprisingly it doesn't appear to be dragging down the Dow.

 

[murphey]

By the way, TrustedID, the free service mentioned by Equifax? It's owned by Equifax.
So, do you trust the people who allowed the hack to continue "monitoring" your financial records?

 

[mikea]

This breach should result in criminal charges.

There is a system called PCI certification from the banks for credit card handling which has STRICT rules on how data has to be protected. i.e. the datacenters have to have security cameras and strict access controls.

Equifax should get the death penalty - no longer allowed to handle sensitive financial data, but watch them fire some IT guys and let executives retire with golden parachutes and claim they made a major effort to prevent it from happening again, so we're all good, right?

*sigh*

You can see if your data was among the 143 Million here: https://www.equifaxsecurity2017.com...urce=fark&utm_medium=website&utm_content=link

If your data was leaked, you can sign up TrustID Premiere for free with a single click, so Equifax signs you up for the Equifax TrustID service to monitor when thieves use the data on you that Equifax lost FOR FREE*

Keep in mind, the word is that Equifax "free" TrustID protection comes with terms that effectively indemnifies Equifax for any wrongdoing.
I didn't see any notice of that. There's gonna be a s-storm about that. Should take class action lawyers about 6 seconds to bust that...and then win a class settlement that pays the lawyers $15 million in fees and gets each victim free Equifax TrustID credit monitoring for one year.

AND Equifax can then email the 143 million Americans to get them to subscribe and PAY for the Equifax TrustID service after the free period, if not setting them with opt-out accounts.

"We're all good now, right?"

Me being a sucka I froze my credit at Equifax which costs $10 for a temporary freeze.
https://www.freeze.equifax.com
So now legit companies can't get the information from Equifax that criminal hackers already have.

Total bastards.

The information from FTC on the breach:
https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do?utm_source=govdelivery
It says that you don't get signed up for TrustID until you come back and apply on the date it gives.

 

[RJM62]

I'm way ahead of you guys. The IRS and Bluecross lost my data to hacks. Yup, had a fraudulent tax return filed using my data. The IRS claims that is somehow a crime against me and they really don't want to have it pointed out that someone attempted to defraud them. The grudgingly admit some responsibility but insist it is my problem and that I should guard my data better.

The problem is that they require my data and manage to lose it. Maybe it is way past time for lawsuits? The hacking incidents seem like are minor things and other people's problems to these "institutions".

My accountant got hacked. That seems to have been the source of the fraudulent returns filed in my name. My brother uses the same accountant and also had fraudulent returns filed. I also got caught up in both the Anthem and Excellus BC/BS breaches, though, as did my brother. So that might also have been the source.

Rich

 

[RJM62]

By the way, TrustedID, the free service mentioned by Equifax? It's owned by Equifax.
So, do you trust the people who allowed the hack to continue "monitoring" your financial records?

I decided to pay for Experian credit monitoring through USAA after the last time my PII was stolen. It seems pretty good so far. I get nearly-immediate notifications when anyone pulls an Experian report, and notices within 24 hours when someone pulls a Trans-Union or Equifax report. Plus monthly three-bureau credit scores, U.S.-based customer service by phone, and lots of other stuff. Costs $13.99 / month for USAA members, which is roughly half the regular price.

Rich

 

[paflyer]

I decided to pay for Experian credit monitoring through USAA after the last time my PII was stolen. It seems pretty good so far. I get nearly-immediate notifications when anyone pulls an Experian report, and notices within 24 hours when someone pulls a Trans-Union or Equifax report. Plus monthly three-bureau credit scores, U.S.-based customer service by phone, and lots of other stuff. Costs $13.99 / month for USAA members, which is roughly half the regular price.

Rich

This is like paying "protection" money to the mob.

 

[Everskyward]

By the way, TrustedID, the free service mentioned by Equifax? It's owned by Equifax.
So, do you trust the people who allowed the hack to continue "monitoring" your financial records?

I don't think I would trust any company, or even myself, to keep my data "safe". In fact I knowingly did something really stupid the other day for the sake of expediency. I only hope they really do notify me of any pulls to my credit report in the next two years. Note that I signed up for other reasons before this became public, so I didn't sign away any rights.

 

[strangebird]

Agreed that they're incompetent. But they're established as one of the major credit score providers, so all of us will have some sort of history with them.

Sigh... I checked yesterday and their website wasn't fully advising of status. This morning, I see that my data was leaked. Lovely. Registration for "free credit monitoring" starting Sept 12. What a farce...

Yes what a cluster f*#&ing you have to remember to go back in on the 12th, to sign up for the complimentary, what a crock who is going to rememebr to do that,it should have been immediate, that fat cat Presdident who wrote the ambiguous crap on the web should be fired, it was like what crap manual did you come up with this language, "potential impact", etc all I can say is my horse's butt farts are more discernable, it looks like my wife and I were both " impacted"
I would like to impact that guy with a impact hammer

 

[pkuhns]

It is becoming glaringly obvious that credit protection should be free and required by federal law due to the credit whores called corporations that simply cannot store safely all the data we willingly give them.

 

[paflyer]

It is becoming glaringly obvious that credit protection should be free and required by federal law due to the credit whores called corporations that simply cannot store safely all the data we willingly give them.

Any breach should result in a $1,000,000 payment to anyone affected. The money should be escrowed to make sure they don't just file to escape the responsibility. That would get them to be more serious about protecting people's vital data.

 

[RJM62]

This is like paying "protection" money to the mob.

Experian was the most helpful of the bunch after the last breach. Their monitoring service has also alerted me to much more activity than all of the other credit-monitoring programs that I've been enrolled in as a result of previous breaches, combined. Most of those services are utterly useless. They catch little if any activity.

A free, less full-featured version of Experian's service is included with USAA membership. It just needs to be activated. It only covers Experian activity, however.

Rich

 

[JOhnH]

"May be impacted." Gave me a date 5 days out to "Check back" ??? WTH is that all about?

They didn't even tell me that I "may" be impacted. They just gave me a date and a warning to write it down because I won't be reminded.
Maybe that is a good thing, but they could at least include a line that says I was not impacted.

As a side note, I worked for Equifax for about 20 years. I always wondered just HOW they could stay in business. Their management style was 100% political and self serving. Everything was a secret, so the rumor mill was better than the armed forces. It was classic "Murphy". In order to be promoted into management, you first had to screw up in the trenches. If you were good at your job, they wouldn't promote you because the needed you where you were. To this day, I swear that Scott Adams must have done much of his research there.

 

[paflyer]

They didn't even tell me that I "may" be impacted. They just gave me a date and a warning to write it down because I won't be reminded.
Maybe that is a good thing, but they could at least include a line that says I was not impacted.

As a side note, I worked for Equifax for about 20 years. I always wondered just HOW they could stay in business. Their management style was 100% political and self serving. Everything was a secret, so the rumor mill was better than the armed forces. It was classic "Murphy". In order to be promoted into management, you first had to screw up in the trenches. If you were good at your job, they wouldn't promote you because the needed you where you were. To this day, I swear that Scott Adams must have done much of his research there.

Well that's true of many, many businesses.

 

[paflyer]

The fact that credit "scoring" is secret sauce should be illegal.

 

[MauleSkinner]

The fact that credit "scoring" is secret sauce should be illegal.

The exact formula may be secret, but the gist of it is, if you've been in debt for a long time and making payments when you're supposed to, your score goes up. If you pay off debt, your score goes down. If you cancel a credit account with no activity, your score goes down.

In other words, if you're the type of person that gives Equifax business, your score with them goes up.

 

[JOhnH]

The exact formula may be secret, but the gist of it is, if you've been in debt for a long time and making payments when you're supposed to, your score goes up. If you pay off debt, your score goes down. If you cancel a credit account with no activity, your score goes down.

In other words, if you're the type of person that gives Equifax business, your score with them goes up.

I hate to defend Equifax in any way, shape or form, but the real gist of it is that in order to maintain a high credit rating, you have to display the characteristics of people that statistically pay off their loans. And Equifax doesn't just make up those characteristics to be mean.

If you pay cash for everything, and have a few million in the bank, that is good for you. But that is not evidence enough for Equifax to vouch for your likelihood of paying off new debt.

 

[N659HB]

Said I'm not impacted. Not sure whether to believe them or not at this point.

 

[MauleSkinner]

...the real gist of it is that in order to maintain a high credit rating, you have to display the characteristics of people that statistically pay off their loans.

I would say that you have to display those statistics. The characteristics of these people are honesty and integrity, but Equifax and others don't know enough about those characteristics to measure them.

 

[strangebird]

Now there is an article where if you sign up for the Equifax Trust ID that is "complimentary" that in the terms of use agreement, if you agree, then you can not sue them.. gotcha, sign up and then there is nothing you can do to us,.

Several class action suits already in the works, let's guess, the settlment will be complimentary Trust ID, for you, lawyers get millons

 

[X3 Skier]

Gee, only about the 10th time somebody broke into a data base with my info. The topper was the Chinese Government breaking into OPM and stealing my entire life history in my Security Clearance file.

Only a few credit card frauds over years but none have cost me anything.

I'm sure some ambulance chasers (the Subway foot long guys?) will file a class action to overturn the class action waiver

Cheers

 

[Sundancer]

Froze my credit long ago, change banks every couple years, never use a debit card in retail; heck, I even web surf via a VPN connection. VA, mortgage Co., VA, OMB, VA, Blue Cross, FAA, all proved reckless and incompetent to handle my PII multiple times, and over multiple years.

Absent punitive legislation, it'll continue. My attitude now is an identity thief is stealing from whoever he/she gulls into believing it's me; not even gonna worry about it, short of sending a registered letter that the creditor is out of luck. My mortgage is paid, don't need any loans, and if one of my bank account gets nailed, the law does say it's the bank's loss, not mine

The annoying things is the constant media dribble that "it's inevitable" - but it ain't, it's just incompetence.

PS
A class action was filed yesterday.

 

[James_Dean]

I'm affected and froze my reports at all three agencies today. For $10 per. Bastards.

 

[RJM62]

I'm affected and froze my reports at all three agencies today. For $10 per. Bastards.

In some states they may not be able to charge you anything. I know I didn't have to pay in New York. Equifax was the only company that tried to charge me. A few choice words from the AG's office and they changed their tune.

Rich

 

[RJM62]

Gee, only about the 10th time somebody broke into a data base with my info. The topper was the Chinese Government breaking into OPM and stealing my entire life history in my Security Clearance file.

Only a few credit card frauds over years but none have cost me anything.

I'm sure some ambulance chasers (the Subway foot long guys?) will file a class action to overturn the class action waiver

Cheers

Probably meets the standards to be tossed as a contract of adhesion.

Rich

 

[azblackbird]

In some states they may not be able to charge you anything. I know I didn't have to pay in New York. Equifax was the only company that tried to charge me. A few choice words from the AG's office and they changed their tune.

FCRA law dictates that you may receive a free credit report once a year from each of the 3 reporting agencies. I stagger mine and pull one every 4 months from each agency. Companies that charge for their reports are ripping people off.

 

[JGoodish]

My wife's ID was stolen a while back. Have no idea how it happened, but first clue was when credit card that she never applied for arrived.

We had to pay $10 each to the credit bureaus to have a freeze put on her credit file. Then another $10 each to have it unfrozen if needed in the future. That's complete nonsense. It should cost these turkeys nothing to freeze the credit. In some states it's free, but not the one where I live, unless you submit the request with a law enforcement report. In my wife's case, she didn't get one, because what would that accomplish except more bureaucratic paperwork? We just paid the $30 hush money to the credit mob and went on our way.

At least the IRS fraud prevention process was easier, and ironically felt less slimey.

I didn't even know about ChexSystems, and apparently neither did any of the banks which hold our accounts and sent us identity theft "advice" after we notified them of the fraud.

If you have minor children, you have to watch out for their information, too. Even more hush money out of my wallet.


JKG