Equifax Hacked - 143M US Consumers could be affected

[Svnla]

At least 36 US Senators are demanding answers from Equifax, especially the stock sales prior to the disclosure, and hearings are coming soon.

 

[TheVrolok]

https://www.nytimes.com/2017/09/12/your-money/equifax-fee-waiver.html

The dummies at Equifax will drop credit freeze fees for 30 days. This should've been offered from day one when they had over a month to think about their plans and action. And it falls way short of what's needed. The reporter asks all the right questions anyone with a brain would've asked and the executives at Equifax should've thought of. It just shows you the contempt the executives at Equifax has for you and me.

Good questions asked. I better be getting my 20 bucks back and not have to pay another 10 to change my PINs. These motherfuckers, seriously.

 

[Perknose]

At least 36 US Senators are demanding answers from Equifax, especially the stock sales prior to the disclosure, and hearings are coming soon.

Courageous political stance on their part! I assume that by tomorrow's news cycle they'll be 100, no, 101 Senators on board!

 

[Crono]

Courageous political stance on their part! I assume that by tomorrow's news cycle they'll be 100, no, 101 Senators on board!

At least a couple of them I'd assume are saying that while holding their pockets open for Equifax and/or other finance/Wall street lobbyists to slip some more cash into them, and not just grandstanding.

 

[Skunk-Works]

I didn't read through the entire thread. I have read that if you go to their website and check to see if your Info. was stolen, you will sign away your right to any money from the massive class action lawsuit that's underway. They threw in a clause there that ops you out. What a bunch of scum buckets.

 

[Svnla]

$4 billion is the cost for Equifax (so far) - http://time.com/money/4936732/equifaxs-massive-data-breach-has-cost-the-company-4-billion-so-far

 

[Muse]

You have to request the temporary thaw with your pin. So I have to retrieve my pin numbers out of my safe deposit box and fill out the online form. So it's a small hassle for me and I don't do it unless I really want the product or service. The past 10 years, I probably had to temporary thaw my credit like 3-4 times. One time it was for AT&T Fiber. The rest was when I wanted to open new credit cards for the signup bonus/rewards.

Credit freeze is definitely worth it for the piece of mind. It's the only real protection you have against data breaches like this one and identity thieves.

Doing this requires what? Contacting all 3 credit bureaus and paying them each $10 and getting a PIN from them? I saw somewhere that there's no real guarantee that PINs were not garnered in the data breach.

 

[chimaxi83]

Doing this requires what? Contacting all 3 credit bureaus and paying them each $10 and getting a PIN from them? I saw somewhere that there's no real guarantee that PINs were not garnered in the data breach.

Experian does it for free. Equifax will now do it for free apparently. Transunion is $10 a pop.

 

[ponyo]

Doing this requires what? Contacting all 3 credit bureaus and paying them each $10 and getting a PIN from them? I saw somewhere that there's no real guarantee that PINs were not garnered in the data breach.

When I froze my credit like 10 years ago, I got a PIN from each of the three bureaus in the mail. That's the PIN I have to enter anytime I want to temporarily thaw my credit. I have the paper with the PIN stored in my safe deposit box along with all my other important papers.

I think the problem with the PIN people got after the data breach is it's time stamped and not random. I didn't pay attention on the details since it doesn't affect me but maybe someone can chime in on the problems with the new PINs that were issued after the data breach. Mine is decade old so no one has my PIN except for me.

 

[Exterous]

Mine is decade old so no one has my PIN except for me.

I honestly don't know if this is the case or not but Equifax has to know your PIN for validation right? So its stored with them somewhere and it wouldn't surprise me if that somewhere was in the same stolen information as your SSN, DOB etc

 

[WilliamM2]

Experian does it for free. Equifax will now do it for free apparently. Transunion is $10 a pop.

You can lock it for free at Transunion by signing up for their free identity protection.

https://www.transunion.com/product/trueidentity-free-identity-protection

You supposedly can lock it with Equifax free credit monitoring, but mine says "Failed contact customer support". Customer support has kept me on hold for 4 hours each of the last three evening. Anyone ever actually get through?

 

[Ken g6]

thx.
Experian website sucks. wouldn't allow me to add fraud alert.
"We are unable to honor your request for online access."

Transunion was easy peasy!

I just tried to set up a freeze with Experian. They wanted to verify my identity with stuff from my credit history. Like what bank did I apply to get a car loan from last year? The correct answer is I didn't. Uh, oh!

 

[chimaxi83]

I just tried to set up a freeze with Experian. They wanted to verify my identity with stuff from my credit history. Like what bank did I apply to get a car loan from last year? The correct answer is I didn't. Uh, oh!

That's a trick question and they all do that.

 

[Viper GTS]

The identity questions used to be easily answerable if you knew your own financial history. Lately (like the last year or two) they seem to have pulled in far more and lower quality data than they were working with previously.

Now I get questions like 'Which of the following people have you lived with' and a list of names, some of which I know are previous tenants in the home I rent (due to occasionally seeing their names on mail over the last five years) but with no 'none of the above' option.

I have failed a few of those identity verifications including locking myself out of web access to my social security account. And I know my finances/history pretty well.

Viper GTS

 

[s0me0nesmind1]

https://www.nytimes.com/2017/09/12/your-money/equifax-fee-waiver.html

The dummies at Equifax will drop credit freeze fees for 30 days. This should've been offered from day one when they had over a month to think about their plans and action. And it falls way short of what's needed. The reporter asks all the right questions anyone with a brain would've asked and the executives at Equifax should've thought of. It just shows you the contempt the executives at Equifax has for you and me.

It should be free going forward for the next 5-10 years to say the least. Plenty of people won't even know their information leaked in the next 30 days.

Personally I wouldn't be surprised if Equifax falls because of this.

 

[s0me0nesmind1]

At least 36 US Senators are demanding answers from Equifax, especially the stock sales prior to the disclosure, and hearings are coming soon.

Fuck hearings. Bring them directly to court, not bullshit for them to answer/weasel with. Go directly to jail.

 

[Viper GTS]

Fuck hearings. Bring them directly to court, not bullshit for them to answer/weasel with. Go directly to jail.

Don't be dramatic. We have a legal system for a reason.

It certainly looks suspicious to the layperson, and warrants investigation, but the system is in place to deal with this kind of stuff. Let it do its job.

Viper GTS

 

[IronWing]

Don't be dramatic. We have a legal system for a reason.

It certainly looks suspicious to the layperson, and warrants investigation, but the system is in place to deal with this kind of stuff. Let it do its job.

Viper GTS

Does this mean we have to wait until we get them home to shoot them?

 

[s0me0nesmind1]

Don't be dramatic. We have a legal system for a reason.

It certainly looks suspicious to the layperson, and warrants investigation, but the system is in place to deal with this kind of stuff. Let it do its job.

Viper GTS

Not being dramatic. I'm just not in favor of senate hearings. History has shown anyone that has done so gets off rather easy. I guess I would rather see all information in court recorded formats instead of a senate hearing - which I'm guessing they will sign saying it can't be used against them.

 

[Svnla]

Wanna sue Equifax without any lawyer? - https://finance.yahoo.com/news/equifax-lawsuits-automatically-sue-equifax-160709017.html

 

[ponyo]

The identity questions used to be easily answerable if you knew your own financial history. Lately (like the last year or two) they seem to have pulled in far more and lower quality data than they were working with previously.

Now I get questions like 'Which of the following people have you lived with' and a list of names, some of which I know are previous tenants in the home I rent (due to occasionally seeing their names on mail over the last five years) but with no 'none of the above' option.

I have failed a few of those identity verifications including locking myself out of web access to my social security account. And I know my finances/history pretty well.

Viper GTS

This happened to me as well. They asked me all these loan questions I had no recollection of and with no "none of the above" option. Thankfully none of the fake questionable loans were on my credit report. And there are so many errors on my credit report. Nothing that negatively impacts my credit scores but just plain wrong information I haven't bothered correcting them and don't know if I ever will.

 

[KentState]

I honestly don't know if this is the case or not but Equifax has to know your PIN for validation right? So its stored with them somewhere and it wouldn't surprise me if that somewhere was in the same stolen information as your SSN, DOB etc

The PIN should be hashed (hopefully salted) and not clear text like SSN and DOB. Unfortunately, those pieces of information have to be clear text since they match it to other data sources to build your profile. I sat in a meeting with Exquifax a few months back and the types of profiles that they can build on people is staggering. Everything from linking shopping activities, utility payments, education and job databases.

 

[Exterous]

The PIN should be hashed (hopefully salted)

Sure and the PIN should also not be based on the time stamp of when you generate it. They probably should have created a subdomain instead of a dodgy looking third party site. SSL certs should generally have organization information filled out. Their data breach detector should probably work correctly (http://www.zdnet.com/article/we-tested-equifax-data-breach-checker-it-is-basically-useless/)

I expect we'll see other glaring gaps between how things should have been done and how they were actually done. (For example - if the rumors are true that the attackers got in through Apache Struts my money is on Equifax improperly patching their servers)

 

[theknight571]

Does anyone else think this is a marketing ploy for the 4 credit monitoring services?

Did the credit "services" collude to generate this panic? Equifax being chosen to take any hit there might be. I mean, most likely, punishment will be minimal if any, but between freeze fees and new monitoring signups, all of them stand to make a crap load of money from this.

 

[Viper GTS]

Does anyone else think this is a marketing ploy for the 4 credit monitoring services?

Did the credit "services" collude to generate this panic? Equifax being chosen to take any hit there might be. I mean, most likely, punishment will be minimal if any, but between freeze fees and new monitoring signups, all of them stand to make a crap load of money from this.

IMO the other three are probably terrified right now. They're probably glad it didn't happen to them, but the increased scrutiny/regulation/public hatred is not going to be good for them. I don't think there's any way this is a net positive for any of them.

Viper GTS