Photo courtesy of: thehackernews.com/2017/0…
This is pretty amazing. Not a little deal. This information can never be considered secure ever again. I first heard about this on the 7th. I was pretty amazed at the breadth of the breach. Then in the following days reading about the response. Crazy. Equifax is so evil it's not funny. If anyone cares about their credit, has money in a bank, or is expecting taxes back at the end of the year, you should at the very least:
- Sign up for a free credit checking company that monitors any activity.
You may worry about these companies being hacked, but, well it already happened for sure.
Free Credit Monitoring | Credit Karma
Credit Karma offers free, daily credit monitoring in addition to free credit scores. … credit report, we'll send you an alert so you can check for suspicious activity.
Free Credit Monitoring | Protect Your Identity | Credit Sesame
The best free credit report monitoring with a free $50k Identity theft insurance . … a closer eye on yourcredit, to look for and head off potentially fraudulent activity.
- Keep an eye on your bank balance daily. O_o
- Pay attention to the mail you get.
- If your expecting taxes back at the end of the year, file now!!!
- Don't sign up for Equifax's hack checker!
You can also:
- Sign up for a service that aggregates all your accounts for easy daily monitoring.
Mint: Money Manager, Personal Finance, and Budgeting
Mint makes staying on top of your finances a cinch. … From your bank accounts and credit cards to retirement accounts and crunch the numbers as …
- Freeze your credit. More info below.
- Set up a fraud alert. More info below.
- Check your banks security, and anything the you use any of that information for identifying yourself. \
- Use a password manager
- No email or phone password reset for your main email account. Keep your password very complex and MEMORABLE. A long random string of words is good.
- Don't use your phone number and texting as way of validating your id either. With all this information, they can get your phone #. With your phone number and all this information they can steal your phone number and attach it to their phone.
- Read about how to help here: www.vpnmentor.com/blog/u…
Credit Reporting Agency Equifax Reveals Massive Hack
Equifax, the big credit reporting agency, reports that it was hacked in May.
Equifax says they discovered it on July 29, which, by my math, is about six weeks ago.
Equifax security breach leaks personal info of 143 million US consumers
143,000,000 (143m) names, addresses, birth dates, social security numbers and “in some cases” drivers license numbers. An unspecified number of UK and Canadian residents were hit, plus the credit card numbers for 209,000 people and certain dispute documents for 182,000 people in the US.
Adding insult to injury, after breaches like the one that hit Target for info on 40 million people, consumers were offered free credit monitoring through — wait for it — Equifax.
Additionally, Bloomberg reports that three Equifax senior execs, including CFO John Gamble, sold $1.8 million in stock between the time the breach was found and when it was announced today.
The Equifax Hack Conundrum
Will merely checking to see whether you were a victim of the breach waive your right to sue?
Equifax set up a website, Equifaxsecurity2017.com, where you can check whether you've been affected. (And if you are an adult in the U.S., it's a pretty safe bet that you were affected.) The company is also offering a year of free credit monitoring and identity theft protection, called TrustedID, for people who had their info stolen. (Whether such services really work is another matter.) TrustedID also appears to be running the part of Equifaxsecurity2017.com that allows people to see whether they were impacted by the hack.
The problem with using Equifax's free ID protection, though, is that in signing up, you have to agree to terms of service that appear to force you into arbitration and waive the right to participate in any class-action lawsuit against TrustedID, the credit monitoring service. (Arbitration is the technical term for settling a dispute outside of court.)
How Equifax Turned Its Massive Hack Into an Even Worse ‘Dumpster Fire’
The breach itself was bad enough, with class-action lawsuits and Congressional investigations on the table almost immediately. But the company's haphazard response on myriad fronts has given the strong impression of inept leadership, leading security experts like Brian Krebs to refer to the hack's aftermath as a “dumpster fire.”
PSA: no matter what, Equifax may tell you you’ve been impacted by the hack
In what is an unconscionable move by the credit report company, the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.
The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID.
What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted.
It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
A guide to surviving the Equifax data breach (without Equifax’s help)
Step 1: Enroll in Equifax's program (or just move on to step 2)
Equifax's identity protection program, Trusted ID, is being offered to anyone who wants to enroll. The program is designed to help prevent identity theft and tampering with your credit. If you're willing to give Equifax another chance, you can sign up for the program here. But, be aware: the checker that lets you know if you were hacked might be broken and enrolling in the program prevents you from participating in a class-action lawsuit against Trusted ID, but doesn't prevent you from participating in lawsuits related to the cyber attack.
Because of these circumstances, we recommend that, for now, anyone with a credit history should assume they were affected by the hack.
Step 2: Check your credit reports
More than three months passed between the time the breach may have started and now. We're not sure if the data of those affected was used maliciously during that period, so consider looking through your credit reports for any suspicious activity. The US government guarantees everyone a free annual credit report from the three major bureaus — yes, including Experian. You can get those reports here. (UK citizens can find links to credit agencies here.)
When looking through your reports, keep an eye out for new accounts you didn't open, late payments on debts you don't recognize and any other activity that looks unfamiliar.
If you suspect someone used your identity to open credit cards, take on loans, or reopen closed accounts, contact the credit card company's fraud department immediately. You are not responsible for charges made on a fraudulent card, but you have to report the issue in a timely manner. Once you've reported the fraudulent credit, follow this guide to recovering from identity theft.
Step 3: Freeze your credit
It's still early days, so even if your credit report comes back clean, remain vigilant about protecting your credit. One of the most reliable ways to prevent someone from opening credit cards in your name is to place what's called a “credit freeze.”
When you freeze your credit, you (or anyone masquerading as you) will be required to unfreeze your account by providing the PIN you got when you froze your credit.
To freeze your credit, contact each of the credit bureaus using these phone numbers:
The process is usually automated and can be completed within a few minutes. Just be sure to write down your PINs in a secure place.
Step 4: Set a fraud alert
A fraud alert is another way to make it hard for identity thieves to open accounts in your name. When a fraud alert is set, credit card companies will be required to verify your identity before opening an account. That, combined with the credit freeze, is a great way to keep your credit secure.
To set a fraud alert, contact just one of the credit card bureaus and ask for an initial fraud alert. Once the alert is set, it will last 90 days. After that, you'll have to renew it. Here are the appropriate phone numbers for the bureaus (remember, just call one):
Step 5: Repeat the process for your loved ones
Because Equifax is not notifying those affected through direct mail or email, some people will be left without the resources or tech savvy to protect their identities or find out if they were compromised. With that in mind, consider helping your loved ones — especially the elderly without computer access — with the above steps.
Watch out for tax season
It's still to early to know if and how the data exposed in Equifax's breach will be misused, but one major concern comes around during tax season. Identity thieves can use stolen Social Security numbers to file fraudulent tax returns and receive refunds.
Many victims find out they have been targeted in tax fraud when they try to file their taxes — the IRS tells them that their taxes were already filed. One of the best ways to prevent this from happening is to file early. For more, the IRS has an easy-to-follow guide on tax fraud.