Hey everyone! Your name, address, birth date, social security #, and other info is compromised. – Credit Reporting Agency Equifax Reveals Massive Hack

Photo courtesy of: http://thehackernews.com/2017/09/equifax-credit-report-hack.html

This is pretty amazing. Not a little deal. This information can never be considered secure ever again. I first heard about this on the 7th. I was pretty amazed at the breadth of the breach. Then in the following days reading about the response. Crazy. Equifax is so evil it’s not funny. If anyone cares about their credit, has money in a bank, or is expecting taxes back at the end of the year, you should at the very least:

You can also:

  • Sign up for a service that aggregates all your accounts for easy daily monitoring.
  • Freeze your credit. More info below.
  • Set up a fraud alert. More info below.
  • Check your banks security, and anything the you use any of that information for identifying yourself.  \
  • Use a password manager
  • No email or phone password reset for your main email account. Keep your password very complex and MEMORABLE. A long random string of words is good.
  • Don’t use your phone number and texting as way of validating your id either. With all this information, they can get your phone #. With your phone number and all this information they can steal your phone number and attach it to their phone.

 

Credit Reporting Agency Equifax Reveals Massive Hack

http://www.npr.org/2017/09/08/549373796/credit-reporting-agency-equifax-reveals-massive-hack

 

Equifax, the big credit reporting agency, reports that it was hacked in May.

Equifax says they discovered it on July 29, which, by my math, is about six weeks ago.

Equifax security breach leaks personal info of 143 million US consumers

https://www.engadget.com/2017/09/07/equifax-hack-143-million/

143,000,000 (143m) names, addresses, birth dates, social security numbers and “in some cases” drivers license numbers. An unspecified number of UK and Canadian residents were hit, plus the credit card numbers for 209,000 people and certain dispute documents for 182,000 people in the US.

Adding insult to injury, after breaches like the one that hit Target for info on 40 million people, consumers were offered free credit monitoring through — wait for it — Equifax.

Additionally, Bloomberg reports that three Equifax senior execs, including CFO John Gamble, sold $1.8 million in stock between the time the breach was found and when it was announced today.

The Equifax Hack Conundrum
Will merely checking to see whether you were a victim of the breach waive your right to sue?

http://www.slate.com/articles/technology/future_tense/2017/09/victims_of_the_equifax_hack_that_used_the_website_may_not_necessarily_be.html

Equifax set up a website, Equifaxsecurity2017.com, where you can check whether you’ve been affected. (And if you are an adult in the U.S., it’s a pretty safe bet that you were affected.) The company is also offering a year of free credit monitoring and identity theft protection, called TrustedID, for people who had their info stolen. (Whether such services really work is another matter.) TrustedID also appears to be running the part of Equifaxsecurity2017.com that allows people to see whether they were impacted by the hack.

The problem with using Equifax’s free ID protection, though, is that in signing up, you have to agree to terms of service that appear to force you into arbitration and waive the right to participate in any class-action lawsuit against TrustedID, the credit monitoring service. (Arbitration is the technical term for settling a dispute outside of court.)

How Equifax Turned Its Massive Hack Into an Even Worse ‘Dumpster Fire’

http://fortune.com/2017/09/09/equifax-hack-crisis/

The breach itself was bad enough, with class-action lawsuits and Congressional investigations on the table almost immediately. But the company’s haphazard response on myriad fronts has given the strong impression of inept leadership, leading security experts like Brian Krebs to refer to the hack’s aftermath as a “dumpster fire.”

PSA: no matter what, Equifax may tell you you’ve been impacted by the hack

PSA: no matter what, Equifax may tell you you’ve been impacted by the hack

In what is an unconscionable move by the credit report company, the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.

The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID.

What this means is not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.

It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.

 

A guide to surviving the Equifax data breach (without Equifax’s help)

https://www.cnet.com/how-to/a-guide-to-surviving-equifax-data-breach/

Step 1: Enroll in Equifax’s program (or just move on to step 2)

Equifax’s identity protection program, Trusted ID, is being offered to anyone who wants to enroll. The program is designed to help prevent identity theft and tampering with your credit. If you’re willing to give Equifax another chance, you can sign up for the program here. But, be aware: the checker that lets you know if you were hacked might be broken and enrolling in the program prevents you from participating in a class-action lawsuit against Trusted ID, but doesn’t prevent you from participating in lawsuits related to the cyber attack.

Because of these circumstances, we recommend that, for now, anyone with a credit history should assume they were affected by the hack.

Step 2: Check your credit reports

More than three months passed between the time the breach may have started and now. We’re not sure if the data of those affected was used maliciously during that period, so consider looking through your credit reports for any suspicious activity. The US government guarantees everyone a free annual credit report from the three major bureaus — yes, including Experian. You can get those reports here. (UK citizens can find links to credit agencies here.)

When looking through your reports, keep an eye out for new accounts you didn’t open, late payments on debts you don’t recognize and any other activity that looks unfamiliar.

If you suspect someone used your identity to open credit cards, take on loans, or reopen closed accounts, contact the credit card company’s fraud department immediately. You are not responsible for charges made on a fraudulent card, but you have to report the issue in a timely manner. Once you’ve reported the fraudulent credit, follow this guide to recovering from identity theft.

Step 3: Freeze your credit

It’s still early days, so even if your credit report comes back clean, remain vigilant about protecting your credit. One of the most reliable ways to prevent someone from opening credit cards in your name is to place what’s called a “credit freeze.”

When you freeze your credit, you (or anyone masquerading as you) will be required to unfreeze your account by providing the PIN you got when you froze your credit.

To freeze your credit, contact each of the credit bureaus using these phone numbers:

Equifax: 1-800-349-9960
Experian: 1‑888‑397‑3742
TransUnion: 1-888-909-8872
The process is usually automated and can be completed within a few minutes. Just be sure to write down your PINs in a secure place.

Step 4: Set a fraud alert

A fraud alert is another way to make it hard for identity thieves to open accounts in your name. When a fraud alert is set, credit card companies will be required to verify your identity before opening an account. That, combined with the credit freeze, is a great way to keep your credit secure.

To set a fraud alert, contact just one of the credit card bureaus and ask for an initial fraud alert. Once the alert is set, it will last 90 days. After that, you’ll have to renew it. Here are the appropriate phone numbers for the bureaus (remember, just call one):

Equifax: 1-888-766-0008
Experian: 1-888-397-3742
TransUnion: 1-800-680-7289
Step 5: Repeat the process for your loved ones

Because Equifax is not notifying those affected through direct mail or email, some people will be left without the resources or tech savvy to protect their identities or find out if they were compromised. With that in mind, consider helping your loved ones — especially the elderly without computer access — with the above steps.

Watch out for tax season

It’s still to early to know if and how the data exposed in Equifax’s breach will be misused, but one major concern comes around during tax season. Identity thieves can use stolen Social Security numbers to file fraudulent tax returns and receive refunds.

Many victims find out they have been targeted in tax fraud when they try to file their taxes — the IRS tells them that their taxes were already filed. One of the best ways to prevent this from happening is to file early. For more, the IRS has an easy-to-follow guide on tax fraud.

Leave a Reply

Your email address will not be published. Required fields are marked *