There are 3 sentences in my post.
Some suspicious is going on here (Equifax breach) 143 million people could be affected
Now Is A Really Good Time To Freeze Your Credit. Here's How.
Call not just one, but all three credit reporting agencies. Protect your PIN. "At this point it's the prudent course."
Posted on September 8, 2017, at 5:00 p.m.
Matthew Zeitlin
"I would have never thought that credit freezes are worth the hassle for us," Liz Weston, a financial planner and columnist at NerdWallet, told BuzzFeed News. "But at this point it's the prudent course."
The credit bureau Equifax disclosed Thursday that a massive hack had exposed the personal information of up to 143 million people, which would be about two-thirds of all credit card holders, according to Chi Chi Wu, an attorney at the National Consumer Law Center.
"There are so many entities who need to check your credit: when you're renting an apartment, getting insurance, a new cell phone, utilities," Weston said. "But at this point the breach is so great" that taking measures to safeguard your identity is worth it.
Requesting a credit freeze prevents thieves from using your identity to get loans or credit cards in your name, even if your personal information was compromised by the hack. You essentially pay to bar each of three credit reporting agencies — Equifax, TransUnion, and Experian — from providing a credit report without both your explicit permission and a personal identification number (PIN) that temporarily lifts the freeze. (Freezes do not affect financial institutions or companies you have an existing relationship with, only new ones.)
A consumer has to pay to institute the freeze with each of the three agencies -- which typically costs around $10 -- as well as to lift the freeze each time, which is why people don't tend to get them until after they've been the victim of a major breach or identity theft.
"We think it’s a good idea for anyone who’s concerned about ID theft especially in light of this breach," Wu said.
Here's how you freeze your credit:
Equifax is offering a free service, TrustedID Premier, for one year to those affected by the breach, but this only provides a "lock" for Equifax (it merely monitors your information with all three agencies, alerting customers after suspicious activity has occurred). "A credit freeze with only one bureau is incomplete protection," Litt said. Consumer experts recommended getting a freeze with all three agencies.
https://www.buzzfeed.com/matthewzei...it-heres-how?utm_term=.ca1md248N9#.hnMJB3mqVx
Call not just one, but all three credit reporting agencies. Protect your PIN. "At this point it's the prudent course."
Posted on September 8, 2017, at 5:00 p.m.
Matthew Zeitlin
"I would have never thought that credit freezes are worth the hassle for us," Liz Weston, a financial planner and columnist at NerdWallet, told BuzzFeed News. "But at this point it's the prudent course."
The credit bureau Equifax disclosed Thursday that a massive hack had exposed the personal information of up to 143 million people, which would be about two-thirds of all credit card holders, according to Chi Chi Wu, an attorney at the National Consumer Law Center.
"There are so many entities who need to check your credit: when you're renting an apartment, getting insurance, a new cell phone, utilities," Weston said. "But at this point the breach is so great" that taking measures to safeguard your identity is worth it.
Requesting a credit freeze prevents thieves from using your identity to get loans or credit cards in your name, even if your personal information was compromised by the hack. You essentially pay to bar each of three credit reporting agencies — Equifax, TransUnion, and Experian — from providing a credit report without both your explicit permission and a personal identification number (PIN) that temporarily lifts the freeze. (Freezes do not affect financial institutions or companies you have an existing relationship with, only new ones.)
A consumer has to pay to institute the freeze with each of the three agencies -- which typically costs around $10 -- as well as to lift the freeze each time, which is why people don't tend to get them until after they've been the victim of a major breach or identity theft.
"We think it’s a good idea for anyone who’s concerned about ID theft especially in light of this breach," Wu said.
Here's how you freeze your credit:
- You need to request a freeze with each reporting agency (Experian, TransUnion, Equifax), which will ask you to submit your information online, which can include your full name, address, past addresses for two years, email address, a copy of a government ID, a bill, and Social Security number. If you have a police report that entitles you to a free freeze, it may need to be submitted in writing.
- You will then be issued a PIN from each reporting agency that you will need to use to lift the freeze in the event that you want someone to look up your credit report
- This PIN is incredibly important — credit checks are necessary to get a loan, credit card, cell phone, or apartment while you have freeze instituted — and should be kept somewhere secure, like a password manager.
- Freezes can be lifted online or over the phone with the agency that is being used to look up your credit report.
Equifax is offering a free service, TrustedID Premier, for one year to those affected by the breach, but this only provides a "lock" for Equifax (it merely monitors your information with all three agencies, alerting customers after suspicious activity has occurred). "A credit freeze with only one bureau is incomplete protection," Litt said. Consumer experts recommended getting a freeze with all three agencies.
https://www.buzzfeed.com/matthewzei...it-heres-how?utm_term=.ca1md248N9#.hnMJB3mqVx
Here are the numbers to freeze y0ur credit. It was reported on CNBC that no one should apply for the free credit monitoring service because it excludes you from any class action lawsuit. I already placed freezes on my credit.
Equifax
1-800-685-1111
Experian
1-888-397-3742
Transunion
888-909-8872
https://www.cnet.com/how-to/a-guide...ving-equifax-data-breach/#ftag=CAD-09-10aai5b
https://www.cnet.com/how-to/a-guide-to-surviving-equifax-data-breach/#ftag=CAD-09-10aai5b
https://www.cnet.com/how-to/a-guide-to-surviving-equifax-data-breach/#ftag=CAD-09-10aai5b
Equifax
1-800-685-1111
Experian
1-888-397-3742
Transunion
888-909-8872
https://www.cnet.com/how-to/a-guide...ving-equifax-data-breach/#ftag=CAD-09-10aai5b
https://www.cnet.com/how-to/a-guide-to-surviving-equifax-data-breach/#ftag=CAD-09-10aai5b
https://www.cnet.com/how-to/a-guide-to-surviving-equifax-data-breach/#ftag=CAD-09-10aai5b
Last edited:
Isn't that implied? I had equifax, I switched to Experian, and I'm waiting for the day when Experian has to do the same dance. If you didn't get that, that's an indictment on you
The security check these companies are using to verify your identity is a joke.
Coupled this with loose credit and you have a recipe for mamas ole fashion credit bubble. What's funny is the banks know a significant portion of their accounts are fraudulent.
Last edited:
Be careful folx...these are some dirty cacs.
Signing up for Equifax's help site could mean you're waiving your right to a class-action lawsuit
http://www.businessinsider.com/equi...se-waive-right-to-class-action-lawsuit-2017-9
Were you affected by the Equifax data breach? One click could cost you your rights in court
https://www.cnbc.com/2017/09/08/wer...lick-could-cost-you-your-rights-in-court.html
Are you an Equifax breach victim? You could give up right to sue to find out
https://arstechnica.com/tech-policy...im-you-must-give-up-right-to-sue-to-find-out/
Explains why it took them so long to announce the breach. (2 months!)
Lawyers in a think tank working out the details to make a profit from this bullshit.
Huh? Free credit monitoring has been around for a while. The consumer protection bureau has been doing Gods work for the last couple years. Your entitled to a free credit report. There are 3 credit agencies. Back in the day I would run my free credit every 4 months alternating between the 3. With the free credit report, you have the ability to become a member. They would charge you $7 for the first 3 months and then it would be raised to $19. But if you called them, they would drop it down to $12.
and as stated above... not be sued out of business.
So let's see:
1. equifax execs make a 1.8 million in stock trades by delaying the announcement of the breach.
2. After announcement, they decide to fix their mistakes by offering "free" one year monitoring services, but you have to provide a credit card to get it.
3. after the year is up, you have to pay for the service AND give up your rights to sue.
To think, this is what business deregulation truly looks like.
This is America! True capitalism is having to be accountable for fraud accounts. We will get there in 18 months. These corporations are begging to have their ceos beheaded.
????? Don't all three of the major ones already have all of your information??...ain't that how they rate you??? how places run your credit???
.
LMAO...Yes, they basically do.
It took 2 pages and someone else explaining for him? Sorry, not buying it.
I think I was one of those breaches.
My bank kept saying a vendor I used in the past data was compromised. They wouldn't say who.
My bank kept saying a vendor I used in the past data was compromised. They wouldn't say who.
Equifax finally responds to swirling concerns over consumers’ legal rights
By Brian Fung September 8 at 7:52 PM
Play Video 1:59
What should you do after the Equifax hack?
Update: Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.
Sharp-eyed social media users have combed through the Equifax data breach site's fine print — and found what they argue is a red flag.
Buried in the terms of service is language that appears to bar those who enroll in an Equifax credit monitoring program from participating in any class-action lawsuits that may arise from the incident. Here's the relevant passage of the terms of service:
The Switch newsletter
The day's top stories on the world of tech.
AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
This language is commonly known in the industry as an “arbitration clause.” In theory, arbitration clauses are meant to streamline the amount of work that's dumped onto the court system. But the Consumer Financial Protection Bureau concluded in the summer arbitration that clauses do more harm to consumers than good — and the agency put in place a rule to ban them.
“In practice, companies use these clauses to bar groups of consumers from joining to seek justice by vindicating their legal right,” Richard Cordray, the CFPB’s director, told reporters in July, according to my colleague Jonnelle Marte.
Here's a further look into why the language raised concerns.
Why is arbitration a big deal?
There is already at least one class-action suit brewing against Equifax. Arbitration clauses make it hard if not impossible for consumers to join such suits. Arbitration is weaker than class-action suits, critics say, because it limits consumers’ ability to find facts to support their case, to appeal decisions or to present their case before a jury.
If the government is moving to bar arbitration clauses, then why is one in there?
Despite the CFPB's move to ban arbitration clauses, the rule has not yet gone into effect, according to the agency. That won't happen until Sept. 18, the CFPB said. What's more, the rule doesn't work retroactively, meaning the Equifax legalese would not be covered anyway. The ban only affects contracts made after March 19, 2018, six months after the rule takes effect.
The CFPB said earlier Friday Equifax's arbitration clause was “troubling” and the agency is investigating the data breach and Equifax's response.
“Equifax could remove this clause so consumers can receive this service without condition,” the CFPB said in a statement.
The future of the ban is itself in doubt; just after the CFPB approved the rule, House lawmakers voted to repeal it. The motion to repeal must still be voted on by the Senate and signed by President Trump to become official, but if it does, then the CFPB's regulation could be nixed.
Friday afternoon, New York Attorney General Eric Schneiderman took aim at Equifax's arbitration clause, tweeting his staff has contacted the company urging it to remove that part of the fine print.
“This language is unacceptable and unenforceable,” the state's top lawyer said in his tweet. Minutes later, Schneiderman's office announced a formal probe into the Equifax breach. In a release, the state attorney general's office said Schneiderman had sent a letter to Equifax asking for more information. Among the questions were whether any consumer information has found its way to the “black market,” according to a person familiar with the investigation.
A spokesperson for Schneiderman declined to comment on whether officials were investigating the sale of company stock by Equifax executives before the discovery of the hack.
So should I register with the Equifax site, or not?
It's up to you, but you should know going into the process what you're signing up for. Equifax issued a statement Friday evening apologizing for consumers' inconvenience and said the arbitration clause and class-action waiver “does not apply to this cybersecurity incident.”
View image on Twitter
Follow
Brian Fung
✔@b_fung
Equifax sends a statement apologizing for consumers' inconvenience in trying to get support
6:48 PM - Sep 8, 2017
Twitter Ads info and privacy
This language may appear to limit Equifax's ability to block class-action lawsuits, said Joel Winston, a former deputy attorney general for the state of New Jersey and a privacy and data protection lawyer — but don't get complacent.
“Just because someone in the marketing department wrote that the terms of service don't apply to the cybersecurity incident means nothing compared to the contractual obligations of the terms of use,” he said.
“If you look back at the TrustedID terms of use, the last paragraph says 'entire agreement between us,' which basically reiterates that the terms of service is the entire agreement and anything else you read on the website have no applicability.”
The most we can say, Winston said, is you are not bound by any of Equifax's terms of use if you do not engage the company at all.
Meanwhile, there's something else you should know if you do decide to use Equifax's website to check if you were affected.
The site demands even more information from you to prove your identity.
To make sure the person checking the database is really you, Equifax's data breach site asks for your last name and the final six digits of your Social Security number. This is extremely unusual. While the site is legitimate, that you must volunteer more of what would otherwise be private information may not inspire much confidence.
Is there anything else I can do?
You can still monitor your own credit by obtaining a copy of your credit report. Every year, you can request a free copy of your report from each of the three major credit reporting agencies. This means you can effectively check your credit free every four months or so. You can also put a proactive freeze on your credit, which will prevent unauthorized use.
https://www.washingtonpost.com/news...s-data-breach-website/?utm_term=.4f138925b9d6
By Brian Fung September 8 at 7:52 PM
Play Video 1:59
What should you do after the Equifax hack?
Update: Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.
Sharp-eyed social media users have combed through the Equifax data breach site's fine print — and found what they argue is a red flag.
Buried in the terms of service is language that appears to bar those who enroll in an Equifax credit monitoring program from participating in any class-action lawsuits that may arise from the incident. Here's the relevant passage of the terms of service:
The Switch newsletter
The day's top stories on the world of tech.
AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
This language is commonly known in the industry as an “arbitration clause.” In theory, arbitration clauses are meant to streamline the amount of work that's dumped onto the court system. But the Consumer Financial Protection Bureau concluded in the summer arbitration that clauses do more harm to consumers than good — and the agency put in place a rule to ban them.
“In practice, companies use these clauses to bar groups of consumers from joining to seek justice by vindicating their legal right,” Richard Cordray, the CFPB’s director, told reporters in July, according to my colleague Jonnelle Marte.
Here's a further look into why the language raised concerns.
Why is arbitration a big deal?
There is already at least one class-action suit brewing against Equifax. Arbitration clauses make it hard if not impossible for consumers to join such suits. Arbitration is weaker than class-action suits, critics say, because it limits consumers’ ability to find facts to support their case, to appeal decisions or to present their case before a jury.
If the government is moving to bar arbitration clauses, then why is one in there?
Despite the CFPB's move to ban arbitration clauses, the rule has not yet gone into effect, according to the agency. That won't happen until Sept. 18, the CFPB said. What's more, the rule doesn't work retroactively, meaning the Equifax legalese would not be covered anyway. The ban only affects contracts made after March 19, 2018, six months after the rule takes effect.
The CFPB said earlier Friday Equifax's arbitration clause was “troubling” and the agency is investigating the data breach and Equifax's response.
“Equifax could remove this clause so consumers can receive this service without condition,” the CFPB said in a statement.
The future of the ban is itself in doubt; just after the CFPB approved the rule, House lawmakers voted to repeal it. The motion to repeal must still be voted on by the Senate and signed by President Trump to become official, but if it does, then the CFPB's regulation could be nixed.
Friday afternoon, New York Attorney General Eric Schneiderman took aim at Equifax's arbitration clause, tweeting his staff has contacted the company urging it to remove that part of the fine print.
“This language is unacceptable and unenforceable,” the state's top lawyer said in his tweet. Minutes later, Schneiderman's office announced a formal probe into the Equifax breach. In a release, the state attorney general's office said Schneiderman had sent a letter to Equifax asking for more information. Among the questions were whether any consumer information has found its way to the “black market,” according to a person familiar with the investigation.
A spokesperson for Schneiderman declined to comment on whether officials were investigating the sale of company stock by Equifax executives before the discovery of the hack.
So should I register with the Equifax site, or not?
It's up to you, but you should know going into the process what you're signing up for. Equifax issued a statement Friday evening apologizing for consumers' inconvenience and said the arbitration clause and class-action waiver “does not apply to this cybersecurity incident.”
View image on Twitter
Follow
Brian Fung ✔@b_fung
Equifax sends a statement apologizing for consumers' inconvenience in trying to get support
6:48 PM - Sep 8, 2017
Twitter Ads info and privacy
This language may appear to limit Equifax's ability to block class-action lawsuits, said Joel Winston, a former deputy attorney general for the state of New Jersey and a privacy and data protection lawyer — but don't get complacent.
“Just because someone in the marketing department wrote that the terms of service don't apply to the cybersecurity incident means nothing compared to the contractual obligations of the terms of use,” he said.
“If you look back at the TrustedID terms of use, the last paragraph says 'entire agreement between us,' which basically reiterates that the terms of service is the entire agreement and anything else you read on the website have no applicability.”
The most we can say, Winston said, is you are not bound by any of Equifax's terms of use if you do not engage the company at all.
Meanwhile, there's something else you should know if you do decide to use Equifax's website to check if you were affected.
The site demands even more information from you to prove your identity.
To make sure the person checking the database is really you, Equifax's data breach site asks for your last name and the final six digits of your Social Security number. This is extremely unusual. While the site is legitimate, that you must volunteer more of what would otherwise be private information may not inspire much confidence.
Is there anything else I can do?
You can still monitor your own credit by obtaining a copy of your credit report. Every year, you can request a free copy of your report from each of the three major credit reporting agencies. This means you can effectively check your credit free every four months or so. You can also put a proactive freeze on your credit, which will prevent unauthorized use.
https://www.washingtonpost.com/news...s-data-breach-website/?utm_term=.4f138925b9d6
https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do
The Equifax Data Breach: What to Do
SHARE THIS PAGE
September 8, 2017
by
Seena Gressin
Attorney, Division of Consumer & Business Education, FTC
If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.
Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.
There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com.
The Equifax Data Breach: What to Do
SHARE THIS PAGE
September 8, 2017
by
Seena Gressin
Attorney, Division of Consumer & Business Education, FTC
If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.
Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.
There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com.
- Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
- Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll.
- You also can access frequently asked questions at the site.
- Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
- Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
- Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
- If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
- File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
https://www.techdirt.com/articles/2...isaster-will-almost-certainly-get-worse.shtml
Equifax Security Breach Is A Complete Disaster... And Will Almost Certainly Get Worse
from the hang-on... dept
Okay, chances are you've already heard about the massive security breach at Equifax, that leaked a ton of important data on potentially 143 million people in the US (basically the majority of adults in America). If you haven't, you need to pay more attention to the news. I won't get into all the details of what happened here, but I want to follow a few threads:
First, Equifax had been sitting on the knowledge of this breach since July. There is some dispute over how quickly companies should disclose breaches, and it makes sense to give companies at least some time to get everything in order before going public. But here it's not clear what Equifax actually did. The company has seemed almost comically unprepared for this announcement in so many ways. Most incredibly, the site that Equifax set up for checking if your data has been compromised (short answer: yeah, it almost certainly was...) was on a consumer hosting planusing a free shared SSL certificate, a funky domain and an anonymous Whois record. And, incredibly, it asked you for most of your Social Security Number. In short, it's set up in a nearly identical manner to a typical phishing site. Oh and it left open the fact that the site had only one user -- "Edelman" -- the name of a big PR firm.
Not surprisingly, it didn't take long for various security tools to warn that the site wasn't safe.
And, when Equifax pushed people to its own "TrustedID" program to supposedly check to see if you were a victim of its own failures... it just started telling everyone yes no matter what info they put in:
So, yeah, what the hell did Equifax do during those six weeks it had to prepare? Oh, well, a few of its top execs used the delay to sell off stock, which may put them in even more hot water (of the criminal variety). Also, just days before it revealed the breach, and long after it knew of it, the company was talking up how admired its CEO is. This is literally the last tweet from Equifax prior to tweeting about the breach (screenshotted, because who knows how long it'll last):
I can't see any scenario under which Smith keeps his job. And it seems likely that many other execs are going to be in trouble as well. Beyond the possible insider trading above, there's already scrutiny on its corporate VP and Chief Legal Officer, John J. Kelley, who made $2.8 million last year and runs the company's "security, compliance, and privacy" efforts.
And despite six weeks to prepare for this, the following was Equifax's non-apology:
We apologize to our consumers and business customers for the concern and frustration this causes.
That's a classic non-apology. It's not apologizing for its own actions. It's not apologizing for the total mess it's created. It's just apologizing if you're "concerned and frustrated."
Oh, and did we mention that the very morning of the day that Equifax announced the breach, it tweeted out about a newsletter it published about how "safeguarding valuable customer data is critical." Really (again, screenshotted in case this disappears):
What the fuck, Equifax? Should we even mention that Equifax has been a key lobbying forceagainst data breach bills? Those bills have some problems... but, really, it's not a good look following all of this.
And while there was some concern that signing up to check to see if you were a victim (again: look, you probably were...) would force you out of being a part of any class action lawsuit, that's since been "clarified" to not apply to any class action lawsuits over the breach. And you better believe that the company is going to be facing one heck of a class action lawsuit (a bunch are being filed, but they'll likely be consolidated).
That's all background of course. What I really wanted to discuss is how this will almost certainly get worse before it gets better. More than twelve years ago, I wrote that every major data breach is later revealed to be worse than initially reported on. This has held true for years and years. The initial analysis almost always underplays how serious the leak is or how much data is leaked. Stay tuned, because there's a very high likelihood we'll find out that either more people were impacted or that more sensitive information is out there.
And that should be a major concern, because what we already know here is stunning. As Michael Hiltzik at the LA Times noted, this is the mother lode of data if you want to commit all sorts of fraud:
The data now at large includes names, Social Security numbers, birthdates, addresses and driver’s license numbers, all of which can be used fraudulently to validate the identity of someone trying to open a bank or credit account in another person’s name.
In some cases, Equifax says, the security questions and answers used on some websites to verify users’ identity may also have been exposed. Having that information in hand would allow hackers to change their targets’ passwords and other account settings.
Other data breaches may have been bigger in terms of total accounts impacted, but it's hard to see how any data breach could have been this damaging. For over a decade, we've pointed out that credit bureaus like Equifax are collecting way too much data, with zero transparency. In fact, back in 2005, we wrote about Equifax itself saying that it was "unconstitutional and un-American" to let people know what kind of information Equifax had on them. The amount of data that Equifax and the other credit bureaus hold is staggering -- and as this event shows, they don't seem to have much of a clue about how to actually secure it.
At some point, we need to rethink why we've given Equifax, Experian and TransUnion so much power over so much of our everyday lives. You can't opt-out. They collect most of their data without us knowing and in secret. You can't avoid them. And now we know that at least one of them doesn't know how to secure that data.
https://www.techdirt.com/articles/2...isaster-will-almost-certainly-get-worse.shtml
Equifax Security Breach Is A Complete Disaster... And Will Almost Certainly Get Worse
from the hang-on... dept
Okay, chances are you've already heard about the massive security breach at Equifax, that leaked a ton of important data on potentially 143 million people in the US (basically the majority of adults in America). If you haven't, you need to pay more attention to the news. I won't get into all the details of what happened here, but I want to follow a few threads:
First, Equifax had been sitting on the knowledge of this breach since July. There is some dispute over how quickly companies should disclose breaches, and it makes sense to give companies at least some time to get everything in order before going public. But here it's not clear what Equifax actually did. The company has seemed almost comically unprepared for this announcement in so many ways. Most incredibly, the site that Equifax set up for checking if your data has been compromised (short answer: yeah, it almost certainly was...) was on a consumer hosting planusing a free shared SSL certificate, a funky domain and an anonymous Whois record. And, incredibly, it asked you for most of your Social Security Number. In short, it's set up in a nearly identical manner to a typical phishing site. Oh and it left open the fact that the site had only one user -- "Edelman" -- the name of a big PR firm.
Not surprisingly, it didn't take long for various security tools to warn that the site wasn't safe.
And, when Equifax pushed people to its own "TrustedID" program to supposedly check to see if you were a victim of its own failures... it just started telling everyone yes no matter what info they put in:
So, yeah, what the hell did Equifax do during those six weeks it had to prepare? Oh, well, a few of its top execs used the delay to sell off stock, which may put them in even more hot water (of the criminal variety). Also, just days before it revealed the breach, and long after it knew of it, the company was talking up how admired its CEO is. This is literally the last tweet from Equifax prior to tweeting about the breach (screenshotted, because who knows how long it'll last):
I can't see any scenario under which Smith keeps his job. And it seems likely that many other execs are going to be in trouble as well. Beyond the possible insider trading above, there's already scrutiny on its corporate VP and Chief Legal Officer, John J. Kelley, who made $2.8 million last year and runs the company's "security, compliance, and privacy" efforts.
And despite six weeks to prepare for this, the following was Equifax's non-apology:
We apologize to our consumers and business customers for the concern and frustration this causes.
That's a classic non-apology. It's not apologizing for its own actions. It's not apologizing for the total mess it's created. It's just apologizing if you're "concerned and frustrated."
Oh, and did we mention that the very morning of the day that Equifax announced the breach, it tweeted out about a newsletter it published about how "safeguarding valuable customer data is critical." Really (again, screenshotted in case this disappears):
What the fuck, Equifax? Should we even mention that Equifax has been a key lobbying forceagainst data breach bills? Those bills have some problems... but, really, it's not a good look following all of this.
And while there was some concern that signing up to check to see if you were a victim (again: look, you probably were...) would force you out of being a part of any class action lawsuit, that's since been "clarified" to not apply to any class action lawsuits over the breach. And you better believe that the company is going to be facing one heck of a class action lawsuit (a bunch are being filed, but they'll likely be consolidated).
That's all background of course. What I really wanted to discuss is how this will almost certainly get worse before it gets better. More than twelve years ago, I wrote that every major data breach is later revealed to be worse than initially reported on. This has held true for years and years. The initial analysis almost always underplays how serious the leak is or how much data is leaked. Stay tuned, because there's a very high likelihood we'll find out that either more people were impacted or that more sensitive information is out there.
And that should be a major concern, because what we already know here is stunning. As Michael Hiltzik at the LA Times noted, this is the mother lode of data if you want to commit all sorts of fraud:
The data now at large includes names, Social Security numbers, birthdates, addresses and driver’s license numbers, all of which can be used fraudulently to validate the identity of someone trying to open a bank or credit account in another person’s name.
In some cases, Equifax says, the security questions and answers used on some websites to verify users’ identity may also have been exposed. Having that information in hand would allow hackers to change their targets’ passwords and other account settings.
Other data breaches may have been bigger in terms of total accounts impacted, but it's hard to see how any data breach could have been this damaging. For over a decade, we've pointed out that credit bureaus like Equifax are collecting way too much data, with zero transparency. In fact, back in 2005, we wrote about Equifax itself saying that it was "unconstitutional and un-American" to let people know what kind of information Equifax had on them. The amount of data that Equifax and the other credit bureaus hold is staggering -- and as this event shows, they don't seem to have much of a clue about how to actually secure it.
At some point, we need to rethink why we've given Equifax, Experian and TransUnion so much power over so much of our everyday lives. You can't opt-out. They collect most of their data without us knowing and in secret. You can't avoid them. And now we know that at least one of them doesn't know how to secure that data.
https://www.techdirt.com/articles/2...isaster-will-almost-certainly-get-worse.shtml
This only alerts you after someone steals your identity. A credit freeze will block anyone trying to pull your credit until you lift the freeze.
That's one way to look at it. Another way is that it took you 2 pages to get what my original post meant.
I don't like your politics fuck I look like explaining myself to you.
