Equifax announced that they were hacked between May-July 2017, exposing the personal information of potentially over 143 million people. As one of the three major credit bureaus, they have a lot of data: credit card numbers, social security numbers, birth dates, addresses, and driver’s license numbers. Essentially, everything you need for identity fraud.
Equifax has a Potential Impact Tool that lets you check if they believe your information has been exposed. You must provide your last name and the last six digits of your Social Security number. It seems that unless they say “you’re not affected”, then you should assume you were affected. No matter what, they are offering everyone a free year of Equifax TrustedID Premier service, which includes:
- 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports
- copies of your Equifax credit report
- the ability to lock and unlock your Equifax credit report
- identity theft insurance
- Internet scanning for Social Security numbers
They’ll give you a date and you’ll need to come back to activate. I suppose they need to make a queue with that many new “customers”. Equifax also set up a dedicated call center at 866-447-7559, open 7 days a week, 7am–1am Eastern time.
So the business that gets to collect all my personal data (and then charge me for a credit score based on that data) lost my data, and as an apology gives me a temporary subscription to their own identity protection service (which people pay for because… their data gets hacked). Does anyone else feel like there needs to be more of an incentive not to get hacked? This benefit only lasts for a year, so you may want to sign up for other free credit monitoring services. Also see the Big List of Free Consumer Reports on how to get a free full copy of your credit and other consumer reports.
This is a bunch of crap. They “think” my information may have been compromised, yet my enrollment doesn’t start until 9/13/2017. Today is 9/8/2017. I foresee a whole lot of lawsuits in the future…….
Given the data that the credit bureaus have on everyone, this huge breach is very concerning. I think the best course of action for practically everyone is to freeze their credit reports at each of the three bureaus. With the credit monitoring typically offered when a breach occurs, you can receive timely notification that someone has successfully stolen your identity and opened credit in your name. With a freeze, the identity thief can’t open credit in your name. Unfortunately, there is a nominal charge ($10 in my state) to do the initial freeze and then again to temporarily or permanently “unfreeze” when you want a financial institution to access your report when you apply for credit. When I refinanced my mortgage last year, I had to pay $60 to unfreeze the credit reports for both my wife and me at each of the three bureaus. This was after paying $60 at some prior date to freeze our credit in the first place. I viewed these as unfortunate but necessary expenses. I hope that this breach causes federal and state lawmakers to pass laws to eliminate these fees. I plan to contact my representatives.
Here’s a site information about credit freezes: http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/
My personal information has been stolen so many times I’ve lost count. It’s apparent to me at this point that we can never find and fix all the exploitable vulnerabilities of the internet and the devices that communicate over it. And even if we did, hackers still have a fairly reliable threat vector in the people working for these companies, who are exploitable through phishing, social engineering, etc.
The fact that we identify ourselves by a unique number that we’re supposed to keep secret so nobody else can assume our identity seems silly in this day and age. Let’s hope someone devises a better way soon.
FYI, signing up for Equifax TrustedID Premier service waives the right to sue Equifax
From Techcrunch:
https://techcrunch.com/2017/09/07/equifax-data-breach-help-site-leaves-consumers-with-more-questions-than-answers
“The site’s terms of service seem to state that by agreeing to use this service, the user is waving their rights to bring a class action lawsuit against Equifax.”
I saw that, I am not a lawyer but it would seem to mean in terms of using that TrustedID Premier service. I don’t see how they could get you to waive your right to sue Equifax for any reason, for all time.
Another day, another data breach!!! This is a sad reality of the digital age. These companies must do better to protect personal data. And these companies should be better regulated by state/fed gov. to ensure that they are up for that. As citizens, we should make these companies accountable for their incompetency.
All of us on here say one thing, but then do another.
Obviously we believe that any for-profit service like the Credit Data business, should be at the mercy of the consumers and “we the people” should hold corporate “incompetence accountable,” as Friend you said above.
But then what do we all turn around and do?
We actively volunteer more private info into more “programs” and thereby we feed the faulty system with more of our business and economic SUPPORT.
Many of you have probably heard the history of why the whole basis is wrongful use of the Social Security numbers… that basically it was NEVER supposed to be used as an individual identifier or data marker. IT is only for use by federal SS agency for accounting each person’s funds via IRS over many years thru their lifetime. But it also happened to be a convenient and profitable unique number that was abused by the financial industry to lower their own risks and lending and begin the data collection friend that is now an industry of its own with our data constantly saw that a profit between the major US corporations
If we really wanted to we could’ve ended this abuse of the Social Security number by the lending banking industry. Just don’t provide it.
We all know that our demand for any product is the economic force that reshapes commerce and industry. If the Credit industry LOST some users and subscribers – at even a fraction % of the millions of us who were hacked- it would force the flawed CR empire to FIX its problems or otherwise fade among fixtures of the past.
We all know that any consumer demand even at a minuscule amount will push out market diversity and novelty emerging to meet our financial needs
For almost 5 years we Americans keep making excuses for staying trapped in this system. We Convince ourselves that we “need” the culprit or fear we “can’t survive” without following these directions given by an irresponsible abusive industry — Consistently we get punished and our families are actually harmed with the stress and time and money after these “BREACHES” – did we forget that this is our OWN data that WE provided with good intention… we filled and signed forms eagerly, trying to appear cooperative and expecting to receive a “good pet” treat for silent obedience.
As a former DV survivor I am seeing all of us behave typical VICTIMS mentality. We feel powerless… we are angry and bitter with complaints about how terrible it all is. But blind to truth! It is totally the opposite! As American consumers, WE choose.. we chose every successful business and businessman. We control the fate of our income going into OUR chosen investments.
And we’re not just victims, at this point nobody can count how many times and how many of us were beaten up— in breaches and hacks and identity thefts and chargebacks and signing up for “credit ____” .com websites for endless alerts and monitoring (ahem.. Shouldn’t the credit data collection agencies be the ones monitoring the use of that data? Instead of off shooting associated and third-party companies to take advantage of this massive demand for service!)
While we were complaining to each other about each brutal hit, we were looking the other way. We are guilty of self harm. We are enablers and inexplicably became our own abusers.
Just like an alcoholic that drinks to stupor and gets behind the wheel while other bar patrons watch. They include someone who will lose a loved one when there is a fatal accident by drunk driver. It took far too much courage to simply break out of our shells to interact with a stranger and to drive them home. We instead wallow in self pity at the loss of another life to drink driving. That is classic enabling.
Perhaps not ALL of us, but most likely YOU as well as myself who are reading this, you’re supporting more misconduct. RIGHT NOW You are enrolling voluntarily to be controlled again by your abuser who has apologized and promised to make it up to you if you’ll just stay in the relationship and trust them one more time.
Don’t support it. Believe in your ability to survive and thrive without submitting your SSN. All throughout history WITHOUT SSN people had loans, financed purchases, paid interest, had homes and mortgages.
Don’t sign up to renew your relationship with Equifax. Don’t tell them you’d like “another beating, please.” There are SOO so many better ways for LENDERS to identify borrowers’ accounts. And there are plenty of other ways for humans to apply to demonstrate they have financial and or ethical responsible~ability.
As a final reminder, your Social Security number was never issued for use as a mandatory identifier for the banking industry. It is illegal(!) for a landlord or dealer to refuse you the opportunity for application, if you are otherwise eligible to apply, without any valid need for your SSN. It is NOT a form of ID. your birth certificate and passport are forms of ID. The SS is an ACCOUNT number just like the credit card number your identity thief applied for in your name.
Don’t enable the abuse. Refuse to let any harmful practices grow into more profitable sub industries. Trust and stay positive that the Economy WILL change to accommodate your best interests, because economy always depends on you and me to support it.
In the end the lender has to assume some kind of risk because that is what defines the banking industry. The only “risk” in giving is an expection of repayment. Sometimes those expectations will or will not be met. Charities are examples of corporate giving, with no expectation of repayment. They don’t create profit.
The concept of origination fees and interest % creates a profitable motivation for corporate giving. The only business of a lending institutions is corporate giving, and ONLY by placing all the emphasis on repayment expectations. That expectation is never fully guaranteed for the lender or bank. And it is a matter of probability, regardless of the guarantors identity and their financial history. THIS is the logic for adding fees and interests consistently to all that’s given. The collected small sums paid by everyone to the lender is to service continued giving- even with occasional loss and non repayment once in a while — it’s still profitable. It is the consumer paying for the service to obtain corporate lending giving away with a padded incentive to forgo absolute repayment guarantees.
I will continue with the freeze at all three agencies. Now I will refuse to do business with lenders who check equifax reports.
Question: I wonder if the code required to unfreeze your equifax report was also stolen in the hack?
Found the answer – you can request a replacement PIN from Equifax by writing and paying them a fee ($10 in Oklahoma).
https://help.equifax.com/s/article/ka137000000DS9XAAW/What-do-I-do-if-I-lose-my-security-freeze-PIN
The Potential Impact Tool is crap. Enter anything (e.g., Smith, 123456) and it gives a (false) positive and a future date to enroll. Yikes!
When I tested it and entered junk, it told me I wasn’t affected. Everyone gets a future date to enroll.
the whole credit reporting model is broken and needs to be
replaced. it’s very archaic and hard to believe we still use it.
I wonder how other countries do it.
Also, someone at equifax needs to go to jail or pay a heavy fine
for this. Unfortunately, in this country corporate crime is rarely
prosecuted.
I share everyone’s concerns about this data breach, but insisting on crushing some random person at Equifax’s life over it so you can feel better is probably a bit much. If something criminal occurred, sure — but just because a huge body of people collectively failed to prevent a particular intrusion is not grounds for personally punitive action. Would you like to be incarcerated for not doing your job perfectly all the time?
Again, I understand the frustration, but I feel like people are a little too quick to jump on the notion that “someone should go to jail for this” whenever there is a tragedy. There needs to be a person who actually broke serious criminal laws for that to be appropriate.
not some random person. CEO or people at the top running the show. nobody went to jail for the 2008 meltdown even though there is plenty of evidence of wrong doing and millions of people were hurt. Nobody at GM went to jail even though many people were killed due to faulty ignition switch. The list goes on and on. Check out this documentary: it is an eye opener. https://www.youtube.com/watch?v=KMNZXV7jOG0
https://en.wikipedia.org/wiki/The_Corporation_(film)
According to FrequentMiler the Equifax cure worse than the hack.
I forgot to add link:
http://frequentmiler.boardingarea.com/2017/09/08/is-the-equifax-cure-worse-than-the-hack/?utm_source=feedblitz&utm_medium=email&utm_campaign=Frequent%20Miler%20%28Instant%29
I never gave this company permission to collect my personal information in the first place. This is the crux of the problem. It should be legally required to get my express consent prior to collecting/holding/exposing my personal information. I hope Equifax gets fined out of existence, and the executives who “didn’t know” sent to prison.
Apparently I was wrong. It has been pointed out that every time I have ever applied for credit of any kind, the application or papers I signed gave consent for this company to do this to me.
you also need to check the fine print, i heard some of their stuff requires you to agree not to sue them or join a class action suit against them.
Insider trading, waiving your class action suit rights and and a useless band-aid all in one package…these people are beyond vile and incompetent…..If you choose their monitoring product you can’t do a security/credit freeze and vice versa, so you have to choose between one strategy or the other. The experts, which excludes everyone at Equifax, suggest that the freeze is the better way to go. If you are over 65 or live in certain states, the freeze fee is waived. I’d suggest you call the Equifax corporate number 404-885-8000
and demand to speak to a Supervisor not one of the useless Temps they bused in for this circus and who don’t know anything beyond the one page fact sheet Equifax puts in front of them and demand that Equifax put a freeze on for free. You might be surprised. But as far as Transunion and Experian don’t expect anything. You might also want to call the Attorney General of the State of Georgia where Equifax is headquartered 404-656-3300 ask for Anne Infinger in their Consumer Protection Division and demand from her that Equifax be forced to provide the freeze for free. The real reason that they don’t set up the monitoring real time is that they’ve calculated that 40% or more of the people calling in now will not come back and initiate the service thus relieving Equifax from having to provide it for free.
404-885-8000
The arbitration clause and class action waiver in the Equifax and TrustedID Premier terms of use does NOT apply to this cybersecurity incident. If you have enrolled in this service, you have NOT waived your right to participate in a class action lawsuit and you can still choose to seek legal action against them.
My own company got hacked and they offered the standard 1 year all clear if service. Then they decided to make it a permanent benift, given that there is so much negative stuff with equaifax monitor I’ll just keep all clear. Not that it really help, it took months to see that I opened a new bank account.
Hi Jonathan,
Talking about a legal area, do you find a value in legal insurance plan, or pre-paid legal? I have Arag legal plan, but don’t see a point of continuing it.