Equifax breached ... 140 million accounts. The worse breach in history.


#1

The Scumbags at Equifax just announced, months after it happened, that they were breached. This is the worst one in history because of a few reasons:

  1. Full SSNs, driver licenses, credit card numbers, addresses, etc. Everything a criminal needs to defraud someone in your name.

  2. No one gave their information to Equifax willingly. They get it and store it anytime some one does a credit check with them. You typically sign an agreement that the requesting entity can provide it, but it almost never says anything about Equifax now owning your info. Its supposed to be for that one purpose only.

  3. Executives were given time to sell stock before the announcement. Clear case of fiduciary responsibility being violated, and general scumbaggery.

  4. They set up an insecure website full of security holes to try and capture people’s complaints. Part of the submission form is an agreement you won’t sue them or take part in a class action lawsuit. Again, scummery.

I smell a huge class action lawsuit coming. I’ll join!


#2

Yeah, I read about this yesterday. Thank goodness for credit monitoring.


#3

Credit monitoring is crap, because it alerts you after your identity has been stolen. Everybody should freeze their credit, as that is the only thing that offers even a modicum of proactive protection.

https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

Freezing your credit will only protect you from people applying for credit in your name, but that is what most identity theft is intended to do. The remaining is used to apply for tax refunds in your name, and unfortunately there is no way to protect yourself from that. The IRS won’t allow you to set a PIN unless your identity was already stolen in the past. Asinine.


#4

That’s a fascinating notion. I’ll talk to the wife about that tonight.


#5

HUGE thank you, @stusser.

I’m now locked at all four agencies.


#6

Sure.

If you apply for a new credit card, they will not auto-approve you because your credit is frozen and will send a letter to your address explaining why. You call the number on the letter, ask them which agency they use for credit checks, give them your PIN, and get immediately approved. Easy as that. I did it last year for the Chase Sapphire Reserve.


#7

I apply for new credit very rarely. It will be very easy to manage this. The problem is a lot of the information just stolen is static: SS#, DL#, address (usually), banks and accounts used (usually), etc.

This is really, really bad.


#8

Yeah… I can’t see myself applying for new credit until we move (2+ years minimum) or one of our cars irreparably breaks down (both are model year 2010 with about 80-90,000 miles apiece with reasonable maintenance). Probably gonna freeze soon and rec the gf do the same.


#9

Hopefully they are sued into liquidation and the officers and board are all indicted. But odds are they just have to pay for their garbage credit-monitoring service with its associated upsell opportunities and get some ludicrous corporate slap-on-the-wrist fine that has no impact on anyone or anything.


#10

Everybody should freeze their credit. It’s literally the only way to protect yourself.


#11

So am I to assume that a married couple needs to freeze their credit separately? A quick glance at the forms show they are just for one person. So two people across all four agencies is to the tune of $120 or so?


#12

As someone who JUST got married, looks like I’m about to find out.


#13

Yes you both need to do it. In many states it’s completely free-- I didn’t pay a dime myself.

Congrats Brubin!


#14

Thanks!

And it’s apparently $10 per agency here in CA.


#15

Put them up against the wall.


#16

Don’t see what the big deal is.

Just change your password, date of birth and social security number and you’re fine.


#17

Note that the Apache Struts vulnerability has existed for nine years but was only discovered/identified on Monday.


#18

It was free for me today at all four of them.


#19

Depends on what state you are in. I had to pay for three.

My wife and I both did this today. Feels like an overreaction, but this kind of thing can be so difficult to clear up.

Unclear if we should take the same step with our kids.


#20

I was just going to fake my own death…