Equifax breached ... 140 million accounts. The worse breach in history.


Aaargh, dude, the main Equifax PIN isn’t meant for anyone but you and Equifax. In Oregon anyway, that is the only PIN because they aren’t required by law to temporarily lift for a specific creditor–it may be different in other states, though.


Well then I"m confused cause I thought the whole point is I can give my bank the PIN to bypass the freeze, especially since most of them make you pay for a temporary lift.


Yeah, I just give it to the bank when necessary.


Hmm, well, as I say, different states may have different rules. My most recent PIN letter said if I wanted a temporary lift I had to call Equifax directly and specify a time window.
So hey, if it works for you the other way, awesome, although that’s less secure IMHO.


Since I am in the process of trying to get a new job and trying to buy a house, I haven’t felt comfortable freezing my credit yet. I did put up a fraud alert for my wife and I in the meantime.

That being said, it’s been 5 months since the hack happened. Do we know anything about who did it?


I suppose it is somewhat less secure, but not in any meaningful way. What’s important is that random criminals can’t apply for a home depot store card in your name.

Evidence points towards the perpetrators likely being Chinese intelligence. It is not conclusive, though.



Edit: Apparently the malicious code was delivered by the javascript file hxxps://aa.econsumer.equifax.com/aad/uib/js/fireclick.js that was getting pulled into the page.


Er, why link the .js if it may be malicious?


I broke the link, don’t want anyone to click on it accidentally.


I’ve never heard of a browser auto-running a clicked on javascript file, it just opens up the plain text view of it, sorry.


So now I am getting a monthly report from trans-union that everything is fine. I do not need this spam. Is there any way to turn this stuff off? They have a support section with absolutely no contact information. No emails,. no phone numbers.


Holy cow this whole thing is a joke. Yeah, let me give you my credit card number to store so you can charge me to freeze and unfreeze and get it stolen again.

If they can’t handle securing and protecting all this info electronically, can I pay with a paper note via carrier pigeon?


You probably signed up for their credit monitoring service instead of freezing your credit. They do not want you to freeze your credit.


It’s worse still, because most people don’t give them their information. The fact that they charge you for fraud monitoring and shit is basically a legalized protection racket. We’re gonna take your information and keep it safe, but hey if something god-forbid were to happen to your information, there’s nothing we can do. Well I mean we could do something, but it’s gonna cost ya…


I sure hope not. I think I did freeze it. I signed up for their trueIdentiy site. It had locking and freezing. They said locking (which is what I did) is like freezing, but I control it instead of them. There was no fee this way to lock and unlock my credit. I hope I have not made a mistake.




Good thing they managed their vendors so well. Were they still paying for that connection?


TransUnion too now with the comparatively minor adware stuff:



You made a mistake. Locking is not like freezing. Freezing is mandated by law and protects you proactively, “locking” or “credit monitoring” is a profit center for them and reactive.


Hey, guess who is in the freeze bandwagon