I froze my Equifax account a couple of years ago, but Equifax's boilerplate response to my query whether my account had been affected was the same as for others, i.e., *Based on the information provided, we believe that your personal information may have been impacted by this incident.* So what good is freezing? And Equifax does not provide the answer on its FAQ page. (Nor can one reach a representative. Oh, yes: *Sorry....while I go sell my stock.* Insider trading, anyone?)
8
In typical corporate fashion, "While Equifax has established a website so consumers can check whether their information has been stolen — www.equifaxsecurity2017.com/ — some have warned there might be a downside to using it. Buried in the terms of service is language in a so-called arbitration clause that appears to bar users from participating in any class-action lawsuits against the company, the Washington Post reported."
All of these corporations, from Facebook to Equifax to Wells Fargo to Google know that the internet is not secure and busily go about having you sign away your rights to protect their profits.
All of these corporations, from Facebook to Equifax to Wells Fargo to Google know that the internet is not secure and busily go about having you sign away your rights to protect their profits.
11
I'm downgrading their credit worthiness.
6
Neither a borrower nor a lender be. Ugh.
1
Just think, not so long ago I was not allowed to see my own Credit Score. Now everyone in Moscow can! Welcome to the Information Superhighway. Calling Preet Bharara!
14
NYTimes should accompany in their front page story on the breach, which includes a link to Equifax's risk-determining website, with the news that in order to use Equifax's site, the user must agree to an arbitration clause which waives the user's right to join a class-action lawsuit against this agency.
The website asks for the user's last name and the last 6 digits(!) of the user's ssn, and the user must agree to terms and conditions, which include waiving the right to join a class action lawsuit against this agency.
I strongly recommend readers to stay away from that link for now (CFPB is working to have the clause removed), and I recommend NYTimes to publish this bit about the fine print before linking to and sending its readers off to another website owned by Equifax and signing away their legal rights.
The website asks for the user's last name and the last 6 digits(!) of the user's ssn, and the user must agree to terms and conditions, which include waiving the right to join a class action lawsuit against this agency.
I strongly recommend readers to stay away from that link for now (CFPB is working to have the clause removed), and I recommend NYTimes to publish this bit about the fine print before linking to and sending its readers off to another website owned by Equifax and signing away their legal rights.
7
Until the US government puts citizens above big business, we will all continue to be exploited by data broker companies like Experian.
Despite us never consenting or even being consulted, data aggregation companies build massive data profiles on everyone they can, and there is zero recourse to prevent or stop it. And not just credit information; they collect everything from your marital status to what pets you have to your shoe size. Ever buy Claritin at the grocery and used a store loyalty card? You are in a database marked as an allergy sufferer. Other than medical and financial data that has specific protections, you have no right to know what they collect on you, correct it, delete it, or stop them collecting and selling it.
The US needs to adopt a "right to be forgotten" law as Europe has, and much stricter consumer data policies including opt-in as the default for data collection, no transfer without explicit consent, and complete transparency for consumers to review, edit and remove data.
Think this Experian breach will change anything? If our current government is trying to dismantle the EPA ensuring we will all suffer from dirtier air and water, it's hard to imagine they give a rat's rear about our data. Remember, the current administration is also doing its level best to dismantle the Consumer Financial Protection Bureau.
Despite us never consenting or even being consulted, data aggregation companies build massive data profiles on everyone they can, and there is zero recourse to prevent or stop it. And not just credit information; they collect everything from your marital status to what pets you have to your shoe size. Ever buy Claritin at the grocery and used a store loyalty card? You are in a database marked as an allergy sufferer. Other than medical and financial data that has specific protections, you have no right to know what they collect on you, correct it, delete it, or stop them collecting and selling it.
The US needs to adopt a "right to be forgotten" law as Europe has, and much stricter consumer data policies including opt-in as the default for data collection, no transfer without explicit consent, and complete transparency for consumers to review, edit and remove data.
Think this Experian breach will change anything? If our current government is trying to dismantle the EPA ensuring we will all suffer from dirtier air and water, it's hard to imagine they give a rat's rear about our data. Remember, the current administration is also doing its level best to dismantle the Consumer Financial Protection Bureau.
13
My information and my wife's information was compromised. I tried calling Equifax and spent TWO HOURS on hold before finally hanging up. Who the heck are these people who collect our information, pass judgement on us and then have NO accountability? Why are we letting this happen to us?
13
Thankfully, executives were able to cash out stock, avoiding a huge loss for them. For us, no so much......
8
In light of the security breach, I'd love to "vote with my wallet" and stop doing business with Equifax. Oh wait, I don't voluntarily do business with Equifax.
13
The hackers have no real jobs, so they prey on others, and their money. Shameless.
2
And now the Washington Post is reporting that if you go to Equifax's site and enter yet even more personal information to see if you have been breached, you may effectively be signing away your rights to a class action lawsuit. C'mon fellows, you can't have this massive a breach and blame the common man or woman.
5
"Equifax said that, in addition to reporting the breach to law enforcement, it had hired a cybersecurity firm to conduct a review to determine the scale of the invasion." Let me guess: they hired Kasperek Labs?
4
This bogus "credit rating" system needs to be shutdown once and for all. It's a fake system created to make money. A heartless system that puts millions of Americans at a horrible dissadvatage if they dont have good credit numbers. And now litterally half the country (and even higher percentage of spending adults) have just been bought and sold out by the lazy "credit reporting" system -- and all without asking for our permission. When did the government decide it was okay fir three big credit reportibg agencies to own every American and crush their American dream?
11
Like Wells Fargo, Equifax should SHUT DOWN, but not until enough time has passed that they can take responsibility for what might happen to people who become victims of identity theft. Disgraceful!
6
Shareholders should demand resignations, and seek prosecution. It's awful.
10
If just 100 of the 143 million people affected end up paying the 3 credit reporting agencies $10 a each to freeze their credit report, each agency is set to score $1 billion from this breach. Ka-ching!
Then if even half of those people need to unfreeze their accounts to access credit, we pay them another half billion. Ka-ching!
If we sign up for their one-year of free credit monitoring, they'll hit us up to continue coverage at the end of the first year - for the right price. Hundreds of millions more. Ka-ching!
Oh, and since they knew the hack occurred before anyone else on Wall St., they scored on insider trading, selling their stock before it took a hit. Ka-ching!
Where's the financial incentive to secure their systems? There is none. Considering this is Equifax' second or third data breach recently, they should be investigated for racketeering. The whole of the financial services industry is swimming with sharks, not just Equifax, but that's the first swamp to drain. Wouldn't it be a great if Congress and the President were affected? It's only when the rich and powerful are impacted that anything gets fixed.
ALL of Equifax assets should be seized under the federal civil asset forfeiture law. Let them prove their innocence like the rest of us are forced to do to get our money or possessions back when they're seized by the feds merely because we're suspected of some criminal enterprise.
So many swamps to drain, so little time.
Then if even half of those people need to unfreeze their accounts to access credit, we pay them another half billion. Ka-ching!
If we sign up for their one-year of free credit monitoring, they'll hit us up to continue coverage at the end of the first year - for the right price. Hundreds of millions more. Ka-ching!
Oh, and since they knew the hack occurred before anyone else on Wall St., they scored on insider trading, selling their stock before it took a hit. Ka-ching!
Where's the financial incentive to secure their systems? There is none. Considering this is Equifax' second or third data breach recently, they should be investigated for racketeering. The whole of the financial services industry is swimming with sharks, not just Equifax, but that's the first swamp to drain. Wouldn't it be a great if Congress and the President were affected? It's only when the rich and powerful are impacted that anything gets fixed.
ALL of Equifax assets should be seized under the federal civil asset forfeiture law. Let them prove their innocence like the rest of us are forced to do to get our money or possessions back when they're seized by the feds merely because we're suspected of some criminal enterprise.
So many swamps to drain, so little time.
14
We need a story on how to protect ourselves now that we know our data has been compromised.
4
wait - months ago, it's claimed, unknown parties "stole" consumers' personal information from this sham credit reporting service...
then its top execs dumped millions of dollars worth of their shares in the firm on the QT ...
then, some months later, the firm anounced the breach...
and now that people are in a panic, they want to charge individuals $10. each to freeze their own credit info which they never gave or sold to the database?
given the behavior of this company, isn't it just as likely they made up the whole thing with as much as a $1.43 billion windfall as a motive?
unless or until there's some kind of outside suspect, the finger of guilt points at company management as the likeliest of suspects, with motive and opportunity galore.
then its top execs dumped millions of dollars worth of their shares in the firm on the QT ...
then, some months later, the firm anounced the breach...
and now that people are in a panic, they want to charge individuals $10. each to freeze their own credit info which they never gave or sold to the database?
given the behavior of this company, isn't it just as likely they made up the whole thing with as much as a $1.43 billion windfall as a motive?
unless or until there's some kind of outside suspect, the finger of guilt points at company management as the likeliest of suspects, with motive and opportunity galore.
5
From what I've read so far, Equifax management is basically the three stooges, who will do absolutely everything wrong and repeat mistakes over and over. Even their site that supposedly reports if you're compromised, simply asks for more sensitive information before telling you, "I don't know," and promises to get back to you. If there were ever a case for criminal culpability for cyber security - this is it.
4
The land of the Free has turned into the Land of the Picked Pocket. Are these people who hold such sway over our lives going to pay for this inexcusable breach. No. It will be us suckers again who will pay the price of their criminal incompetence.
5
Mr. Gamble and his cronies used information only available to them for gain. These people were obviously insider-trading. They must go to jail.
6
Thanks technobrats for creating our Brave New World. Half of us are out of work because of your "innovation," we all yell at each other on social media, the Russians stole our election, all our private data is stolen, and my daughter can't get out of Florida on a flight because your algorithms set one-way minimum fares at $1,000+.
5
Thanks, Equifax. You vacuum up our personal data and they spill it all to criminals. And you charge us for the privilege of being abused. Time to end these no accountability credit rating corporations. Make them pay for the damages. Readers should be sure to let your corporate congress person know how you feel about it. Show them what citizens united really means!
7
The executives sold their own shares after the data breach. This is insider trading and the should be arrested. NOW.
6
Weak point in software, this is really funny. It was a blender mistake in software.
1
A heads up for Costco Citigroup credit cards. Costco uses Equifax.
2
If you want to see what your rights are to get issues resolved with Equifax, read what they say in the Terms and Condition of Use. Especially section 4 which says you can't be involved in a class action suit to resolve your problems.
I want Equifax to DELETE my account COMPLETELY (write over my records again and again until they are permanently obliterated, shred or burn data in any other form) and never keep my personal data in any form whatsoever AGAIN. So, how can we do that? Obviously they are not equipped (and nor should they be able) to compile data on anyone anywhere. Anyone who thinks this is less than an assault on your physical person or invasion of your home, needs to think about it again.
3
The headline of the associated article is simply fake news: "How to Protect Your Information Online." There is no way to protect yourself online, and the sooner our people acknowledge that fact, the sooner they will stop letting a bunch of 1% corporations hustle us, and the sooner they will demand our elected representatives stop allowing us to be put at risk.
Most of America's infrastructure is now internet connected and, thus, vulnerable to sabotage from any of myriad sources. Whether it's voting, flight control, or the electric grid, American's insatiable, self-destructive desire for gadgetry makes us incredibly vulnerable. And for those who think driverless cars and drones will be immune, I would just note the F.D.A. has put out a notice that even cardiac pacemakers are subject to hacking.
Yesterday the House unanimously passed a bill allowing 100,000 driverless cars on the road while exempting them from the usual safety regulations, at the same time cutting the states out of most of their regulatory authority. That's unanimity, Republicans and Democrats, Trumpistas and Feel The Berners alike. That's not Trump's doing; that's the result of Congress feeling that is what their constituents want. Everyone wants security and privacy, but no one wants to give up his or her internet connected gadgets.
Perhaps nothing will change until every American has to spend 6 hours/day trying to clean up the internet's financial, personal, and security messes they find themselves in.
Most of America's infrastructure is now internet connected and, thus, vulnerable to sabotage from any of myriad sources. Whether it's voting, flight control, or the electric grid, American's insatiable, self-destructive desire for gadgetry makes us incredibly vulnerable. And for those who think driverless cars and drones will be immune, I would just note the F.D.A. has put out a notice that even cardiac pacemakers are subject to hacking.
Yesterday the House unanimously passed a bill allowing 100,000 driverless cars on the road while exempting them from the usual safety regulations, at the same time cutting the states out of most of their regulatory authority. That's unanimity, Republicans and Democrats, Trumpistas and Feel The Berners alike. That's not Trump's doing; that's the result of Congress feeling that is what their constituents want. Everyone wants security and privacy, but no one wants to give up his or her internet connected gadgets.
Perhaps nothing will change until every American has to spend 6 hours/day trying to clean up the internet's financial, personal, and security messes they find themselves in.
1
Couple of interesting addenda:
In addition to waiting more than a month before letting its victims ... uh, customers ... know their information has been stolen, those who want to take Equifax's remedial action (security freeze, etc.) must wait an additional week or so before "enrolling." Also interesting that their customer support portal has been unavailable all day.
In addition to waiting more than a month before letting its victims ... uh, customers ... know their information has been stolen, those who want to take Equifax's remedial action (security freeze, etc.) must wait an additional week or so before "enrolling." Also interesting that their customer support portal has been unavailable all day.
1
The accompanying article is simply fake news: "How to Protect Your Information Online." There is no way to protect yourself online, and the sooner our people acknowledge that fact, the sooner they will stop letting a bunch of 1% corporations hustle us, and the sooner they will demand our elected representatives stop allowing us to be put at risk.
Most of America's infrastructure is now internet connected and, thus, vulnerable to sabotage from any of myriad sources. Whether it's voting, flight control, or the electric grid, American's insatiable, self-destructive desire for gadgetry makes us incredibly vulnerable. And for those who think driverless cars and drones will be immune, I would just note the F.D.A. has put out a notice that even cardiac pacemakers are subject to hacking.
Yesterday the House unanimously passed a bill allowing 100,000 driverless cars on the road while exempting them from the usual safety regulations, at the same time cutting the states out of most of their regulatory authority. That's unanimity, Republicans and Democrats, Trumpistas and Feel The Berners alike. That's not Trump's doing; that's the result of Congress feeling that is what their constituents want. Everyone wants security and privacy, but no one wants to give up his or her internet connected gadgets.
Perhaps nothing will change until every American has to spend 6 hours/day trying to clean up the internet financial, personal, and security messes they find themselves in.
Most of America's infrastructure is now internet connected and, thus, vulnerable to sabotage from any of myriad sources. Whether it's voting, flight control, or the electric grid, American's insatiable, self-destructive desire for gadgetry makes us incredibly vulnerable. And for those who think driverless cars and drones will be immune, I would just note the F.D.A. has put out a notice that even cardiac pacemakers are subject to hacking.
Yesterday the House unanimously passed a bill allowing 100,000 driverless cars on the road while exempting them from the usual safety regulations, at the same time cutting the states out of most of their regulatory authority. That's unanimity, Republicans and Democrats, Trumpistas and Feel The Berners alike. That's not Trump's doing; that's the result of Congress feeling that is what their constituents want. Everyone wants security and privacy, but no one wants to give up his or her internet connected gadgets.
Perhaps nothing will change until every American has to spend 6 hours/day trying to clean up the internet financial, personal, and security messes they find themselves in.
1
I didn't give equifax my permission in the first place... we need much much stronger consumer protections in this country
4
. Read the fine print. If you sign up for credit protection, you are giving up your rights to sue the corporation in any class action lawsuit. Once again a corporation looks out for itself and not for consumers
I tried to freeze my equifax account via the web. at the end of filling all the information a window pops up when you hit the submit button. The window says enter the 4 digit year. The problem is there is no place to type in the year on this window or the form. Equifax does not want to freeze your account. What a shame!
1
Is anyone interested in a solution to the hacker problem? The US government apparently is not. I have contacted Senators, Representatives, Homeland Security and DARPA, offering my patent, which shows how to build a computer that hackers cannot penetrate. So far no interest.
"Disappointing" -- Equifax must have studied a thesaurus to settle on that tepid swill of an understatement.
The three credit-reporting companies should be required to provide free credit freezes until your name, date of birth, mother's maiden name, and social security number all change -- that is, forever. If your information is stolen, credit freezes should be automatic.
LAN cabling for transmission of files should be separated physically from hardware allowing control of other computers. Within an organization, control of other computers should be enabled by hardware only via a handful of computers kept in locked rooms.
The three credit-reporting companies should be required to provide free credit freezes until your name, date of birth, mother's maiden name, and social security number all change -- that is, forever. If your information is stolen, credit freezes should be automatic.
LAN cabling for transmission of files should be separated physically from hardware allowing control of other computers. Within an organization, control of other computers should be enabled by hardware only via a handful of computers kept in locked rooms.
3
Why would anyone provide oversight to a free-market system? It always works out for the best! Look at these awful hurricanes produced by the National Weather Service! Free market weather is always better! Seriously, if you can't trust a for profit enterprise who can you trust?
3
took an hour to speak to someone, who could say little without revealing too much.
What is not clear is exactly what information they are collecting. What you get on a credit report (you pay extra for the credit score) is far less than what is in their database.
If the hackers can access all information about me, Equifax should be required to provide me all the information about me.
They did say they did not keep the PIN numbers on the back of credit cards.
A credit reporting freeze on the Equifax/Experian/TU accounts may be the only solution, and the consumer unlocking it as needed. Without getting a green light of a good report, the thieves will not be able to use the information for identity theft, fake bank accounts, loans, etc
What is not clear is exactly what information they are collecting. What you get on a credit report (you pay extra for the credit score) is far less than what is in their database.
If the hackers can access all information about me, Equifax should be required to provide me all the information about me.
They did say they did not keep the PIN numbers on the back of credit cards.
A credit reporting freeze on the Equifax/Experian/TU accounts may be the only solution, and the consumer unlocking it as needed. Without getting a green light of a good report, the thieves will not be able to use the information for identity theft, fake bank accounts, loans, etc
1
There are groups within the National Security Agency that use typewriters rather than computers - back to analogue. There is protection against hacking, contrary to opinions expressed here.
The film, California Typewriter, has solutions for our modern times of no privacy, hacking, speed, and lack of community.
The film, California Typewriter, has solutions for our modern times of no privacy, hacking, speed, and lack of community.
1
In response to a catastrophic dereliction of duty, after having been warned, Equifax puts up a bait-and-switch website, purportedly to inform its victims, but only collects more unprotected sensitive data from them, providing nothing.
Shut them down and throw those securities violators in jail.
Then examine Experian and Transunion, warning them that there is no forgiveness if they fail, too.
Shut them down and throw those securities violators in jail.
Then examine Experian and Transunion, warning them that there is no forgiveness if they fail, too.
2
Throw the book at them. They should be the next Arthur Andersen. The level of violation of the public trust is not forgivable.
4
"Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported."
Lock them up.
Lock them up.
3
First I received an email from Paypal confirming my purchase on a pair of shoes. A few days later, I received a fraud alert from my credit card that I had purchased a laptop. Then a few days after that, I was contacted by my financial institution; first by phone and the next day by email. All of the above was fraudulent activity. Then I started receiving phishing emails on a daily basis. I felt like I was under siege!
This all started over Memorial Day weekend. My identity and credit information were compromised. I believe I was a casualty of the cyberattack at Equifax. At the time, I didn't know how my information was being accessed, so I tried to plug every hole I could think of. You cannot imagine how much time this took.
The holes are plugged for now. Unless my data has been thrown away by the thieves as not worth the effort, these people still have all my personal information and they can use it any time they please.
This all started over Memorial Day weekend. My identity and credit information were compromised. I believe I was a casualty of the cyberattack at Equifax. At the time, I didn't know how my information was being accessed, so I tried to plug every hole I could think of. You cannot imagine how much time this took.
The holes are plugged for now. Unless my data has been thrown away by the thieves as not worth the effort, these people still have all my personal information and they can use it any time they please.
3
So many hacks and data breeches over the years, and most aren’t newsworthy enough to make the papers. Big hacks make catchy headlines, but we’ve all been hacked multiple times by now. Our names, SS numbers, and dates of birth are now public knowledge. It’s almost pointless for hackers to keep going after our data. All the calls to somehow punish companies like Equifax are too late. Our personal information is now readily accessible on the darknet, and there is no way to go back and retrieve or 're-secure' our data.
If Equifax knows that my data has been compromised, why do I have to enroll in a protection program by a certain date? Shouldn't they do that automatically? Or do they want to sell me something when I get there? Seems lame.
2
In this article the Times gave the Equifax so-called security website without saying that Equifax was using their failure and lack of transparency to make money from consumers, who sign up for one free year but are later charged for service. No one who ever used them can sue Equifax because arbitration is locked into every transaction. Their apology seems half-hearted and not an apology at all. They admit to no wrongdoing and did not detail the breach even for experts. If any industry calls for regulation and more than a slap on the wrist, this is it. In the era of Trump, I do not see it happening. But I am angry. I see them as a bad player and this is a bad sign for consumers.
There has to be a better way to protect data. I understand UC Santa Barbara is on of a handful of places working on quantum computing - eliminating the traditional binary code "0's and 1's" to an open ended infinite chain. As far as I know- there is little government funding to support this research. In the meantime we will continue to get hacked and hope we aren't one of the unlucky people whose data has been beached.
2
I want to know what Equifax did in order to secure their website and interfaces. Did they regularly have highly skilled penetration testers go up against it?
I also want to know just what the flaw in the website was. I swear if it was something as simple as an SQL injection flaw I'll be beyond furious as that is something that should have been found in the most basic of testing, and frankly the programmers who left such a door opened should be fired.
This company, as well as others, need to be held highly accountable for these breaches. Very large fines to the government and, frankly, forced to pay high amounts of money to every person whose data, especially this kind of data, was stolen. We'd see corporations putting a LOT more effort in securing their sites and systems. Yes, no system is completely hack proof, but companies need to be highly proactive in hardening and testing their systems constantly.
Finally, those three executives who cashed in stock before any announcement was made, that should be utterly illegal. At the very least they should be forced to give up every single red cent they made on those sales. Such a thing should be criminal with real jail time attached.
I also want to know just what the flaw in the website was. I swear if it was something as simple as an SQL injection flaw I'll be beyond furious as that is something that should have been found in the most basic of testing, and frankly the programmers who left such a door opened should be fired.
This company, as well as others, need to be held highly accountable for these breaches. Very large fines to the government and, frankly, forced to pay high amounts of money to every person whose data, especially this kind of data, was stolen. We'd see corporations putting a LOT more effort in securing their sites and systems. Yes, no system is completely hack proof, but companies need to be highly proactive in hardening and testing their systems constantly.
Finally, those three executives who cashed in stock before any announcement was made, that should be utterly illegal. At the very least they should be forced to give up every single red cent they made on those sales. Such a thing should be criminal with real jail time attached.
2
I find it hard to believe that there is no protection against hacking. I think that governments need to impose heavy fines on companies that lose data like what Equifax lost to hackers. That will be an incentive for the business world to take public safety seriously.
1
Equifax needs to be held fully accountable. I actually pay them monthly to protect myself from identity theft. Many Americans had no choice in the sharing of their private and credit information with this huge company. This hacking is a huge breach of contract and much harm has been done to 143 million people. Equifax did not provide adequate protection of our most private information and must now compensate all of us for any harm done and protect us from further vulnerability as a result of the hacking of information we paid them to protect.
1
Question #1 - Who owns data about you? For medical data, HIPPA suggest that it is your data, not the medical providers. Though HIPPA has overly broad exceptions, the basic principal that it is your data is critical.
Question #2 - Does this data breach constitute the crime (at least under New York law) of reckless endangerment? Reconsider your answer after thinking about how the data could be used.
Question #3 - Has Equifax considered the basic security rules discussed at http://www.solutionsny.nyc/pc-security.html?
Question #4 - Has the state where Equifax is incorporated considered lifting its certificate of incorporation?
Question #2 - Does this data breach constitute the crime (at least under New York law) of reckless endangerment? Reconsider your answer after thinking about how the data could be used.
Question #3 - Has Equifax considered the basic security rules discussed at http://www.solutionsny.nyc/pc-security.html?
Question #4 - Has the state where Equifax is incorporated considered lifting its certificate of incorporation?
1
Although I am 70 I'd never bothered looking at my credit reports until recently. Because there were minor inaccuracies in all 3 (eg, previous employers, residences) I decided to contact them to set record straight. Not easy. Each one has different process. A lot of username& password selection. Then, once you have done that they ALL use contact info you have given them to BOMBARD you with offers to PURCHASE credit security.
1
It's time for society to acknowledge that "customer identity" is no longer a private, for-profit construct.
Rather, from a legal and fiscal perspective, is every bit the equivalent of the customer themselves in today's world, and thus deserving the same status we give to other crimes against people.
Rather, from a legal and fiscal perspective, is every bit the equivalent of the customer themselves in today's world, and thus deserving the same status we give to other crimes against people.
1
First there was the notice from the 2015 IRS breach that my personal tax information had been stolen. Their suggestion was to register with one of the three credit monitoring agencies (or preferably all three.) Within six months, I received a notice from Discover Bank that I'd bounced an $8,000 check. In fact, I hadn't opened any account with Discover. They let it slip through without personally verifying the new account with me. Then after registering with Equifax and now checking their database, my personal information has been compromised again. I've frozen my credit, but still wonder what surprises lie ahead. For those who need credit in the future, this is a serious issue.
2
What lucky lawfirm is going to get this class action lawsuit? What fix is available? A 10 dollar class acting settlement won't cut it. How can I change me? Can I get a new social or birthdate?
1
There are ways to design systems to make it more protected, and give more power in the hands of the consumers, but it won't happen as long as a profit motive exists for our credit reports. This should be a job for government and for the public benefit. This has its own issues (like China's ratings score) but right now I think a tyranny from an ostensibly democratic government is less than the tyranny from these corporations.
I just pay cash for everything for the last decade since I figured out the game of these companies. I think that's what makes one wealthy: if you can live without credit (and credit reporting). Still, even here, people require credit reports for everything like getting a new phone from a major carrier (though there are ways around it) or even buying a home with cash. The fact that we have zero credit history doesn't hurt us (else how could those 18 year olds become consumers?) but they make it appear like it would.
I just pay cash for everything for the last decade since I figured out the game of these companies. I think that's what makes one wealthy: if you can live without credit (and credit reporting). Still, even here, people require credit reports for everything like getting a new phone from a major carrier (though there are ways around it) or even buying a home with cash. The fact that we have zero credit history doesn't hurt us (else how could those 18 year olds become consumers?) but they make it appear like it would.
Good luck getting your credit report as all systems are having major difficulties in handling the requests. Plus, if you have already received your credit report prior to this fiasco in less than a year ago, you'll have to pay $$.
3
Maybe Congress could set aside partisan differences and pass legislation limiting customers vulnerability and ratcheting up liability.
10
We are just plain never going to be secure with all the information out there on the internet. For every better security system, there will be a better hacker. And I realize it's kind of too late to go back to paper records, but there's certainly little doubt that they were about 100% more secure.
6
Businesses like credit reporting agencies should be subject to strict government regulation. They need to meet clearly defined standards on security. It is clear, once again, that laissez-faire economics hurts the common good. Business pursues only profit. Fracking is an example. It is quite obvious that fracking poisons our water; but who wants to protect our water if there is enough money in the business? Likewise, data protection is expensive. Credit reporting agencies will not do it unless the government steps in. But perhaps it is too late. Our addresses, dates of birth, social security numbers etc. etc. are already out in the open. Scandalous.
9
Be careful agreeing to the terms of service of their free one year of credit protection. It may protect them more then you. I'm not a lawyer but there is some strange wording in it for sure.
7
No one should have any confidence that any information stored or transactions conducted online is secure. Govern yourself accordingly.
Always look out for # 1. After all, the executives at Equifax did so, by cashing in their chips as soon as trouble hit the wind.
Always look out for # 1. After all, the executives at Equifax did so, by cashing in their chips as soon as trouble hit the wind.
7
Yes, govern yourself accordingly. Here are the steps all Americans should take to make certain all security breaches stop: 1. Call Ma Bell and get a landline installed at your place of residence; 2. Call your cellular phone company and tell them you want your cellular telephone disconnected immediately; 3. Call your internet provider and let them know you want the internet turned off. Then rip the router from the wall and throw it out the window (open the window first); 4. From your land-line telephone, call your cable provider and let them know you will no longer be needing their services. Go out and buy an antenna from Radio Shack. Hook it up to your tv and you'll get the major networks, plus meTV, antenna TV, PBS and few other great channels; 5. Go to your bank and withdraw all your money and stick it in your mattress or bury it in the backyard. Also, liquidate any assets and stocks and put that cash in your hiding place; 6. Install solar panels on the roof and call the power & gas companies and have them shut off your service; 7. Build a fire pit in your backyard for cooking and boiling water. Don't put the fire too close to where the money is buried.
1
The problem is that consumers want fast, cheap, easy access to credit. Companies like Equifax collect data to allow lenders to more easily assess credit worthiness with minimal information or contact with the person requesting the credit. If consumers want more protection they should be willing to subject themselves to closer scrutiny and identify verification by the creditor. But, lets be realistic, that isn't going to happen.
3
Wrong. There was never any consumer demand for outfits like Equifax, et al. They were created to meet demand from credit PROVIDERS, not credit seekers. The real problem seems to be ineptitude and stupidity on Equifax's part. I wonder if any heads will roll in the executive suites? If so, will they have a gentle landing due to a golden parachute?
2
If there is a massive legal effort to hold these credit info companies responsible, it should not be for compensation (as long as hacking damages are taken care of). The ultimate aim should be to eradicate these companies' very existence. Elswhere in the civilized world with thriving mortgage and credit activities, there is no presence for credit reporting companies. Lenders are responsible to vet their potential borrowers.
13
What I'd like to know is how on earth are these mega data clearing houses are simultaneously allowed to manage such huge amounts of personal data and yet not be held to the highest cybersecurity standards that these millions of individuals data cry out for. It makes absolutely no discernible sense.
S-t-u-p-i-d.
S-t-u-p-i-d.
16
It will take a complete paradigm shift to change, and neither political party will help fix it because they have too much invested in the status quo.
8
Three thoughts.
First, I have not voluntarily done business with Equifax so why is it legal or appropriate for it to have this personal data on me.
Second, why hasn't Equifax contacted those that are impacted, I thought they were required to do so under federal and state law within x days of finding out about the hack. Why did they sit on their hands?
Third, why to find of if you data is part of this breach do you have to give up legal rights.
First, I have not voluntarily done business with Equifax so why is it legal or appropriate for it to have this personal data on me.
Second, why hasn't Equifax contacted those that are impacted, I thought they were required to do so under federal and state law within x days of finding out about the hack. Why did they sit on their hands?
Third, why to find of if you data is part of this breach do you have to give up legal rights.
34
In answer to your question, it's legal or appropriate for them to have this personal information on you if you've ever applied for a loan or credit card, or do have such a loan or equivalent (security deposit for a cell phone contract).
If you've lived your entire life "off the financial grid", paying for everything in full in cash, you've got nothing to worry about from this data breach and no concern about information Equifax has on you. It doesn't have any. Woe to you, however, if you need a FICO score for something.
If you've lived your entire life "off the financial grid", paying for everything in full in cash, you've got nothing to worry about from this data breach and no concern about information Equifax has on you. It doesn't have any. Woe to you, however, if you need a FICO score for something.
They are one of the 3 reporting credit agencies. When one established credit in any situation these agencies are notified with inquiry with your permission in your original credit application
$100 billion MAY get their attention. Better yet, close them down completely.
No Exec will suffer.
These guys play many layers above us.
No Exec will suffer.
These guys play many layers above us.
10
As a consumer, I can only control the relationships I have directly with companies like banks, insurers, medical providers, etc. And my control with these companies is very limited. I am forced to agree to their various user and privacy agreements.
Moreover, there are a large number of secondary companies, like Equifax, who also store, use, and earn a living off of my personal information. I don't have a direct relationship with them. The gain is all theirs. Yet I am at risk of loss if they are hacked, or they misuse the information in some way.
We need regulations that allow consumers to have more direct control over these secondary relationships, including opting out of the storage and selling of my personal, financial, and health information.
Consumer Financial Protection Bureau: we need you more than ever.
Moreover, there are a large number of secondary companies, like Equifax, who also store, use, and earn a living off of my personal information. I don't have a direct relationship with them. The gain is all theirs. Yet I am at risk of loss if they are hacked, or they misuse the information in some way.
We need regulations that allow consumers to have more direct control over these secondary relationships, including opting out of the storage and selling of my personal, financial, and health information.
Consumer Financial Protection Bureau: we need you more than ever.
35
Equifax has shown itself to be irresponsible and incompetent when it comes to the public's confidential information. We, as consumers, should be allowed to withdraw from Equifax's databases so that they cannot continue to place us at risk.
Equifax has shown itself to be a subprime corporation. Give us the option to stop them from gathering our confidential data.
Equifax has shown itself to be a subprime corporation. Give us the option to stop them from gathering our confidential data.
28
Stop calling us customers, please.
27
143 million accounts. Let's be conservative and say half or those people decide to go through the BS of freezing their credit at Equifax, Experian, Innovis and Trans Union. Let's say it takes an average of two hours to do this. That's 143 million hours that Equifax has cost Americans right there - Who will compensate the country for this utter waste of time (not to mention the actual fees involved in freezing the accounts)?
Tell me again why Equifax shouldn't be penalized out of existence.
Tell me again why Equifax shouldn't be penalized out of existence.
31
I hoe the Board Made money on the Stock dump, Real Classy.
5
This #Equifax breach is a great bi-partisan issue. Affects over 57% of US adult population *for their entire lives*. Wealthy and not wealthy alike.
Probably including you.
Tell your US rep & senators to jump on the #FreeTheFreeze campaign - force Equifax to pay for what's called a credit freeze for affected Americans for each of the three credit reporting agencies. Value is up to $60 (to freeze and unfreeze your credit with each of the three agencies - actual $ depends on your state).
#FreeTheFreeze
Probably including you.
Tell your US rep & senators to jump on the #FreeTheFreeze campaign - force Equifax to pay for what's called a credit freeze for affected Americans for each of the three credit reporting agencies. Value is up to $60 (to freeze and unfreeze your credit with each of the three agencies - actual $ depends on your state).
#FreeTheFreeze
17
Despite the simpering 'apology' from its CEO, Equifax has now lost ALL credibility (no pun intended). Consumers have little or no choice but to have this company acquire sensitive personal information, only to have it sold to (or stolen by) the highest bidder. Time to change that. If 'credit' companies want my info they damn sure will pay for it in the future.
9
The CFO that sold shares after learning of the breach should be prosecuted. These are the known thieves of the world. The least we can do is go after them.
25
They probably sell to marketing and advertising companies too.
3
The world was a much safer and better place before computers.
12
TransUnion system is overwhelmed and can't process credit freeze requests and naturally you don't get that message until you've input all your "private" information. Wonderful!
7
To add insult to injury Equifax just charged me $$$ to put a freeze on my credit reports. So did Experian. TransUnion DID NOT charge me for the freeze. Time for a class action lawsuit to get this charge negated due to Equifax's incompetence.
16
Misleading headline states "Equifax Says Cyberattack May Have Affected 143 Customers." The 143 million people whose information was stolen from Equifax are not customers. Their customers are lenders and financial institutions. The 143 million people are hapless victims, many of whom may be seriously harmed by Equifax's negligence or incompetence. I never contracted with Equifax, I never paid Equifax for any service, yet Equifax gets to keep my important personal identification information on its unsecured database.
I want Equifax to know I reserve my right to sue them in the appropriate state or federal court if I am harmed as a result of their negligence.
I want Equifax to know I reserve my right to sue them in the appropriate state or federal court if I am harmed as a result of their negligence.
36
The three execs who dumped stock should be prosecuted for insider trading and sent to prison. Then some smart lawyer should file a class action suit representing 143 million people.
26
Just for fun, the hackers should have changed everyone's scores to 850.
14
Let me understand this. Equifax was grossly negligent, and will cause significant harm to over ONE HUNDRED MILLION people, no doubt ruining millions of lives, and the CFO capitalizes on this by committing insider trading. And they even have the gall to charge people a fee to freeze their credit.
People of America: prepare the pitchforks!
People of America: prepare the pitchforks!
21
Be careful before signing up for Equifax's "free" credit monitoring. If you do it, you surrender rights to resolve problems via a lawsuit, class action or otherwise, if things go sideways. Instead, you'll be forced into arbitration. Here's the pertinent clause in the user agreement folks are being asked to click but rarely read:
AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
Washington Post has a story that points out the risk: https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-kno...
AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
Washington Post has a story that points out the risk: https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-kno...
11
NYT, please remove the info about the website where you can supposedly check to see if your identity was part of the stolen data. It is not a secure site, according to reputable Ars Technica:
https://arstechnica.com/information-technology/2017/09/why-the-equifax-b...
What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
https://arstechnica.com/information-technology/2017/09/why-the-equifax-b...
What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
14
One more good reason to ban all crypto currencies.
3
On the contrary. If we embraced the advancement of blockchain, we would have much more private financial lives. Hacking occurs because of outdated, open design protocols of the internet.
Stolen identities are not used for ransom scenarios. The data is used for personification of victim to port phones, access accounts and move funds. The complete corporate credit rating system is here to blame for not protecting their systems. We could blame banks and lending institutions but we did sign over our rights for that credit card.
Maybe Americans should have the right to not be reported to credit Bureaus.
Stolen identities are not used for ransom scenarios. The data is used for personification of victim to port phones, access accounts and move funds. The complete corporate credit rating system is here to blame for not protecting their systems. We could blame banks and lending institutions but we did sign over our rights for that credit card.
Maybe Americans should have the right to not be reported to credit Bureaus.
6
143 million consumers is half of the US population.
3
Maybe it's time to go back to keeping cash under your mattress or in the cookie jar. Even counting the chances of the house burning down, it couldn't be any less safe than what we've got now.
God, I miss the 20th century.
God, I miss the 20th century.
6
These databases of consumer information should not exist in the first place, and should be destroyed.
8
If the Equifax CFO and two division presidents who sold their stock, after the hacking was done but before it was announced, aren't prosecuted by this Justice Department, then we know that big business under Trump will be able to fleece the American people without consequence.
9
Equifax charges $10 to place a freeze on your account. Seems to me that little revenue generator ought to be waived right about now. You know, a gesture of atonement.
9
taking into account this fee, the stock sales by senior executives, and the less than negative option for refusing to participate in a class of people who's information is sold as a product, why isn't this a bigtime bunco scheme?
as an individual, where is the benefit to me of allowing these charlatans to hang onto my private info? the beneficiaries of the crefit reporting services are such businsses as banks who can avoid doing due diligence on people they want to get into bed with.
how come I must suffer the consequences of making life easier for the kindly robbers at institutions like Wells Fargo?
RICO!
as an individual, where is the benefit to me of allowing these charlatans to hang onto my private info? the beneficiaries of the crefit reporting services are such businsses as banks who can avoid doing due diligence on people they want to get into bed with.
how come I must suffer the consequences of making life easier for the kindly robbers at institutions like Wells Fargo?
RICO!
I look forward to the current administration and Congress strengthening consumer protection agencies. Oh wait...
7
The nonfeasance/misfeasance of Equifax is outrageous in light of the fact that this event represents their third "threat" since 2015. The malfeasance of the three senior executives, including the company’s chief financial officer, in then attempting to profit (limit their loses) by selling their stock upon learning of the breach is disgraceful and intolerable.
Because the potential damages likely far exceed the worth of the company, it is not enough to simply say that the remedy is that they should be held financially liable for such loses. It appears that it is now time for government to step in and mandate security procedures for these hapless companies who had such procedures/technology available to them, but instead chose the lazy and cheaper way of protection...simply hoping what they had might be good enough when it clearly was not.
Because the potential damages likely far exceed the worth of the company, it is not enough to simply say that the remedy is that they should be held financially liable for such loses. It appears that it is now time for government to step in and mandate security procedures for these hapless companies who had such procedures/technology available to them, but instead chose the lazy and cheaper way of protection...simply hoping what they had might be good enough when it clearly was not.
3
Let's be clear: the first theft occurred when credit reporting agencies stole all our credit data without permission and used it to create a highly profitable enterprise from which they share no profits. And now they think we are going to purchase their "new" security services? To protect data which we never gave permission to release in the first place? What a total scam.
Any Equifax executive who sold their shares for millions of dollars should be prosecuted for insider trading. And the option should be given to permanently remove our data from their databases.
It's high time for this country to review our privacy laws and ramp them up to European standards. Make these companies pay through the teeth for something they could and should have prevented. It is the only action that will change their behavior.
Any Equifax executive who sold their shares for millions of dollars should be prosecuted for insider trading. And the option should be given to permanently remove our data from their databases.
It's high time for this country to review our privacy laws and ramp them up to European standards. Make these companies pay through the teeth for something they could and should have prevented. It is the only action that will change their behavior.
13
So what does our president think about this. If preventing something like this from happening over and over ever again isn't a step toward making America great again, what is? Mr. Trump, what are you going to do, have another campaign rally? Don't forget that due to the large amount of personal information collected and available on the internet worldwide, it is now available to crooks everywhere and that no one is immune, including you and your family and all the members of our government. Publishing your tax returns kind of doesn't measure up to the release of the Equifax information and its publication. And if preventing any damage from this hack is something you and others of the 1% may be able to prevent, what about the rest of these 143 million Americans; just too bad for us?
So why don't we cut Equifax's corporate income taxes to make them more competitive globally?
It is only common sense, that if preventing hacking is impossible we have to prevent the collection, storage of important citizen information and allow access to that data over the internet by anyone. Just think, in an old fashioned paper data environment if it would be possible for so much information to be pilfered... of course not. Technology may be wonderful but there must be responsibility protect the fruits of technology and require large collections of personal data be proven as fully protected.
So why don't we cut Equifax's corporate income taxes to make them more competitive globally?
It is only common sense, that if preventing hacking is impossible we have to prevent the collection, storage of important citizen information and allow access to that data over the internet by anyone. Just think, in an old fashioned paper data environment if it would be possible for so much information to be pilfered... of course not. Technology may be wonderful but there must be responsibility protect the fruits of technology and require large collections of personal data be proven as fully protected.
1
Equifax's Chairman/President, CEO, CIO, CFO, COO and Head of Risk and Compliance should be fired, for cause (gross negligence) so they get no compensation or bonus that they may be entitled to under their contract.
Send a message in the only language incompetent and greedy corporate leaders understand; Dollars and cents.
Equifax leadership's ugly, twisted, self serving mentality was clearly displayed when they added the arbitration clause forcing any individual using their site, to check if they have been affected, to give up their right to sue Equifax.
Send a message in the only language incompetent and greedy corporate leaders understand; Dollars and cents.
Equifax leadership's ugly, twisted, self serving mentality was clearly displayed when they added the arbitration clause forcing any individual using their site, to check if they have been affected, to give up their right to sue Equifax.
3
OK. So what should I do?
I can go to the equifax website and give them my name and last six of SSN for them to NOT tell me whether my information was compromised and offer me one year of credit monitoring services that doesn't actually mitigate my long term risk of being a victim of financial fraud?
Could the reporters please follow up with 1) consequences to equifax for such a data breach, 2) explanation for why equifax hasn't informed affected individuals , and 3) advice from security experts about actual steps consumers could take to protect themselves from a breach like this? If the answer to #3 is nothing because your SSN, name, and other data are not changeable, that should be stated as well.
I can go to the equifax website and give them my name and last six of SSN for them to NOT tell me whether my information was compromised and offer me one year of credit monitoring services that doesn't actually mitigate my long term risk of being a victim of financial fraud?
Could the reporters please follow up with 1) consequences to equifax for such a data breach, 2) explanation for why equifax hasn't informed affected individuals , and 3) advice from security experts about actual steps consumers could take to protect themselves from a breach like this? If the answer to #3 is nothing because your SSN, name, and other data are not changeable, that should be stated as well.
2
How about if we could stop using the outdated Credit Reporting agencies period. Why don't we have a business credit worthiness agency for consumers? Why shouldn't consumers be able to look at a company's credit report? List things such as; number of times company has filed bankruptcy, board of directors have filed bankruptcy, been in default of their loans, number of layoffs of employees, and etc. And if they past muster by the consumer, then maybe, we would give them an opportunity to do financial business with them...
The American financial credit reporting system is out of date for today's consumers.
The American financial credit reporting system is out of date for today's consumers.
5
Folks, there will be the inevitable class action suit. You will receive a notice telling you that the lead plaintiff and the attorneys will receive handsome payouts while your cut of the settlement won't be worth the paper it's printed on. You will also have the opportunity to opt out of the settlement. Opt out and retain your own counsel. If Equifax has to defend thousands of suits, they will go broke. Do not count on the feds or your state attorney general to act in your best interest.
6
So how do I find out if I'm one of the 143, 000,000? And, if I am, what do I do?
1
MAKE AN EXAMPLE OF EQUIFAX! Put the company into bankruptcy to pay all 143 million victims as much as the company is worth, and can make over the next 10 years. All stock in the company a total loss. Really get their attention. All current executives lose their stock options and bonuses and their jobs.
4
This is outrageous. I have been paying this company $20 per month to monitor for fraudulent activity and it appears my information has been compromised. I cannot believe this has happened given the money these companies make and the impact they have on the financial lives of individuals. A bad credit incident not only affects your ability to get credit but can also impact your ability to get a job. And FWIW -- for folks who support privatizing services, this shows that private industry isn't necessarily more efficient or reliable .... they only really care about making money.
4
And, Equifax sells credit reporting and protection services. Pathetic. A measly fine of $100 per person whose records were hacked would seem grossly insufficient. But, that would work out to $14 billion - which would at least get Equifax's attention. Companies should no longer be allowed to escape any/all consequences of breaches like this. Average people end up getting seriously hurt, while corporations, their shareholders, and their executives just keep on tooling along, business as usual, like nothing ever happened.
And, as for those Equifax execs who dumped shares after the breach was discovered but before it was made public, they need to go to jail.
And, as for those Equifax execs who dumped shares after the breach was discovered but before it was made public, they need to go to jail.
3
Equifax has a decades-long history of abusing customers. In the past, their reputation was so bad that they decided to change their company name from Retail Credit Corporation to Equifax. These guys work for large companies and banks and we, the consumers, are victimized by unverified data, illegal snooping, and other practices that show the need for the Consumer Financial Protection Bureau. I'm not at all surprised that it took them 6 weeks to admit to their breach. Any consumer who trusts Equifax should know that they don't have your interests in mind and never will.
On top of this breach, we see that their top executives sold stock between the breach and the announcement. In some other universe, insider trading is illegal and these execs should end up behind bars. But not in this universe.
And don't get me started on why we should have 3 multi-billion dollar corporations who annually make millions out of mining our personal financial histories. None of these companies deserves to exist, but Equifax holds a special place as the most evil of the three.
On top of this breach, we see that their top executives sold stock between the breach and the announcement. In some other universe, insider trading is illegal and these execs should end up behind bars. But not in this universe.
And don't get me started on why we should have 3 multi-billion dollar corporations who annually make millions out of mining our personal financial histories. None of these companies deserves to exist, but Equifax holds a special place as the most evil of the three.
9
I along with 143 million others impacted by this largest ever data breach am very concerned. I was never entirely at ease with anyone possessing my personal information let alone a profit-making corporation. Now this news of a hack exposing potentially all of us to fraud and who knows what else is certainly disquieting. If a class-action lawsuit will bring some clarity and a small measure of compensation then I say "carpe diem."
17
How can you protect yourself from a company with which you have no relationship who aggregates your information to sell it to anyone who wants it in the name of asking for a credit report? They don't care because use they have no loss. The only way to force these companies to safeguard our information is to let the lawyers sue them over bad over until shareholders force management to make changes.
1
The three major credit bureaus are essentially quasi-governmental agencies. The federal government's ability to insure mortgages is limited by regulation to mortgages that meet the credit scoring parameters provided by -- you guessed it -- the three major credit bureaus. So the bureaus have effectively "baked themselves into the cake." Sadly, nothing of any significance will happen to Equifax, because it is protected by legislators and regulators who do its bidding.
3
Maybe nothing will happen to Equifax, but the execs there who sold stock before knowledge of the hack was public should be prosecuted for inside trading. I hope they throw the book at these guys. Disgusting.
5
I just went to my bank to deposit a check into my account. I asked the person to print the account balance on the receipt. They asked me for my license. My bank treated me like a criminal.
The government bought the banks with the bailout and the banks are government owned extensions of the federal government that serve the government and the police and treat their customers with no regard for the fact that they are whose money they have.
The banks and the credit reporting agencies are protected by the government and the police to the utter disregard for their customers.
Has anyone alluded to the possibility that segments of the government like the N.S.A. may have breached the computers of Equifax to garner data on Americans?
It's probably likely that the banks and the credit reporting agencies supply data to the government outright.
The government bought the banks with the bailout and the banks are government owned extensions of the federal government that serve the government and the police and treat their customers with no regard for the fact that they are whose money they have.
The banks and the credit reporting agencies are protected by the government and the police to the utter disregard for their customers.
Has anyone alluded to the possibility that segments of the government like the N.S.A. may have breached the computers of Equifax to garner data on Americans?
It's probably likely that the banks and the credit reporting agencies supply data to the government outright.
1
I don't understand. These breaches are preventable. The general consensus is all systems can be hacked.
Have you ever seen Amazon websites being hacked? No. Because Amazon understands security. I have been researching this for the last 3 months. Security is possible.
The question remains whether this was an "inside job."
We do need better systems of password protection. Passwords are maddening. Apple has already solved this problem with the fingerprint identifier on every iPhone. So this can be done easily and universally. There are also additional security measures such as eye scanners.
I have been told this may also be laziness deep inside the IT department. Many layers of security are constructed. They are bulky and unwieldy. But they are not being constantly updated. That is what happened at Yahoo.
Have you ever seen Amazon websites being hacked? No. Because Amazon understands security. I have been researching this for the last 3 months. Security is possible.
The question remains whether this was an "inside job."
We do need better systems of password protection. Passwords are maddening. Apple has already solved this problem with the fingerprint identifier on every iPhone. So this can be done easily and universally. There are also additional security measures such as eye scanners.
I have been told this may also be laziness deep inside the IT department. Many layers of security are constructed. They are bulky and unwieldy. But they are not being constantly updated. That is what happened at Yahoo.
2
These companies and all lenders must accept total liability for any losses of citizens whose information has been hacked.
It has gone beyond the control of the average person .
Big data must be held accountable.
jmho
It has gone beyond the control of the average person .
Big data must be held accountable.
jmho
10
I object to the lack of prudence in having to submit 6 out the 9 digits comprising my Social Security number in order to have Equifax determine if I have been impacted by the breach. The customary limit is the last 4 digits. The information I am requesting is not as risky as is my having to expose two-thirds of my social security number. In fact, Equifax should be contacting each and every individual whose identity has been compromised. Ethically, if not legally, the burden should should rest on the shoulders of the company to notify the client.
21
Thank you for saying this - the first 3 numbers are where you got your SSN. If someone can find out your birthplace, especially after 1990 when it was required to get a SSN, then it's no secret at all to knowing someone's SSN.
I put a credit freeze with all 3 agencies this morning. I'll ask them all for a refund of the cost.
I put a credit freeze with all 3 agencies this morning. I'll ask them all for a refund of the cost.
9
It isn't necessarily your birthplace, it's actually where you applied for your SS card.
1
People need to admit that digital information is more vulnerable to theft and the internet makes all information less secure. It's time to rethink web security.
5
Everyone complaining that big corporations and credit bureaus should be prosecuted, are the ones with bad credit. Guys, taking them to court is NOT going to improve your bad credit habits.
The ones that should be prosecuted are the Chinese or Russians who hacked the data (my strong bet is it was the Chinese). You all are arguing that a homeowner who did not buy a steel-reinforced door to their home, and got broken into and had their items stolen, should be punished by a lawsuit and heavy fines. Are they not punished enough, from the theft? Anyway, it is unfortunate for all of us, but it is too easy and foolish to blame only the company for this breach. #ProsecuteCriminalsNotBusinesses
The ones that should be prosecuted are the Chinese or Russians who hacked the data (my strong bet is it was the Chinese). You all are arguing that a homeowner who did not buy a steel-reinforced door to their home, and got broken into and had their items stolen, should be punished by a lawsuit and heavy fines. Are they not punished enough, from the theft? Anyway, it is unfortunate for all of us, but it is too easy and foolish to blame only the company for this breach. #ProsecuteCriminalsNotBusinesses
"Everyone complaining that big corporations and credit bureaus should be prosecuted, are the ones with bad credit."
I'd love to see the data set you used to arrive at that conclusion. You DID a thorough data analysis before making that statement, didn't you?
"Are they not punished enough, from the theft?"
Not even close.
A career in the Merchant Marine didn't prepare me for the language I wish I could use to reply to your posting.
I'd love to see the data set you used to arrive at that conclusion. You DID a thorough data analysis before making that statement, didn't you?
"Are they not punished enough, from the theft?"
Not even close.
A career in the Merchant Marine didn't prepare me for the language I wish I could use to reply to your posting.
7
'Everyone complaining that big corporations and credit bureaus should be prosecuted, are the ones with bad credit.' Congrats on your objective and class-free analytical skills.
'#ProsecuteCriminalsNotBusinesses' : Is that a Koch enterprise?
'#ProsecuteCriminalsNotBusinesses' : Is that a Koch enterprise?
4
Equifax is guilty of gross incompetance and malfeasance. The onus is now on the victims to figure out who they are and use the incompetent's lame services again to protect ourselves? They should no longer be allowed to conduct a business of a nature that involves any guardianship over client's sensitive data.
Equally disgusting is the insider trading by their executives in the wake of the breach and before it was widely disclosed to sell their shares before the news caused the value to plummet.
Hey Trump voters! Who needs regulation? Who needs a consumer protection bureau?
Equally disgusting is the insider trading by their executives in the wake of the breach and before it was widely disclosed to sell their shares before the news caused the value to plummet.
Hey Trump voters! Who needs regulation? Who needs a consumer protection bureau?
15
The headline is incorrect.
The people affected by this breach were not customers of Equifax. They were its product.
The people affected by this breach were not customers of Equifax. They were its product.
28
A credit freeze is the only real protection. Equifax and others charge $10 unless you have a "police report." Please post the "police report" Equifax must have filed so we can attach it to our requests for FREE credit freezes (and many states [and the feds] need to change the law so freezes are free after ID thefts.
PS--a competent outfit needs to monitor and review the security of their free short-term (and worthless) credit monitoring, which requires sharing sensitive info with them
PS--a competent outfit needs to monitor and review the security of their free short-term (and worthless) credit monitoring, which requires sharing sensitive info with them
9
I really don't much care whether my information got hacked. At the end of the day, I'm not going to lose a nickel. Banks, if they give my money to someone who isn't me, and Equifax, which set the stage for it to happen via lax security, are to blame and so, under the law, they have to make me whole. I don't care whether the hackers get my medical information. No hackers in Russia or elsewhere are going to sift through all this stuff about millions upon millions of people and attempt to blackmail me by threatening to tell my wife that I have syphilis.
What I do care about, deeply are the Equifax execs who unloaded $1.8 million in stock after the hack was discovered but before it became public. Each and every one of them needs to go to jail and emerge a pauper via forfeiture. They're the real thieves here, and we know their names.
Frankly, I hope that the hackers take every penny they can get. I'd rather have them get the money than see it go to sharks in pinstriped suits, who would, under the law, have to make good on the losses, seeing as how they're the ones that enabled it via negligence. I don't understand why these stories on hacks keep saying that consumers are the victims. We're not. Our money and our credit scores are safe--it's really not that difficult to set things right if hackers use your credit to rip someone off. It's the bankers and the credit agencies that stand to lose. And I can't say that I feel any sympathy for them.
What I do care about, deeply are the Equifax execs who unloaded $1.8 million in stock after the hack was discovered but before it became public. Each and every one of them needs to go to jail and emerge a pauper via forfeiture. They're the real thieves here, and we know their names.
Frankly, I hope that the hackers take every penny they can get. I'd rather have them get the money than see it go to sharks in pinstriped suits, who would, under the law, have to make good on the losses, seeing as how they're the ones that enabled it via negligence. I don't understand why these stories on hacks keep saying that consumers are the victims. We're not. Our money and our credit scores are safe--it's really not that difficult to set things right if hackers use your credit to rip someone off. It's the bankers and the credit agencies that stand to lose. And I can't say that I feel any sympathy for them.
9
"What I do care about, deeply are the Equifax execs who unloaded $1.8 million in stock after the hack was discovered but before it became public. Each and every one of them needs to go to jail and emerge a pauper via forfeiture. They're the real thieves here, and we know their names."
Corporate white collar criminals in this country that run business that hires lobbyists and pays campaign donations don't get time; they get protected, and they get rich. What you rightly perceive should happen ain't gonna happen.
Corporate white collar criminals in this country that run business that hires lobbyists and pays campaign donations don't get time; they get protected, and they get rich. What you rightly perceive should happen ain't gonna happen.
1
What a coincidence that this story came out while two giant hurricanes are battering the continental US.
13
Who on earth would visit that bogus website they've set up to maybe/maybe not indicate whether or not you've personally been affected? Who is saying, "Gee, I want to interact even more with this company and their website... so that in case I wasn't affected, maybe I can inject myself into the mix?"
9
Anyone who has ever attempted to get a credit agency to correct incorrect stuff on a credit history should not be surprised that these numbskulls couldn't spell "security" if you spotted them every letter except "s."
9
The SSN was the core of America's National Identity System from 1945 until 1967. It allowed any American to publicly and unambiguously identify themselves. There was virtually no identity theft. Then the increasingly competitive credit card industry wanted a way to lend thousands of dollars to people they had never even met, and force them to repay. So they came up with the idea of declaring the SSN a "secret", so that by writing your SSN on an application anyone can claim legally to be you.
There are excellent and reliable means for physical, biometric, and digital authentication of identity. The credit industry should be required to use them. The SSN should be returned to its previous status as a nonsecret statement of identity, like your name, (which it is, in practice, since the reality is that anyone who wants to badly enough can get it). The SSN, complete of "final four", should NEVER be used to legally verify identity.
There are excellent and reliable means for physical, biometric, and digital authentication of identity. The credit industry should be required to use them. The SSN should be returned to its previous status as a nonsecret statement of identity, like your name, (which it is, in practice, since the reality is that anyone who wants to badly enough can get it). The SSN, complete of "final four", should NEVER be used to legally verify identity.
11
Clearly security was not a high priority. Banks/financial institutions seem to be able to protect against hacking. I'm fairly certain security was compromised for short-term profits. I saw reports that big shareholders were aware of the hacking and sold their shares prior to publisizing the security breach.
5
According to Republicans, you don't own your data, so quit your whining.
http://thehill.com/homenews/administration/327107-trump-signs-internet-p...
http://thehill.com/homenews/administration/327107-trump-signs-internet-p...
8
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Richard F. Smith, chairman and chief executive of Equifax, said in a statement. "After all, we make millions by sucking off the financial history of your lives. And we don't even need your permission! That's sweet. When we make a mistake its your problem. So clearly, we would prefer people not pay attention to this and let us go back to doing what we do so well."
8
Let me see if I've read this right. Security breach in July, we hear about in the first week of September. Within days of the break in being discovered, the CFO and two other executives dump shares. Did I get that right? They should be charged with insider trading and be made to stand trial.
23
We are like sheep that get driven around by big business to suit their -- and only their -- needs. We need legislation around personal privacy, including privacy of our personal financial data. No company should be allowed to store any information about me without my consent, and only then with the most severe penalties if they lose it or it gets hacked.
5
After realizing what the world we've created has in store, the threats like hurricanes and earthquakes from the one we didn't don't really look all that bad after all.
2
An interesting tactic that some governments and large companies etc are employing is to offer 'bounties' to hackers-gone-good, so that each time they locate a vulnerability in their systems and make it known to the particular govt/company, they get a bounty ($). However, an equally interesting downside to getting this bounty is that it then brings attention to the hacker, who may have been a 'bad hacker' in his former life, and make him open to potentially being discovered and then brought up on charges for a former bad-hack that he was involved in.
1
I've never voluntarily given any of my information to these agencies. Why are they allowed to have all this data if they can't keep it safe? If my bank account is accessed by someone else, where is my recourse? It all just makes me very, very angry because we're all treated like some merchandise without any say of who gets what information.
5
I've had my credit reporting agencies add security freezes to my account for some time now. Next thing will be to find out these freezes are overridden by hackers.
7
"Clearly disappointing" - he says, along with his executive team probably told his IT Security group - "I think we're good enough"
1
I'm evidently one of the 143 million. I looked up my Visa account I use 99% of the time, and there's no warning customers about this debacle. Says the Equifax CEO: "This is clearly a disappointing event for our company." You think???
3
"People can go to the Equifax website to see if their information has been compromised. The site encourages customers to offer their last name and the last six digits of their Social Security number."
I have no idea if Equinox has any of my information, or not. To find out, I am supposed to turn over my last name _and_ last 6 digits of my Social Security number, with which (apparently) hackers can do all kinds of creative things.
Given their track record, why would I want to give them information if they don't already have it?
I have no idea if Equinox has any of my information, or not. To find out, I am supposed to turn over my last name _and_ last 6 digits of my Social Security number, with which (apparently) hackers can do all kinds of creative things.
Given their track record, why would I want to give them information if they don't already have it?
13
Yet again. All computer users need to call their congressional representatives, the company that made their computer and software, and the latest business to get hacked and COMPLAIN. If software developers can't make secure software, maybe it's time to go Luddite.
3
I lived in Sweden for 13 years. The day I arrived, I went to the police to be identified and receive a "person number" - my birth-date plus a number.
Anyone could guess my person number, that serves as an index into data bases. But every bank and agency is responsible for further identification before services and benefits are delivered. In case of identity theft, that bank or agency is responsible for the losses. Every U.S. citizen has a right to a secure identity and should be immune from all claims made by others.
The social security number should be treated as publicly-known information and insufficient for identity purposes. It's clear we need fingerprints and retina scans as a secure measure of personal identity.
The same reasoning applies to all existing identity papers and voter i.d.s.
They're quite useless, why should anyone present more than a thumbprint
in order to vote?
Anyone could guess my person number, that serves as an index into data bases. But every bank and agency is responsible for further identification before services and benefits are delivered. In case of identity theft, that bank or agency is responsible for the losses. Every U.S. citizen has a right to a secure identity and should be immune from all claims made by others.
The social security number should be treated as publicly-known information and insufficient for identity purposes. It's clear we need fingerprints and retina scans as a secure measure of personal identity.
The same reasoning applies to all existing identity papers and voter i.d.s.
They're quite useless, why should anyone present more than a thumbprint
in order to vote?
13
The arbitration clause I see a lot of people mentioning covers only the credit monitoring service. If you sign up for it, you aren't giving up your right to sue them for not protecting your information.
But the site you use to see if you've been hacked isn't encrypted, so I wouldn't use it. It's better to assume you've had your info stolen, and keep a close eye on your financial accounts.
But the site you use to see if you've been hacked isn't encrypted, so I wouldn't use it. It's better to assume you've had your info stolen, and keep a close eye on your financial accounts.
2
When did I give Equifax permission to buy, sell and store my personal information?
As personal data is increasingly collected and sold without persons' awareness or permission, data privacy will become increasingly important. My shopping patterns, what I read or watch, my DNA, exercise and other commercial biometric data not covered by HIPPA and certainly my financial information should be under my exclusive control. I wish my medical records were.
As personal data is increasingly collected and sold without persons' awareness or permission, data privacy will become increasingly important. My shopping patterns, what I read or watch, my DNA, exercise and other commercial biometric data not covered by HIPPA and certainly my financial information should be under my exclusive control. I wish my medical records were.
12
If you ever opened a revolving Visa, MasterCard, Amex, etc. credit card with a financial institution they gave your information to a credit reporting company such as Equifax, TransUnion, etc. They can't issue a credit card without checking your credit rating and financial worthiness. Heck, they may have run a credit check just for opening a savings/checking account. Sorry to be the bearer of bad news.
1
Citi Bank called the other day to say someone had tried to access our account on their server. That credit card was closed and new one issued. I wonder if that had anything to do with the hack of Equifax ... or my recent trip to Las Vegas.
We're not in Kansas anymore Toto.
We're not in Kansas anymore Toto.
5
So the first thought of Equifax executives was to make a profit from their failure to protect consumers from their security breach?
18
We are not "Customers". Editor, please stop referring to the victims of this hacking as "customers" in your headline. I never asked Equifax to collect all of my personal data, nor did I pay them to do it. Rather, the very personal data about me is the product Equifax sells to its real customers - marketers, lenders, etc.
I did not ask to be exposed to this risk, I did not give my permission, I wasn't paid whenever Equifax sold my data, I just have to suffer the consequences of their breach.
I did not ask to be exposed to this risk, I did not give my permission, I wasn't paid whenever Equifax sold my data, I just have to suffer the consequences of their breach.
27
Exactly! I am not a "Customer" of Equifax. They get access to our data as a pre-requisite of the lending institutions with whom we do business. The Lenders are their customers. The lenders force anyone seeking a credit card or loan to sign off on the fine print that allows the lenders to send our data to an Equifax, and also allows the lenders to obtain access to that data for purposes of loan approvals.
1
The number of records compromised is not as important as we may think. To use the stolen id -- 143 million records -- would typically require an army of fraudsters. The actual use of stolen id information has always been a crime committed on a relatively small scale. The worst offense appears to have been a $13 million scam out of Queens.
Id theft tends to involve limited damage because it is a crime committed one victim at a time. Huge thefts and limited use of the stolen information has been the rule. The $13 million scheme was carried out by 111 people over two months and involved swiping of fraudulent id at food and retail establishments. The number of false id's used was probably less than 100 by each of the 111 conspirators.
It would be helpful to know the typical damage done in mass id thefts. The theft of 143 million records seems incredibly daunting. But if history suggests that no more than a few thousand victims will be compromised, that puts this matter in a whole different context.
Id theft tends to involve limited damage because it is a crime committed one victim at a time. Huge thefts and limited use of the stolen information has been the rule. The $13 million scheme was carried out by 111 people over two months and involved swiping of fraudulent id at food and retail establishments. The number of false id's used was probably less than 100 by each of the 111 conspirators.
It would be helpful to know the typical damage done in mass id thefts. The theft of 143 million records seems incredibly daunting. But if history suggests that no more than a few thousand victims will be compromised, that puts this matter in a whole different context.
1
Saying there is no protection against hackers is giving up. It's like saying there's no defense against a man with a gun. The more important question is what would a reasonable person do? I stay out of dark alleys, but am I responsible if I get mugged? Was Equifax taking reasonable and appropriate steps to protect their information?
Blaming Equifax also flies in the face of how we view liability elsewhere. If a car manufacturer sells a car with a defect, and that defect leads to harm, the manufacturer is held liable. Why is that not true with software vendors? Equifax most likely bought a website product that had a flaw in it. So, while it is easy to say they should have know it was flawed, isn't that more true for the vendor.
The real issue is the value of stealing personal information; instant credit. If there were no value, no one would steal it. Instant credit and the insistence on being able to conduct transactions with minimally effective identification, makes all this personal information valuable.
Equifax and their industry provides a valuable service, and regulation has improved their market space. If you aren't seeking credit, consider a credit freeze. The big three will do it at no charge.
Blaming Equifax also flies in the face of how we view liability elsewhere. If a car manufacturer sells a car with a defect, and that defect leads to harm, the manufacturer is held liable. Why is that not true with software vendors? Equifax most likely bought a website product that had a flaw in it. So, while it is easy to say they should have know it was flawed, isn't that more true for the vendor.
The real issue is the value of stealing personal information; instant credit. If there were no value, no one would steal it. Instant credit and the insistence on being able to conduct transactions with minimally effective identification, makes all this personal information valuable.
Equifax and their industry provides a valuable service, and regulation has improved their market space. If you aren't seeking credit, consider a credit freeze. The big three will do it at no charge.
You can't really believe what you wrote, can you? Equifax sits on and profits from a mountain range of highly sensitive data and they're not responsible for keeping it secure? They take in nearly $3 billion annually and don't have to make sure that software they write or use is secure? Why is that? Because there's no spare budget for hiring security people to keep their system safe?
Do you work for Equifax?
Do you work for Equifax?
9
So I inherited $750,000 and paid off both a mortgage and home equity line of credit totaling $420,000. I cleaned up my $27,000 Amex bill. So today I found out my credit score went down 28 points. Reason: I missed a $50 annual payment on an Amex card I never use and the account was not on line so I got paper notices which I failed to open. Oh well. My bad.
But the three credit reporting companies are SO behind the technology curve. Google and Amazon know me better then I know myself, and they know I NEVER in 24 years missed a mortgage payment
But the three credit reporting companies are SO behind the technology curve. Google and Amazon know me better then I know myself, and they know I NEVER in 24 years missed a mortgage payment
8
I'm appalled by this.
I just went to Equifax's web site and learned that my data as well as my husband's has been stolen. I was an identify theft victim several years ago and placed a security freeze on my credit files at Equifax, Experian and Transunion. Now I have to worry that the special password I use to unfreeze my file at Equifax file has been compromised along with my data.
For Equifax's spokesperson to call this security breach "disappointing" is outrageous. It's nothing short of reckless given its record of previous breaches.
I've contacted my US congressman and senators to express my anger about what's happened and my hope that they and their counterparts in Congress will rake this irresponsible company over the coals.
I just went to Equifax's web site and learned that my data as well as my husband's has been stolen. I was an identify theft victim several years ago and placed a security freeze on my credit files at Equifax, Experian and Transunion. Now I have to worry that the special password I use to unfreeze my file at Equifax file has been compromised along with my data.
For Equifax's spokesperson to call this security breach "disappointing" is outrageous. It's nothing short of reckless given its record of previous breaches.
I've contacted my US congressman and senators to express my anger about what's happened and my hope that they and their counterparts in Congress will rake this irresponsible company over the coals.
22
Interesting that reportedly some top execs unloaded a bundle of stock shortly after the breach was announced. Makes one wonder.
8
...shortly after the breach was DISCOVERED, before it was announced. Worse.
6
The headline is wrong.
Equifax does not have 143 million "customers."
Equifax has personal information on 143 million Americans, information that most of people would prefer Equifax not have.
And they lost it.
No doubt our representatives will find some way to protect this private sector spy agency from liability.
Equifax does not have 143 million "customers."
Equifax has personal information on 143 million Americans, information that most of people would prefer Equifax not have.
And they lost it.
No doubt our representatives will find some way to protect this private sector spy agency from liability.
23
Three Equifax executives sold stock after the discovery but prior to client notification and the public announcement. All is fair in love, war, and deceit.
5
It is time that large banks and credit card companies are penalized for allowing endless data breaches that just seem to get bigger and more outrageous each time, while consumers are left holding the bag and dealing with the consequences.
The big three credit bureaus, especially, should be severely fined for any data breaches since they have information on every person in the U.S.
The big three credit bureaus, especially, should be severely fined for any data breaches since they have information on every person in the U.S.
7
I was trying to access my Equifax account a while back and request assistance in accessing my account. After verifying my information they sent me my password in an email.
THEY WERE STORING PLAIN TEXT PASSWORDS. I am not surprised this happened to them and to all of us to let them operate this way.
THEY WERE STORING PLAIN TEXT PASSWORDS. I am not surprised this happened to them and to all of us to let them operate this way.
11
The maddening thing about this Equifax situation is that they collect my personal data without my consent. They use this data to establish demographics and creditworthiness based on their corporate algorithms. Equifax, Experian, Transunion, and other companies that collect personal data should be obligated to 1) get a waiver or consent from those whose personal data they have, 2) Share the data, yearly, with all those in their data base, 3) get consent from anyone from who they have collected data in order to keep it. No consent, no data retention. 4) Businesses should be prohibited from sharing data with these credit agencies without my explicit consent. Experian has put my creditworthines, and financial well being at risk.
9
Yup. And it seems like every time I buy something these days, every company wants my ss#. It's just shocking.
2
I don't give my social security number to anybody. If they ask , I say no and they move on.
So not only did a company with critical identifying information for almost half of the population increase profits by slacking on security, but they also defrauded their investors by engaging in insider trading, trading on inside knowledge of the hack.
The hypothesis is that markets distribute resources efficiently through the mechanism of self-interest. This hypothesis has a nearly infinite number of holes in it.
Markets my be the best way to do a lot of things, but democracy is the better way to do a lot of other things, and according to the constitution, democracy is expressed through the work of the government.
Those that try to paint government (democracy) as the enemy are the people that like to exploit the holes to take other people's productivity (money).
Those that try to claim that markets are democracy do it because they have most of the dollars and most of the votes in a market.
Greed is not self interest. The word greed means to put money above self interest, a lesson learned by Midas when he turned his daughter to gold. True self interest requires understanding the bigger picture.
While pathologically avoiding centralizing the economy in the hands of governmentt (democracy), we have centralized the world economy in the hands of the greediest people on earth, who are too greedy to know that they are hurting the economy and the planet in ways that will eventually hurt them and their descendants.
Fight for democracy!
The hypothesis is that markets distribute resources efficiently through the mechanism of self-interest. This hypothesis has a nearly infinite number of holes in it.
Markets my be the best way to do a lot of things, but democracy is the better way to do a lot of other things, and according to the constitution, democracy is expressed through the work of the government.
Those that try to paint government (democracy) as the enemy are the people that like to exploit the holes to take other people's productivity (money).
Those that try to claim that markets are democracy do it because they have most of the dollars and most of the votes in a market.
Greed is not self interest. The word greed means to put money above self interest, a lesson learned by Midas when he turned his daughter to gold. True self interest requires understanding the bigger picture.
While pathologically avoiding centralizing the economy in the hands of governmentt (democracy), we have centralized the world economy in the hands of the greediest people on earth, who are too greedy to know that they are hurting the economy and the planet in ways that will eventually hurt them and their descendants.
Fight for democracy!
11
I hope Congress grills these guys and the SEC looks into the fact they sold their stock before the news was public.
7
All Americans should immediately place security freezes on their credit reports at the four credit reporting agencies: Equifax, Experian, TransUnion and Innovis. Most people should be able to do so online at their respective websites, and it only takes a few minutes. For New York State residents, doing so is completely free and the freeze is permanent until you decide to lift it or cancel it. Temporarily "lifting" the freeze costs $5 per agency (if you need to apply for credit or a loan, or perhaps rent an apartment).
Freezing is a hassle, but you should now consider your SSN, DOB and other data to be public information. I don't doubt that someone may actually purchase the whole dataset on the black market/dark web and simply publish it. This would at least force all of our institutions to stop using our SSN as an identifier (SSNs were never meant for this in the first place) since they would be easily accessible on the open web to anyone.
Unfortunately, freezing only prevents criminals from opening new lines of credit in your name. It does not prevent criminals from impersonating you to gain access to your bank accounts, investment accounts, health insurance, etc.
Freezing is a hassle, but you should now consider your SSN, DOB and other data to be public information. I don't doubt that someone may actually purchase the whole dataset on the black market/dark web and simply publish it. This would at least force all of our institutions to stop using our SSN as an identifier (SSNs were never meant for this in the first place) since they would be easily accessible on the open web to anyone.
Unfortunately, freezing only prevents criminals from opening new lines of credit in your name. It does not prevent criminals from impersonating you to gain access to your bank accounts, investment accounts, health insurance, etc.
7
I see a lot of scaremongering in the "selected" comments about how this sort of hack is impossible to prevent and Equifax had the "latest and greatest from silicon valley"
This is baloney. Run of the mill attacks against web applications are fairly easy to prevent. Equifax was grossly negligent with their security controls and their IT staff, and they should be punished accordingly.
This is baloney. Run of the mill attacks against web applications are fairly easy to prevent. Equifax was grossly negligent with their security controls and their IT staff, and they should be punished accordingly.
13
Exactly, but our fearless leaders don't understand technology. Simple encryption would have made any hack to access the data meaningless.
5
We may not be able to prevent hacking, but we certainly know how to protect the information stored in databases, it's called encryption. So you can hack in and steal data that is unintelligible unless you have the encryption key, which you don't have, and that makes the whole hacking exercise a useless endeavor. So the question is, why do we as a society with the ability to pass laws to incarcerate people who steal money, continue to tolerate companies who store our most confidential personal information on their computer systems without encrypting the data? If a bank manager went home and left the front door of the bank unlocked with the vault door and safe deposit boxes open, the manager would soon be in a very firmly locked cell. Why do we continue to let the managers of companies who store our sensitive information without the proper safeguards to walk free? This isn't like, "Oh well I guess I'll have think of a new password to for my porno site." The head of Equifax should not be holding press conferences, he should be in jail for giving thieves access to our most confidential personal information. He's aiding and abetting grand larceny.
6
Equifax--another example of slacker America!
NYTs and other news outlets need to foreground the terms under which Equifax is providing credit monitoring services. The consumer website set up to purportedly inform you if your data has been compromised is actually designed to funnel you into credit protection services with no confirmation that your information has been stolen. That in itself is problematic, but the truly egregious aspect is that everyone who signs up for this service is indemnifying Equifax from class action suit! Equifax has used this consumer site to underhandedly disempower consumers by precluding class action suit, as part and parcel of actually responding to this problem via the means provided by the company. No doubt this legalese is buried in the fine print of terms and conditions. Reports need to highlight that even responding to the problem by the only vehicle set up by Equifax is further malfeasance on the part of this company, as they actively and furtively seek to corral 143 million aggrieved consumers into forfeiture of their legal rights, simply to receive what paltry remediation the company is offering. I would go so far as to say that the prime reason Equifax created this website process is to get out ahead of lawsuits by submerging the indemnification clauses in the remediation procedurals. Cynical and egregious behavior on the part of this company and the news outlets need to report on this aggressively.
9
Isn't this called "extortion?"
2
The arbitration clause covers credit monitoring, not the breach itself.
Note the 13th (!) graf:
Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported.
Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported.
10
Equifax is offering ONE YEAR of protection. WHAT does that mean? AFTER ONE YEAR, is there a monetary incentive for Equifax in "hooking" people into paying for future protection? I agree with another reader, IF a person's identity HAS been compromised, it seems defensible that Equifax should offer LIFETIME protection.
Better yet, CONGRESS needs to act. WHY IS SELLING PEOPLES PRIVATE INFORMATION EVEN ALLOWED? IT SHOULD BE AGAINST THE LAW! CORPORATIONS SHOULD BE LEGALLY REQUIRED TO PROTECT PERSONAL INFO PROVIDED IN ORDER TO CONDUCT BUSINESS. NO EXCEPTIONS!
Better yet, CONGRESS needs to act. WHY IS SELLING PEOPLES PRIVATE INFORMATION EVEN ALLOWED? IT SHOULD BE AGAINST THE LAW! CORPORATIONS SHOULD BE LEGALLY REQUIRED TO PROTECT PERSONAL INFO PROVIDED IN ORDER TO CONDUCT BUSINESS. NO EXCEPTIONS!
7
Most of us are not "customers" of equifax. They compile consumer information without consent. Please correct this headline. And what's with the free advertising of Equifax's problematic services, which require people to provide even more personal information, and turn out, on inspection, to not even be available yet? That misleading and boilerplate advertising copy does not belong in a news article about a company's negligence.
7
...you know Arthur-Anderson was effectively killed by the government in 2002 - The company was found guilty obstructing justice, effectively putting an end to all its audit activities, and 80K people lost their jobs in a 12 month time-span. One could make the argument that this should happen again here.
Killing Equifax would send a message to the remaining players in the space that this laxity will not be tolerated. There is *nothing* ordinary people can do to put pressure on Equifax to not do this again. Only the government can do this, but it won't because the company spends ~$1M annually to keep everyone happy.
https://www.opensecrets.org/lobby/clientsum.php?id=D000025712
Killing Equifax would send a message to the remaining players in the space that this laxity will not be tolerated. There is *nothing* ordinary people can do to put pressure on Equifax to not do this again. Only the government can do this, but it won't because the company spends ~$1M annually to keep everyone happy.
https://www.opensecrets.org/lobby/clientsum.php?id=D000025712
9
What would "not doing this again" even mean? Basically most adult Americans' SSNs are out there now. Unless 143 million of us apply for new SSNs, there's no going back now, as far as I can see.
5
Actually that's true, you're right.
This is getting wild!! Now I'm going to have to keep track of my credit card account.
"Equifax Already Being Sued Over Massive Breach; Company Criticized For Amateurish Response To Theft": https://consumerist.com/2017/09/08/equifax-already-being-sued-over-massi...
3
I guess these clowns never heard of encryption.
5
Credit is over rated... I recommend u don't use it.
3
Pretty hard to buy a place to live without it.
"Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered."
I hope the three executives will be prosecuted for insider trading.
What they did was criminal!
I hope the three executives will be prosecuted for insider trading.
What they did was criminal!
12
Who gave credit agencies the right to database this information? No doubt anyone who applied for credit who signed on the little black line. Life has always been a crapshoot of unstoppable catastrophic natural disasters, but civilized societies are supposed to prevent catastrophes of human making.
If we do not fundamentally change the way our society is structured, and a touchscreen is all it takes for the bad guys to destroy average Americans, then we have sacrificed security to the gods of commerce, originally for the sake of convenience, but now as a necessity for functioning within the system. It may be time to return to cash under the mattress. At least the bad guys would be reduced to those with proximity to break and enter.
Continuing to provide personal information in such times is insanity yet it is useless to resist as this point since our personal information is already in the system. Maybe when hackers employed by Russian or Ukrainian or Chinese, or whomever, savage enough average Americans to create financial havoc in a once stable system we will began to realize how naive we have been. But it will likely be too late. There is more than one way to fight a war. I suggest we are already at war with Russia and China and other authoritarian governments willing to pay for and shelter hackers who target modern capitalistic structured systems; and we are losing.
If we do not fundamentally change the way our society is structured, and a touchscreen is all it takes for the bad guys to destroy average Americans, then we have sacrificed security to the gods of commerce, originally for the sake of convenience, but now as a necessity for functioning within the system. It may be time to return to cash under the mattress. At least the bad guys would be reduced to those with proximity to break and enter.
Continuing to provide personal information in such times is insanity yet it is useless to resist as this point since our personal information is already in the system. Maybe when hackers employed by Russian or Ukrainian or Chinese, or whomever, savage enough average Americans to create financial havoc in a once stable system we will began to realize how naive we have been. But it will likely be too late. There is more than one way to fight a war. I suggest we are already at war with Russia and China and other authoritarian governments willing to pay for and shelter hackers who target modern capitalistic structured systems; and we are losing.
1
Why should any of us pay to 'lock down' our information when it was the fault of Equifax in the first place that the info was stolen? They make money from our personal information--we get no cut in that. Sick of it all. Sick of credit card companies using their money to lobby against the consumer; sick of Sallie Mae/Navient using strong arm tactics to drain the last bit of life's blood from borrowers who started out as government borrowers, not borrowers from a private company. Call your congress person and make yourself heard.
9
When's the lawsuit and how do I join it?
Ok, 143 million Americans meaning most if not all American adults, right?
Ok, 143 million Americans meaning most if not all American adults, right?
8
Maybe you'd get lucky.
If the company settles for $1 billion, you might receive
roughly 7 dollars -- minus, of course, legal fees.
If the company settles for $1 billion, you might receive
roughly 7 dollars -- minus, of course, legal fees.
7
This kind of utter disregard for the rights and protections of consumers is exactly why I say we aren't living under a Democracy, but a Merchantocracy.... a government set up to protect the rights of businesses and corporations rather than the public. That's why the crimes of corporations and CEOs rarely make the front pages, but are usually buried on the back pages or in the "business section. TV news may cover them briefly but quickly pivot to stories of political corruption or personal scandal. Meanwhile, corporations can run rampant over the consumer, polluting the planet, producing defective products, providing shoddy services, etc. The crimes of banks like Wells Fargo and Bank of America should be national scandals but the most they get is a slap on the wrist. That's why I so admired former President Obama, who was one of the few Presidents to try and protect consumers from the unethical practices of corporations , credit card companies, insurance companies, and other corporate welfare cheats. And look what it got him.
8
Simple. The three senior execs need to be investigated for insider trading and the CEO/Chairman needs to resign.
7
I spent $80 and two hours this morning on a year of identity theft insurance and freezing credit reporting at three major bureaus, one smaller bureau and ChexSystems, because Equifax said this morning my info was most likely compromised. Will I ever get that time and money back from Equifax due to this breach? I doubt it. There's something morally bankrupt about this system.
8
One idea,
For example , if your song is famous and needs to be played in you tube, radio's Tv's etc. you collect royalties. the reason for that that song bring money to that business.
My private information has been sold across financial industry many times, because it brings money to those companies, I believe in this era , we need a gross correction. Whomever get my private in for for business purposes must pay royalties ( not a joking amount a good amount) so who busy it feels the pain to keep safe.
At this moment it is free to sell any business my private info without my knowledge.
Think about , today's business strictly about your private info nothing else.
For example , if your song is famous and needs to be played in you tube, radio's Tv's etc. you collect royalties. the reason for that that song bring money to that business.
My private information has been sold across financial industry many times, because it brings money to those companies, I believe in this era , we need a gross correction. Whomever get my private in for for business purposes must pay royalties ( not a joking amount a good amount) so who busy it feels the pain to keep safe.
At this moment it is free to sell any business my private info without my knowledge.
Think about , today's business strictly about your private info nothing else.
6
I just checked on line and it said there was a good chance my information had been compromised. I did not sign up for their service. When is Congress going to deal with issues that really effect Americans. I hope the top brass that sold their stock serve some big prison time!!
5
This is the future. All of our data is vulnerable and accessible to those who want it badly enough. I've already become a victim of tax identity theft this year...our accountant apparently was hacked. The point is, no matter what you do, this is only going to get worse. No one is safe. I personally will never have "smart" appliances or cars.
5
After Equifax’s massive data breach, some customers are thinking twice before accepting the credit bureau’s help.
After a data breach that impacted a potential 143 million U.S. adults, EquifaxEFX, -12.47% created a website that would allow consumers to check if they were affected. Customers who were told their personal information may have been impacted were given the following message: “Click the button below to continue your enrollment in TrustedID Premier.”
There’s one catch: Those who signed up to this TrustedID Premier security monitoring service for a year waive their rights to participate in a class-action lawsuit.
After a data breach that impacted a potential 143 million U.S. adults, EquifaxEFX, -12.47% created a website that would allow consumers to check if they were affected. Customers who were told their personal information may have been impacted were given the following message: “Click the button below to continue your enrollment in TrustedID Premier.”
There’s one catch: Those who signed up to this TrustedID Premier security monitoring service for a year waive their rights to participate in a class-action lawsuit.
4
Even better, I was told to come back in a few days to sign up. It didn't confirm my information had been hacked, and the "remedy" is days away.
1
DO NOT use equifaxsecurity2017.com to check if you were affected by the Equifax hack! The Terms of Service on that site will waive your right to participate in any class action lawsuit against Equifax.
12
That might be too broad a statement. The waiver appears to be limited to claims claims "arising from or relating to the subject matter of [the TrustedID Premier] Agreement." If there are damages, claimants could argue that they arose before entering into the TrustedID Premier Agreement and/or that they are unrelated. Also, it's notable that site does not require a click sign.
2
Regarding the title of this article: Since when are we "customers" of Equifax? The word implies some willing participation on our part.
11
Web site runs you around in a circle. No way to apply for protection. Probably being run by the hackers:))
2
Oh goody, the Equifax site says I was probably compromised, but I have to revisit the site on September 12th to enroll. Why do I have to wait until September 12th to get protection services? Why can't I just enroll today? What a farce. One needs to establish credit to get anywhere in life, but having credit opens yourself up to the risk of stolen identity. There has to be a better way.
5
I agree -- ridiculous. You don't have to wait to open a fraud alert or freeze your credit on your own. I recommend that option, and NOT waiting for them.
2
So the Equifax executives held on to the news, so they can sell their stocks, without taking a hit. Unbelievable! They should be doing a perp walk.
10
Let me get this straight. Days after the breach--well before the public was informed--three senior executives sold a pile of stock, a sale that they had not planned in advance, according to Bloomberg. That really makes me feel as if the company is looking out for my interests.
Last year, my bank had to replace my main credit card three times because of compromises. Fortunately, I did not experience identity theft. My card, with the same bank, was just replaced again a week ago. Why can't our tech-savvy country come up with better cybersecurity? My guess is that companies don't want to spend the money. They'd rather have the public spend theirs.
Last year, my bank had to replace my main credit card three times because of compromises. Fortunately, I did not experience identity theft. My card, with the same bank, was just replaced again a week ago. Why can't our tech-savvy country come up with better cybersecurity? My guess is that companies don't want to spend the money. They'd rather have the public spend theirs.
6
I have never heard the legal rationale of how credit reporting agencies are entitled to this data. I, as a Licensed Healthcare Worker, am bound by HIPPA to protect every jot and tittle of your personal information- to include demographics and financial data. These guys get it without our consent and sell it for profit. Moreover, it is usually flawed and of dubious accuracy.
Someone tell me where a Class Action Lawyer wants to proceed, I would like to shut these people down. My data is none of Equifax or anyone else's business, an d I am not creating an account on your website to see if you have compromised my personal information.
Someone tell me where a Class Action Lawyer wants to proceed, I would like to shut these people down. My data is none of Equifax or anyone else's business, an d I am not creating an account on your website to see if you have compromised my personal information.
10
Bloomberg is now reporting a proposed Multi-Billion Dollar Lawsuit.
Read for yourself:
https://www.bloomberg.com/news/articles/2017-09-08/equifax-sued-over-mas...
Read for yourself:
https://www.bloomberg.com/news/articles/2017-09-08/equifax-sued-over-mas...
1
Equifax, like Marriott, Target and the plethora of others who store out personal information without our consent or knowledge, is suggesting their remedy is to give us all 1 year of some personal data watchdog service. But my social security number does not change every year, it will still be there after their "free" year. After that year, why should I pay for their (and others') mistake.
If they want my personal information and can't keep it safe then they should be liable the rest of my life.
If they want my personal information and can't keep it safe then they should be liable the rest of my life.
15
The response that Equifax customer service gives to the individuals who may have been compromised is inadequate.
4
Note that if you opt in to Equifax's too-little-too-late "protections", you're also agreeing to arbitration for any disputes that may arise. In other words, you're waiving significant legal rights. Nice move, Equifax: "We'll protect you but only if you agree to not sue us."
I'm surprised the Times, which just weeks ago ran an op-ed called "Why Arbitration is a Rigged System", hasn't mentioned this in its coverage.
I'm surprised the Times, which just weeks ago ran an op-ed called "Why Arbitration is a Rigged System", hasn't mentioned this in its coverage.
19
Equifax’s offer of one year of free protection requires that you accept terms that include “arbitration” in the event of dispute. To my mind, their offer is hollow and worthless.
5
Jail time and it's time to shut these unscrupulous credit companies down. Just think...they knew our personal information was hacked and stolen but waited THREE MONTHS !! On top of this, the top three executives at Equifax's sold their stock before it was announced publicly ! This is worse than if someone broke into your home. Accountabilities and jail time !
14
I just checked to see if I was impacted by this hack. I was told that I was not. Time to round up the lawyers and put this company and others like them out of business.
10
Hospitals now also use Equifax to check to see if patients can pay their bills!
5
So after all this...what's Equifax credit score?
15
Their insider stock deals are way up!
5
there is one way, and one way only, to live in the modern world and not expose yourself to the absolute loss of wealth by carrying cash.
You must simply have accounts that insure losses, and check your uses every day, and notify the bank or credit card company or other lender on a day to day basis of any unauthorized charges - it's like brushing your teeth - you do it every day. Period.
You must simply have accounts that insure losses, and check your uses every day, and notify the bank or credit card company or other lender on a day to day basis of any unauthorized charges - it's like brushing your teeth - you do it every day. Period.
1
However, even carrying cash brings with it the risk of "asset forfeiture" seizures, which are clearly ILLEGAL, but which Gollum's DOJ is trying to protect (!). Any citizen should be able to possess cash, but our police departments and agencies have decided that's no longer allowed; that anyone with cash must be engaged in some criminal activity. Therefore, they feel free to STEAL cash (and anything else they determine may be "ill gotten gains") WITHOUT even charging one with a crime! This is an outrageous criminal tactic in itself.
Our society has drifted outside the "rule of law" in too many areas, but most noticeably in "law enforcement" itself.
Our society has drifted outside the "rule of law" in too many areas, but most noticeably in "law enforcement" itself.
4
and who has time to do this? at least carrying cash spares you this time (which in and by itself is probably worth more than the occasional robbery or two).
I find it rather peculiar that there are entities out there that can gather individuals' information without explicit permission, yet not be held wholly (meaning completely) responsible for not only safeguarding that data, but for any misuse of that data due to security breaches.
It is a bit like someone spying on you but doing nothing with the information gathered, and then claiming to have no responsibility whatsoever for the misuse of that data were it stolen.
I suppose my question is, how can data-harvesting/gathering be legal when there has been no explicit permission granted? Guess it is profitable enough to keep Congressional mouths shut.
It is a bit like someone spying on you but doing nothing with the information gathered, and then claiming to have no responsibility whatsoever for the misuse of that data were it stolen.
I suppose my question is, how can data-harvesting/gathering be legal when there has been no explicit permission granted? Guess it is profitable enough to keep Congressional mouths shut.
10
It's a good thing the businessman president has made a priority of going after 100,000 DACA protects instead of worrying about the electronic security of 143,000,000 Equifax customers.
11
Just another example of corporate greed by selling their stocks off after finding the problem and waiting to inform the public for several weeks.
8
Equifax's website does not tell you if you are breached. I followed the directions to see if I was beached and instead it enrolled me in a program I do not want to be apart of. After 4.5 hours of waiting they told me to call a number to talk to customer service for the breach. This number that is open from 7am - 1 am 24/7, I called 8am pst, twice it hung up on me, the third time it told me I called out of hours. The customer service for the breach is FAKE! All I got was a stupid video of the CEO who dumped his shares of Equifax in fear of losing his shirt when this went to the media. I am so overwhelmed with anger!
6
Equifax should be shut down. You have chosen to be the arbiter of everyone's personal and private information. You failed everyone. I don't see why people shouldn't be going to jail over this, especially their CFO.
I am a landlord and will never again use a credit reporting or checking service that has anything to do with Equifax.
I am a landlord and will never again use a credit reporting or checking service that has anything to do with Equifax.
15
Their help website (equifaxsecurity2017.com) seems like a total scam. I entered a fake 6 digit SSN, ("123456"), and a random last name ("Smith"), and it said my account data may have been breached. It appears to do nothing more than print out a message and tell you to come back at a later date.
5
Sadly enough, after having learned that my data had potentially been compromised, I attempted to enroll in the complimentary identity theft protection and credit file monitoring program the company offers, but they have also messed up this process as the links keeps taking one back to the information input page, end never leads to the completion of enrollment.
If they can't even get this right, they should certainly not be trusted with keeping sensitive data!!
If they can't even get this right, they should certainly not be trusted with keeping sensitive data!!
4
These companies should be abolished completely. Society existed before without credit reports, and it will continue to exist if credit report companies are abolished. They serve no purpose but to control and ruin people's lives.
Financial relationships with banks and landlords should be personal, as they were throughout history, before computers broke down interpersonal relationships, cost millions of people their livelihoods, and now control too many important aspects of our lives.
A healthy society does not need credit reporting companies. They need to be abolished and their practices of information gathering and storage outlawed.
Financial relationships with banks and landlords should be personal, as they were throughout history, before computers broke down interpersonal relationships, cost millions of people their livelihoods, and now control too many important aspects of our lives.
A healthy society does not need credit reporting companies. They need to be abolished and their practices of information gathering and storage outlawed.
8
A credit specialist on SF Bay Area radio this morning recommended that you *freeze* your account with each of the three reporting agencies. They then can't be accessed by outside organizations at all. It costs $10 to freeze it, $10 each time you unfreeze it. But if you aren't renting an apartment, buying a car or needing access to credit any time soon or frequently, it would seem to be a wise use of money.
5
how \ where does one go to put a freeze on your account?
Equifax has turned this hack into a scam opportunity, replete with their own inside illegal stock transactions:
"Bloomberg News reported Thursday evening that three company executives — Chief Financial Officer John W. Gamble; Joseph M. Loughran III, the president of U.S. information solutions; and Rodolfo O. Ploder, the president of workforce solutions — sold large amounts of their shares of Equifax stock totaling nearly $1.8 million in the days after the breach was discovered July 29. The Washington Post confirmed the sales based on Securities and Exchange Commission filings.
The stock trades were not part of a previous scheduled sale, federal filings show.
A company spokeswoman, Ines Gutzmer, said in an email Thursday night: “The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.”
On Thursday, after the company disclosed the hack, Equifax shares plummeted 12 percent in after-hours trading."
AND, if you try to find out if you've been affected by the hack, YOU CAN'T.
Instead, they try to get you to "sign up for theft protection". In other words, they attempt to make potential victims PAY THEM, but, in the process, they say nothing about verifying your "victim status".
Equifax seems to be a corrupted organization. BEWARE!
"Bloomberg News reported Thursday evening that three company executives — Chief Financial Officer John W. Gamble; Joseph M. Loughran III, the president of U.S. information solutions; and Rodolfo O. Ploder, the president of workforce solutions — sold large amounts of their shares of Equifax stock totaling nearly $1.8 million in the days after the breach was discovered July 29. The Washington Post confirmed the sales based on Securities and Exchange Commission filings.
The stock trades were not part of a previous scheduled sale, federal filings show.
A company spokeswoman, Ines Gutzmer, said in an email Thursday night: “The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.”
On Thursday, after the company disclosed the hack, Equifax shares plummeted 12 percent in after-hours trading."
AND, if you try to find out if you've been affected by the hack, YOU CAN'T.
Instead, they try to get you to "sign up for theft protection". In other words, they attempt to make potential victims PAY THEM, but, in the process, they say nothing about verifying your "victim status".
Equifax seems to be a corrupted organization. BEWARE!
4
I find it very hard to believe that the CFO and other company executives were not immediately informed of a hack that impacted about 1/2 of the U.S. population. I wonder if Jeff Sessions will initiate insider trades charges against these people. Wait, what am I talking about....of course he wont.
3
Kim Jong Un doesn't need to fire missiles at us, they just need to unleash their legions of hackers. We are sitting ducks.
7
I'll bet if your a victim from this breach and someone with your info does harm to you financially Equifax will just lower your score. Nice
8
Does anyone know if credit freeze data was stolen?
If you had placed a freeze with Equifax, they provided a PIN that you would need to unfreeze it. I am looking to find out if that was compromised.
If you had placed a freeze with Equifax, they provided a PIN that you would need to unfreeze it. I am looking to find out if that was compromised.
2
143 million is almost 57% of the adult population of the US! That is absolutely insane.
5
The sad part is Congress will do nothing to stop this from happening again. Trump and his bunch of merry men will say that it any limits on the credit agencies will stunt job growth.... but he will completely ignore the protections that individuals need. This would be a perfect thing for the Consumer Financial Protection Bureau, but of course, the Republicans have no interest in letting the agency fulfill its purpose of protecting the public. Sad.
3
Is Equifax going to provide unlimited insurance in the event someone uses THEIR data to steal from me? For the rest of my lifetime? WIth an unlimited cap?
They and others are making millions from data that they were never authorized to collect. But then who were the fools that made laws allowing them to collect anything under the sun unless someone "opts out" of each individual data collector. I have always said that anyone wanting my information should have my permission - an "opt in" - but big business bought the politicians and had the rules made the other way around.
They and others are making millions from data that they were never authorized to collect. But then who were the fools that made laws allowing them to collect anything under the sun unless someone "opts out" of each individual data collector. I have always said that anyone wanting my information should have my permission - an "opt in" - but big business bought the politicians and had the rules made the other way around.
6
I think it is critical to note that if you sign up for their credit protection service (TrustID), the TOS indicate that you may be waiving your right to any class action lawsuit.
5
Which, of course, was the object of that "offer". The more I learn about Equifax, especially the insider trading by top officers, right after they found out about the hack, the less I trust them to hold ANY consumer information, let alone be in a position to affect the credit standing of those consumers.
Time for an overhaul of this "industry". I'm feeling more like a vampire's victim every day.
Time for an overhaul of this "industry". I'm feeling more like a vampire's victim every day.
2
And.....Equifax's top executives SOLD major amounts of their stock ahead of the story going public!!!
Insider trading!!!! Deplorable!
Insider trading!!!! Deplorable!
5
By the logic of the U.S. financial system, everyone who's personal information was hacked should have their credit rating reduced by Equifax!
1
At a fee!
2
When I was in college, there was these small-time auto repair shops lining crowded street close to where I lived. These guys used to sprinkle little thumb tacks and nails on the road at night, and in the morning when traffic picked up, they'd have scores of people lined outside their shops to get their flat tires fixed. This Equifax situation reminds me of that. Oh, and that year of free credit reports they're offering, that's quite a relief because we all know that most criminals stop trying after a year. I'd be more outraged but I have no outrage left.
1
Any software written by humans, no matter how secure, can be hacked by other humans.
It is all in the name of convenience. Just think how fast and conveniently someone can get a credit report. No hassle, no delay, no extra cost. Living lives at the rate of the internet has lulled all of us into a sense of security that doesn't exist. The ONLY foolproof way to make data secure is to make it inaccessible. Pull the plug on rapid access and extreme convenience.
"Oh but we couldn't tolerate the inconvenience." OK then you can tolerate the hacks and the inconvenience of having to get rid of stolen identities. Those are the only two choices. Any software "experts" that claim something different have yet to create a system that hasn't been hacked. Maybe they can make it harder, but they can't make it perfect. But they really can't hack if you just pull the plug and create an electronic gap between the huge data bases of personal information and hackers.
It is all in the name of convenience. Just think how fast and conveniently someone can get a credit report. No hassle, no delay, no extra cost. Living lives at the rate of the internet has lulled all of us into a sense of security that doesn't exist. The ONLY foolproof way to make data secure is to make it inaccessible. Pull the plug on rapid access and extreme convenience.
"Oh but we couldn't tolerate the inconvenience." OK then you can tolerate the hacks and the inconvenience of having to get rid of stolen identities. Those are the only two choices. Any software "experts" that claim something different have yet to create a system that hasn't been hacked. Maybe they can make it harder, but they can't make it perfect. But they really can't hack if you just pull the plug and create an electronic gap between the huge data bases of personal information and hackers.
2
"...the Equifax breach raised serious questions about whether Congress needed to rethink data protection policies."
Boy, thinking doesn't do in that case - in my mind it seriously mandates it. And while they're at it the agenda should include an item to investigate how well for-profit companies are actually suited to judge over most citizen's financial fate. I find it appalling that three private companies have access to almost all of your finances, and their judgement rules over everyone in a God-like manner.
Of course the nefarious behavior of Equifax' executives requires a criminal investigation.
Sadly, protecting the ordinary citizen/consumer is the last item on the Trump administration/GOP agenda;in fact they do their best to dismantle the few consumer protection laws this country has. In their ideology all consumers are good for is to shut up and pay.
Boy, thinking doesn't do in that case - in my mind it seriously mandates it. And while they're at it the agenda should include an item to investigate how well for-profit companies are actually suited to judge over most citizen's financial fate. I find it appalling that three private companies have access to almost all of your finances, and their judgement rules over everyone in a God-like manner.
Of course the nefarious behavior of Equifax' executives requires a criminal investigation.
Sadly, protecting the ordinary citizen/consumer is the last item on the Trump administration/GOP agenda;in fact they do their best to dismantle the few consumer protection laws this country has. In their ideology all consumers are good for is to shut up and pay.
2
When you go to the Equifax page to check if you have been hacked -they attempt to sell you Equifax Premier as they tell you that you are one of the people comprised! Fire everyone at the Equifax.
2
Wow...that's a scam worthy of Wells Fargo.
This story needs to be displayed more prominently. 143 million people is more than half of all American adults. This isn't like your credit card being stolen so you cancel it and get a new card--this is everyone's social security #, driver's license #, past addresses--everything thieves need to steal your identity. And they now have that data for more than half the population because the giant company that has all our personal info (whether we like it or not) couldn't be bothered to invest in cybersecurity. Don't worry, though...I'm sure they'll be fined a couple hundred million (or $1 for each American whose life is potentially affected).
1
Normally I'm not normally a person who is sue happy but I think a class action suit is in order. These are the same people who will fight with you FOREVER if you have a dispute on your credit report. They don't want to remove it and they don't care how it affects you at all. Now they have opened up the potential for half the US to have their identities stolen!
1
The "customers" of Equifax are the people who buy its credit reports. The people whose data may be found in those reports are essentially victims of a predatory information peddling scheme. Their data has always been for sale. If it was kept "private", this was simply to maintain Equifax's pricing.
It's time to sue this company out of existence.
It's time to sue this company out of existence.
2
I have long felt, based on the ads we receive along with phishing, that all our personal info is known to most everyone. But Equifax executives went beyond greed by putting their own interests--profits, stock options and who knows what else, ahead of protecting customer information. The three execs who sold their stock after learning about the breach should be jailed and lose their wealth.
1
"Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported."
This is (should be) the main story here.
This is (should be) the main story here.
3
The greedy irresponsibility of the executives and board members of Equifax calls for punishment and financial penalties that maybe even the business-worshipping Republicans in Congress and the White House should be willing to exact. Especially since their voters are equally affected.
Equifax and large corporations like this handling personal information need to be held 100% accountable. There is no excuse. Hit them will a 10 billion in fines and I bet they find better software!!!!
4
Forget about using the link in this article to check your account.
With 45 percent of it's clients affected it's been impossible to get past the verification process.
With 45 percent of it's clients affected it's been impossible to get past the verification process.
1
Equifax has a web site where you can check to see if the breach impacted you.
So, I thought to myself - If I were a hacker, I might hack that new site, in order to gather in all the little chicks who eluded me in the first hack.
To check to see if you are impacted, they ask for your last name and the last six digits of your SSN. Since the first three digits are based on place of birth, it seems as though the last six digits coupled with a last name would be a nice juicy chunk of info for a hacker.
I was too curious; I checked; I am not impacted -- yet.
So, I thought to myself - If I were a hacker, I might hack that new site, in order to gather in all the little chicks who eluded me in the first hack.
To check to see if you are impacted, they ask for your last name and the last six digits of your SSN. Since the first three digits are based on place of birth, it seems as though the last six digits coupled with a last name would be a nice juicy chunk of info for a hacker.
I was too curious; I checked; I am not impacted -- yet.
1
For a start, immediately jail the three executives who sold $1.8 million shares in Equifax two days after the hack and six weeks before it was made public. Charges? Securities fraud and being first rate numbskulls.
2
One would think this company, which has entrusted itself to hold people personal identifying information, would be more careful about protecting that data. One would hope it would employ the best of best information security specialists. Obviously its doesn't. It failed. And what is most telling about the event is that the executives sold off stock, pocketed their profit, because they knew the value of the stock would drop once the word got out. That shows that they really care nothing about protecting the information which they use to determine credit worthiness, all they care about is their own wealth. Each and everyone of them should be fired and banned from working in the financial industry ever again.
73
Top management needs to be fired. Those that sold stock should be hit with securities fraud. Both Republican and Democrat should come together to see that these teams are criminally charged. There is no good enough reason not to.
1
Fired? They should be prosecuted fro insider trading and put in jail! Martha Stewart went to a prison cell for less.
1
Apparently the honor system, or even a sense of ethics, doesn't have much influence with these corporations. Observing the malfeasance of Wells Fargo, Johnson & Johnson and other corporations I believe that there will be a day when the integrity of a company will be the most powerful way to attract customers.
I'm not a "customer." I'm a victim, bought and sold by the company.
112
Just another example of another greedy company more concerned with public image and profits than with the public good. If this were Europe, the regulators would have come down on Equifax with a vengeance. In the US, not so much although a number of individual states do have statutes in this area. We need federal regulation in this area to protect the public. Equifax generously offers free credit monitoring for those affected. How about fair compensation for those affected? How about Equifax actively working at their own expense with consumers who suffer harm from Equifax's incompetence and their breach of their duty to protect confidential information? No. no, no, going that far might impact corporate profits. Generally speaking, some folks want more regulation and some folks want to reduce it but anything to excess in either direction is a poor solution. There needs to be a balance. Equifax needs to make good on their malfeasance and the public deserves that appropriate regulations be in place to protect them and every citizen should contact their elected representatives demanding that an appropriate level of regulation be implemented on the federal level to protect consumers.
Everyone affected should actively monitor the class action lawsuits that will result from this, otherwise the law firms will get millions and victims will only get one year of free credit monitoring. I was the lead plaintiff in the class action against Google, Apple, etc, regarding their illegal collusion to suppress wages. I saw first hand the business model of the parasitic class action firms who enrich themselves and never get real justice for the victims. I intend to actively oppose any result that doesn't, first, recover real damages for the victims, and, second, that doesn't result in strict limits on what data these firms can collect and store.
4
We are not Equifax customers. Do not describe us as such. We have no choice whether to do business with this company.
18
I received a letter from my bank's fraud unit, with whom I've been banking for 30 plus years, that someone had applied to open a credit card in my name. When I called the bank, they informed me that the application contained my actual social security number but an old address. Further, someone had tried to access my bank account using an android device multiple which resulted in a lockout due to incorrect password attempts.
I filed an identity theft report with my local precinct and thus have a free credit freeze with all three reporting agencies for the next seven years.
I could not figure out how that information was stolen. Lo and behold, I just checked on the Equifax site and my information has been compromised.
I advise anyone who has had their information compromised to check their credit reports and further, to file an identity theft report with their local precinct. In such case, all three reporting agencies must provide free credit monitoring/lock for 7 years.
I filed an identity theft report with my local precinct and thus have a free credit freeze with all three reporting agencies for the next seven years.
I could not figure out how that information was stolen. Lo and behold, I just checked on the Equifax site and my information has been compromised.
I advise anyone who has had their information compromised to check their credit reports and further, to file an identity theft report with their local precinct. In such case, all three reporting agencies must provide free credit monitoring/lock for 7 years.
10
I'm tired of companies with sensitive financial information attempting to weasel out of their legal and public relationship liabilities by offering the sop of "one year of free credit card monitoring" and pushing off the work on their potential victims.
The lax protection of data from foreseeable hacking attempts should be punished by statutory fines, companies should be made liable for class actions for negligence, should also be liable for any money damages suffered by victims and t set up consumer call centers and back office operations to mitigate individual cases (that is, spend the hours on the phone with other financial institutions investigating and reversing any claimed fraudulent charges and getting restitution for victims, rather than pushing this work off onto victims).
Were this to happen, and the risks of hacking put on the corporations who can be the only solutions to the problem, this lax handling of personal data would be addressed pronto.
The lax protection of data from foreseeable hacking attempts should be punished by statutory fines, companies should be made liable for class actions for negligence, should also be liable for any money damages suffered by victims and t set up consumer call centers and back office operations to mitigate individual cases (that is, spend the hours on the phone with other financial institutions investigating and reversing any claimed fraudulent charges and getting restitution for victims, rather than pushing this work off onto victims).
Were this to happen, and the risks of hacking put on the corporations who can be the only solutions to the problem, this lax handling of personal data would be addressed pronto.
15
Is this a "mushroom cloud" scare to drum up business?
The lack of security is appalling and the time it took Equifax to make the breach public is inexcusable. And their "help" is just as bad. I used the link from this article and found that my data may have been breached. I've spent the last hour trying to enroll in the Equifax complimentary ID protection service. The site does not work, it puts you into a repeating loop that goes nowhere. The phone number dedicated to what Equifax calls "the incident" hung up on me each of the five times I tried calling. Regular customer service people have no answers.
This is ridiculous. An entity that has tremendous power over people's lives via their scores and reports needs to be far, far, far better than this. I'm disgusted.
This is ridiculous. An entity that has tremendous power over people's lives via their scores and reports needs to be far, far, far better than this. I'm disgusted.
18
I am not Equifax's customer. I have never bought a product from them. They had my personal information before I even had a credit card. The title "...Affected 143 Million Customers" requires a correction.
20
I don't understand the concept of setting up the security freeze. All the info that must be entered to lock down access to my credit is the info that the hackers presumably now have. I freeze it, then the fake me unfreezes? And what makes me think the website where I have to provide the information is secure? So, if the hackers didn't have my ss# in the first breach, they'll surely get it when I enter all my info while trying to protect myself this time.
This is no way to live. The energy required to protect ourselves at every turn is not sustainable. Dear Congress and Corporations, the minions are getting fed up.
This is no way to live. The energy required to protect ourselves at every turn is not sustainable. Dear Congress and Corporations, the minions are getting fed up.
15
If you set up freezes, the thieves won't be able to set up new accounts in your name. Identity theft is expensive and time-consuming to address.
The executives running this company are criminals, no different than the people who stole the information. It's time to abolish these fraudulent companies that regularly and knowingly sell false personal information. And if they were negligent in protecting people's privacy, they need to go to jail.
11
Why in god's name would I give enter the last 6 of my SSN into the system that was just hacked? Is that really the only way we can find out if our information was compromised? There should be some other way for customers to find relief that does not involve relying on the morons who got us into this mess in the first place.
15
The hack was discovered at the end of July.
Equifax execs dumped stock before the hack news went public.
That is a crime.
Is anyone in the justice dept investigating this or are they all out persecuting black people per bigot Jeff Sessions' instructions?
https://techcrunch.com/2017/09/07/equifax-managers-dumped-stock/
Equifax execs dumped stock before the hack news went public.
That is a crime.
Is anyone in the justice dept investigating this or are they all out persecuting black people per bigot Jeff Sessions' instructions?
https://techcrunch.com/2017/09/07/equifax-managers-dumped-stock/
23
Yes, too bad their buddies - the International Mafia Robber Barons with The Con Don as their American talking head - have taken over OUR government.
4
@Tom Joad: The metaphorical superhero-businessman who is supposed to be the savior of capitalist America is a myth.
What do we really get when we entrust the country to so-called businessmen?
Crooks, that's who!
Crooks who make laws that enable them to steal from the poor and middle-class and give to the rich.
Crooks who refuse to enforce laws meant to protect the poor and middle-class from being exploited by the rich.
Crooks who repeal laws and regulations that are supposed to protect the poor and middle -class from the rich.
These business crooks are in politics for one reason only: to skew the laws in their favor and screw everyone else out of their few remaining hard-earned dollars. Time and again they prove themselves heartless and inhumane.
But we keep electing them because somehow they have brainwashed many of us into believing that their brand of exploitative capitalism is the only viable system for our country. Any other system and, they tell us: "You won't be free!"
But we are not free now. We are slaves to the system they have set up. No one who has a job, owns a home, has been in school or the military can escape their system. It tracks you, punishes you for breaking its rules, and keeps all of us enslaved in their treadmills. We don't eat or get shelter unless thier rules are obeyed.
I was fed up with this long ago, and every day brings fresh proof that most businessmen cannot and should not be involved in governing. We need to vote them all out.
What do we really get when we entrust the country to so-called businessmen?
Crooks, that's who!
Crooks who make laws that enable them to steal from the poor and middle-class and give to the rich.
Crooks who refuse to enforce laws meant to protect the poor and middle-class from being exploited by the rich.
Crooks who repeal laws and regulations that are supposed to protect the poor and middle -class from the rich.
These business crooks are in politics for one reason only: to skew the laws in their favor and screw everyone else out of their few remaining hard-earned dollars. Time and again they prove themselves heartless and inhumane.
But we keep electing them because somehow they have brainwashed many of us into believing that their brand of exploitative capitalism is the only viable system for our country. Any other system and, they tell us: "You won't be free!"
But we are not free now. We are slaves to the system they have set up. No one who has a job, owns a home, has been in school or the military can escape their system. It tracks you, punishes you for breaking its rules, and keeps all of us enslaved in their treadmills. We don't eat or get shelter unless thier rules are obeyed.
I was fed up with this long ago, and every day brings fresh proof that most businessmen cannot and should not be involved in governing. We need to vote them all out.
3
In reply@ tomjoad New York
This is an SEC issue--it's called insider trading. Any executive/board member, etc. who has non-public knowledge of a material fact concerning Equifax may not trade the stock based on that information. Let's hope the SEC throws the book at these guys; they should go to o jail, but probably won't.
This is an SEC issue--it's called insider trading. Any executive/board member, etc. who has non-public knowledge of a material fact concerning Equifax may not trade the stock based on that information. Let's hope the SEC throws the book at these guys; they should go to o jail, but probably won't.
5
OUR United States Government should take over ALL private for-profit companies that have access to our most sensitive information. WE THE PEOPLE must demand that there be stringent regulation on the digital world and that OUR government agencies that hold t his critical information be fully funded and have the latest, most innovative security possible so OUR information isn't stolen. WE must demand that anyone who breaches the security be imprisoned for life.
This is VERY SERIOUS. We must not wait for "Congress" to fix it. WE must demand they do it now. They can start by outlawing "push" technology and the supposed "online contracts" that allow digital entities to give away OUR personal information and use it to profit beyond belief.
NOW is the time to take back control of OUR lives.
This is VERY SERIOUS. We must not wait for "Congress" to fix it. WE must demand they do it now. They can start by outlawing "push" technology and the supposed "online contracts" that allow digital entities to give away OUR personal information and use it to profit beyond belief.
NOW is the time to take back control of OUR lives.
6
Curious what will happen when people whose information is stolen, try to purchase a car, house, etc. based on their compromised credit. Will the credit reporting agencies take this into consideration? My guess is not. They'll just do what they always do and deny the loan, then leave it to the consumers to wade through the morass of trying to straighten it out. A few years ago I got my credit report from Experian. Three other people were on the report, one didn't even have my last name. Took months to straighten out.
5
Maybe companies like Equifax that handle mass amounts of sensitive consumer data should be federally regulated and face civil and criminal penalties for disclosures. If hospitals and health systems can face civil and criminal penalties for disclosing patient data - $100 to $50,000 per violation (per record) - why shouldn't companies like Equifax face similar federal penalties? It might incent them to strengthen safeguards and security practices.
6
Pay cash for everything. Get out of the credit racket so you don't need a FICO score.
4
Consumer Reports recommends (when SS# has been compromised) freezing access to credit reports from the Big 3 and then temporarily lifting the freezes when needed. Watch out for the Big 3 trying to sell "locking and unlocking" services - which cost a high monthly fee (unless you want that), while "freezing" is a one time low cost fee.
5
NYTimes - if you pursue and investigate this as vigorously as you do the man currently in the White House, you could make a real difference. Organisations holding data of this sort like this MUST be regulated.
7
Imagine what it will be like when hackers target self driving cars.
5
It's time to drag these Equifax executives in front of a Senate Committee.
13
The DA's office would be a better place to be dragged in front of
1
We are NOT customers of Equifax. We are their product.
11
Thanks for your security Equifax. Aren't you folks the same company selling your
"Credit Security" to consumers on TV?
"Credit Security" to consumers on TV?
4
Could those who have been impacted possibly been the same who were hacked at OPM and offered Equifax free services for a year?
4
Of course, the programmers imported on the H2B visas from Pakistan, India and Russia and China to work in places like Equifax, not to mention the big banks and MC and VISA for that matter, are vetted beforehand to be sure the code they produce doesn't have prearranged hacks in place.
Just kidding. Of course they're not.
Just kidding. Of course they're not.
8
"Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported."
Charming. Not only are these crooks not harmed with large fines, but they made off like bandits with inside knowledge, cashing out $1.8M. I know that is diddly squat compared to their compensation, but it's a nice little shiv in the ribs of the rest of us.
Charming. Not only are these crooks not harmed with large fines, but they made off like bandits with inside knowledge, cashing out $1.8M. I know that is diddly squat compared to their compensation, but it's a nice little shiv in the ribs of the rest of us.
10
This company needs to be accountable. They have no motivation to allocate enough resources to security, How about a class action suit. That would put them out of business, you say? We would all be better off without them.
5
Two things to note here.
First, the headline is misleading. Those affected are not "customers". We did not choose to do business with Equifax. Our personal data is the product that's being sold, and their customers are the businesses which pay Equifax for credit information.
Second, by signing up for their service to be protected from their security failure you are giving up your right to sue and agreeing to binding arbitration unless you opt out in writing. Details are in the terms and conditions.
First, the headline is misleading. Those affected are not "customers". We did not choose to do business with Equifax. Our personal data is the product that's being sold, and their customers are the businesses which pay Equifax for credit information.
Second, by signing up for their service to be protected from their security failure you are giving up your right to sue and agreeing to binding arbitration unless you opt out in writing. Details are in the terms and conditions.
11
[[Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered.]]
Right. Sounds fishy. But what I want to know is if the executives bought back those shares at a discount after the price dropped.
NYT...HELLO!!!...please investigate.
Right. Sounds fishy. But what I want to know is if the executives bought back those shares at a discount after the price dropped.
NYT...HELLO!!!...please investigate.
4
Yes, Sen. Warner, you need to focus on cyber security. Geez.
2
"Somebody" needs to claw back the $1.8 million dollars those thieving company officers reaped in selling stock sub-rosa on the news and before the 13% drop in the stock price. They ought to be fired, too. Surely Wells Fargo has some employment openings for them.
5
Wall Street cratering the world economy.
Wells Fargo opening false accounts and other grifts so people owe fees for services they didn't ask for or know about.
Now Equifax. A credit score co. that I never asked for, nor agreed to.
All have cost me and mine $$$ yet, not one ('cept couple of nobody's in WS) have done jail time.
If Corp. are now people too, then they, the Corp. et al, need to be sentenced to incarceration and all their goods confiscated and made to pay restitution to those involved. NOT a fine. NOT paid to our crony Gov. To We The People.
This has got to stop.
https://www.ted.com/talks/nick_hanauer_beware_fellow_plutocrats_the_pitc...
Wells Fargo opening false accounts and other grifts so people owe fees for services they didn't ask for or know about.
Now Equifax. A credit score co. that I never asked for, nor agreed to.
All have cost me and mine $$$ yet, not one ('cept couple of nobody's in WS) have done jail time.
If Corp. are now people too, then they, the Corp. et al, need to be sentenced to incarceration and all their goods confiscated and made to pay restitution to those involved. NOT a fine. NOT paid to our crony Gov. To We The People.
This has got to stop.
https://www.ted.com/talks/nick_hanauer_beware_fellow_plutocrats_the_pitc...
9
This is not acceptable. This company makes money through me and millions of others. They do not accomplish anything on their own. I was never asked if I approved of them selling me like a roasted pig in bar. I have to rely on this idiots to hold my life in their hands. Yes my life because our society has decided that if you don't have credit, you are worthless. You don't exist. You might as well be dead. On top of this the insults keep coming. They offer a year of protection from their own mistakes to those poor souls that got caught in their inadequacies to protect something that actually don't belong to them. My life don't belong to this companies that are leeches getting a free ride from USA residents and others around the world. It is their fault, they should at least give a 10 years protection to those, in their incompetence, destroyed. They are 100 times worst than Yahoo. At least with Yahoo you have a choice of walking away. You have a choice of not holding anything important in your email account. I got caught in the crossfires of Gov incompetence during the OPM fiasco.
6
Equifax should be forced to provide free monitoring for all parties involved in this forever. Being allowed to monetize their own mistake -- since they're saying you have to pay for the service after one year -- is a seriously perverse back door incentive for them to profit off this problem.
130
They obviously cannot be trusted to monitor anything. free or otherwise.
Agree. And consider this--what if they weren't hacked at all but just want to scare people into paying for their monitoring service?
1
Centralized possession of consumer credit information has made the major credit reporting companies too big to fail. The problem is that they have an unfair advantage in their use of information and little incentive to reform their acts to ensure that an individual's information is kept safe from hacking, identification theft and other fraud. They must be held accountable to much higher standards than currently exist.
8
What about the executives who sold stock days after the hack was discovered but before it known publicly?
131
If that is not "insider trading", what is?
It's a pretty fair bet that nothing's going to happen to those thieves, which is outrageous. They should already be doing perp walks and appearing before judges.
They discovered the breach on July 29th. Wasn't it just so convenient to delay this big announcement more than a month to coincide with reporting of at least three major natural disasters in North America and escalating threat of nuclear war?
Why did this article that affects half of the USA go into the Business Day section, soon to disappear off of the front pages? I really have to wonder at that editorial decision.
11
Why do we even rely on companies like Equifax? It seems to be a racket that they collect all your data and financial history, come up with a score and provide that to banks who then determine whether to give you a loan or credit card where they collect even more money from you as well as data and then create this cycle with the credit reporting agency. It's not something that anyone wants, but has to live with, which doesn't seem fair to me.
5
IT professional here.
Most broad cyber thefts of personal info do not usually get social security numbers AND drivers' license numbers so this theft is especially ultra serious. Indeed the majority of thefts get a credit card and name, but little more than that. This theft is astonishing in every possible way.
Expect identity theft in the USA at all new levels and proportions -- directly because of this information theft at Equifax.
For any of us working in IT security and familiar with USA "credit reporting agencies" this was just a matter of time. You cannot put so much sensitive information in one place and expect it to remain safe and secure.
An Editors Pick comment says these thefts are "preventable." But from an IT perspective that is a more complicated issue than many non IT realize.
Most broad cyber thefts of personal info do not usually get social security numbers AND drivers' license numbers so this theft is especially ultra serious. Indeed the majority of thefts get a credit card and name, but little more than that. This theft is astonishing in every possible way.
Expect identity theft in the USA at all new levels and proportions -- directly because of this information theft at Equifax.
For any of us working in IT security and familiar with USA "credit reporting agencies" this was just a matter of time. You cannot put so much sensitive information in one place and expect it to remain safe and secure.
An Editors Pick comment says these thefts are "preventable." But from an IT perspective that is a more complicated issue than many non IT realize.
11
After they do this to almost half of the country, the have the audacity to charge $5. to lock down your credit reports. All 143 million of us should be demanding that Equifax pays the $5. to each of the credit reporting agencies. Not the consumer. Maybe we can legislation to require it, if we are lucky and Paul Ryan's info has been stolen as well. It's also time we were allowed to change social security numbers if ours has been compromised. It can't be too hard for the govt. to figure that one out. New Number = Old number. Even a computer can do that.
6
Read this article. The hacking went on for months. Equifax supposedly did not discover it until months after it stopped. It took months longer to notify the public hundreds of millions of records were hacked. Then, they put put up a web site to check if your records was hacked. Only, when you go there, you sign up for a free one year service but get no information on whether your records were hacked or not.
What does this tell you? First, they had to know they had a problem for months. Then, they hid the problem from the public for months longer. Now, they still don't know whose records were hacked or they do know but won't disclose it.
I am getting new credit cards from banks but can't get any information from Equifax. Have the banks been told what Equifax knows while those hacked are still kept in the dark?
This is a massive failure by Equifax. Those responsible should be terminated starting at the highest level, not just because of the breach but also because of the past and continuing delayed disclosure and the cover up.
What does this tell you? First, they had to know they had a problem for months. Then, they hid the problem from the public for months longer. Now, they still don't know whose records were hacked or they do know but won't disclose it.
I am getting new credit cards from banks but can't get any information from Equifax. Have the banks been told what Equifax knows while those hacked are still kept in the dark?
This is a massive failure by Equifax. Those responsible should be terminated starting at the highest level, not just because of the breach but also because of the past and continuing delayed disclosure and the cover up.
10
This is pure negligence by a company that consumers cannot choose to avoid, and it happens because the consequences are basically nil. Because the market cannot work to fix this -- that would only be possible if consumers could take their business elsewhere -- it needs a strong regulatory hand. That should include mandatory 3rd party security audits and adoption of industry best standards. It also needs severe penalties for breaches so that when companies evaluate how much to invest in security, there is a motivation to spend enough.
Until those things happen, expect the same thing to happen again and again. Personally, I've had my data exposed in four breaches over the last two years, resulting in a half-dozen credit cards canceled due to fraudulent charges. And what recompense do I get for the failures of these companies? Nothing.
Until those things happen, expect the same thing to happen again and again. Personally, I've had my data exposed in four breaches over the last two years, resulting in a half-dozen credit cards canceled due to fraudulent charges. And what recompense do I get for the failures of these companies? Nothing.
6
Unfortunately, this has been the norm for years: companies like this get the profits and the public are given the liabilities. While the CEO should suffer the consequences of insider trading (charging him for incompetence and failure to protect PII is about as likely to happen as Irma missing Florida), will that ever happen?
Perhaps the penalty should be based on that paid by Martha Stewart (who served her time and admitted her crime). She got 6 months, so this guy should be sentenced to proportional time, with the type of prison being proportionally tougher.
Perhaps the penalty should be based on that paid by Martha Stewart (who served her time and admitted her crime). She got 6 months, so this guy should be sentenced to proportional time, with the type of prison being proportionally tougher.
2
www.equifaxsecurity2017.com
Anybody getting this site to work? I can't get past the part where you enter your name & SS#. Have to verify by clicking lots of road signs. Then it asks for name & SS# again...
Anybody getting this site to work? I can't get past the part where you enter your name & SS#. Have to verify by clicking lots of road signs. Then it asks for name & SS# again...
2
Yes, I just used it for both if us, no problem. Try again later? Good luck!
Maybe their CEO's need a hefty personal fine also...
Maybe their CEO's need a hefty personal fine also...
4
Got hacked by two medical offices and the fiasco I have to go through to freeze my credit, being charged to unlock it blah, blah and yet our credit worthiness is in the hands of those that control us but they can't control themselves. And we as consumers aren't even told how our score is derived- a secret. What is wrong with this picture? Accessing the reporting sites are as misleading as the credit card companies- sleazy marketing. Quit using cards, credit and paying cash. All a racket with outrageous prices and have quit playing their games. Bottom line, I still have to deal with their sloppiness. And while I am bashing big entities, sick and tired of the spam and telemarketers that can't be controlled, or won't be by our big telecommunications industry. Again, dealing with sloppiness and control. Another money making racket. Yeah, make America great again...
4
It amazes me that the senior executives will not only get away with selling their shares ahead of the news of the breach (where is the SEC for insider trading? Oh... it's a 'Trump' world now), but that there will be NO punitive damages or criminal charges against the company or management.
Meanwhile, my information will be available and sold to criminals all over the world, and when my identity is stolen, it will take many years and thousands of dollars of MY OWN MONEY to fix it.
This is just amazing.
Meanwhile, my information will be available and sold to criminals all over the world, and when my identity is stolen, it will take many years and thousands of dollars of MY OWN MONEY to fix it.
This is just amazing.
4
In-advance recommendation: request to your bank the replacement/change of credit cards numbers and start to setup alerts from suspicious transactions, I'm not sure if is possible to request a new SSN (this is cornerstone of all).
This security breach in Equifax, will bring long term consequences. I called them to cancel my account and stills asked me "but why you want to cancel your subscription our site is secure....".
This is just the beginning....
This security breach in Equifax, will bring long term consequences. I called them to cancel my account and stills asked me "but why you want to cancel your subscription our site is secure....".
This is just the beginning....
1
Equifax has long been a source of BOGUS information about US consumers. Of the three, they are more likely to confuse SS numbers when reporting on individuals. Their company CCC fakes low-ball car valuations for the insurance industry looking to total out cars.
There should be fines for false reporting.
There should be fines for false reporting.
2
Why does the New York Times refer to the consumers whose data Equifax collects as "customers" of Equifax? I am not a customer of Equifax. Banks, credit card companies, etc. are Equifax's customers. I'm just a pawn of the credit data industry.
11
Oh, good, so now they're incompetent in addition to being crooks.
4
All 3 credit reporting agencies should permanently freeze everyone’s credit information to prevent all unauthorized use of credit for identity theft. Credit card companies issuing credit should be required to go through multiple layers of background/credit checks prior to approving credit.
It is time for strict regulation….no one should have their personal information stored in some super data base for the benefit of these corporations to share and sell private, personal and sensitive information. These credit agencies operate in concert and total impunity for their actions. Consumer information is shared and sold expressly for profit and without permission of the individual that the information belongs to. I do not ever recall opting in so that these companies can share my personal information; yet, these agencies make it very difficult to opt out.
It’s a disgrace and the whole process sickens me.
It is time for strict regulation….no one should have their personal information stored in some super data base for the benefit of these corporations to share and sell private, personal and sensitive information. These credit agencies operate in concert and total impunity for their actions. Consumer information is shared and sold expressly for profit and without permission of the individual that the information belongs to. I do not ever recall opting in so that these companies can share my personal information; yet, these agencies make it very difficult to opt out.
It’s a disgrace and the whole process sickens me.
133
Equifax should go the way of other financial companies who abused their responsibilities: Merrill Lynch, Lehman, Bear Stearns, Countrywide. Put them out of business.
4
If you want strict regulation of these companies you and everyone else is going to have to vote Democratic.
Class action lawsuits are not the answer. These would make a bunch of tort lawyers fabulously wealthy, and do the public no good at all. Perhaps people would get $5 off a year of credit monitoring, and the company would promise to be more diligent next time. Wow.
Given the magnitude and probable consequences of this breach, criminal charges should probably be brought against corporate leadership. At some point, executives need to be held liable for gross negligence by the companies they run. This sounds like gross negligence.
The executives who sold their stock should be investigated for criminal insider trading.
Meaningful fines should be levied against Equifax, where meaningful means in the multibillion dollar range - enough so that the stock price suffers. Stockholders cannot be held personally liable for damages, but if the fines are large enough to affect the price of the stock, perhaps investors will learn to exercise more diligence regarding the competence of corporate management. And at least the money from fines will go the the public coffers, and not to line the pockets of the tort bar.
Given the magnitude and probable consequences of this breach, criminal charges should probably be brought against corporate leadership. At some point, executives need to be held liable for gross negligence by the companies they run. This sounds like gross negligence.
The executives who sold their stock should be investigated for criminal insider trading.
Meaningful fines should be levied against Equifax, where meaningful means in the multibillion dollar range - enough so that the stock price suffers. Stockholders cannot be held personally liable for damages, but if the fines are large enough to affect the price of the stock, perhaps investors will learn to exercise more diligence regarding the competence of corporate management. And at least the money from fines will go the the public coffers, and not to line the pockets of the tort bar.
100
How about meaningful fines be dispersed to those consumers damaged by these data breaches? Maybe class action doesn't significantly redress the individual damage done, but it is the only means for David to take on Goliath. If the middlemen lawyers are to be removed, then fines should go straight to the aggrieved, not government coffers.
Seems they should also be on the hook for developing an alternative to the social security number and replacing all the existing ones with new longer numbers.
Re class action lawsuits, you reportedly waive your right to participate in a class action if you sign up for Equifax's one year of "free" protection.
http://money.cnn.com/2017/09/08/technology/equifax-monitoring-services/i...
http://money.cnn.com/2017/09/08/technology/equifax-monitoring-services/i...
Equifax and the other major credit reporters do not care if files containing your data are not safe from hackers. All they care about is that the data is theirs to sell for a profit. This will not change until laws are changed to hold them criminally responsible. Two and a half months passed before this intrusion was noticed and, coincidentally top executives sold stock just about that time. I look forward to the news, delivered by hand-wringing executives, that a handful of low-level employees have been fired. Then the CIO will receive a bonus for his fine handling of this disappointing event.
100
And why are we not asked if we want to be 'sold' to someone?? Who is making this decision on our behalf?
To me the question really is who gave Equifax the right to investigate my credit history? I never signed an agreement for them to do so. My credit cards have all come from banks with whom I have a financial relationship. Nevertheless, I have a credit rating with the 3 major rating companies. Who authorized that?????
168
You did when you applied for credit. Even though you have a financial relationship with the bank issuing the credit card, your credit rating will be checked and it is the card network (Mastercard, Visa etc) which takes the credit risk. Your bank just issues card and may also process payments etc. YOur bank will also run a credit check for a mortgage or personal loan.
Exactly. I've felt this way my entire adult life. Why is this long-standing practice even tolerated - these companies should all have to ask ME about gathering info on me. I've always objected to all this, and have done my level best to stay out of the credit game altogether. Once my student loans were paid off 25 years ago and I pay off a tiny car loan every 10-12 years, I simply avoid the whole credit process other than to have one credit card, which is an unfortunate necessity. I feel the same way about social media - I don't have any of those accounts, either. It's a mystery to me why our supposedly rugged-individualist society has tolerated the stupid credit agencies and now all the Internet-based invasions of our private lives as long as it has.
1
When are these criminally negligent imbeciles going to be held accountable? By criminal imbeciles I mean the executives who run Equifax - as well as Target, etc. - who have allowed breaches of this magnitude through their refusal to spend on adequate safeguards. While no system can be unfailingly protected against hacking, the explanation for these massive thefts of PII always seems to include references to inadequate security and lax oversight. This is the third major incident involving Equifax alone. Clearly they are the gang that couldn't shoot straight of the financial data world. When will Congress act to create significant penalties? A previous comment suggests fines of $100 per person per incident. I suggest $1,000. Perhaps a $1.34B fine - plus criminal penalties, individual fines and clawback of bonus income levied against management - might convince these executives that investing in adequate data security is worthwhile.
84
Any company that wants to be in the credit reporting business which involves handling sensitive identity data, should have to pass an independent data security audit and certification process. Companies that allow an egregious breach such as this one should suffer penalties include fines and suspension or loss of certification, meaning they can no longer engage in that business.
In this case, it's NOT really so nice to see that federal officials can stay right with the private companies. The Office of Personnel Management basically handed out PII on over 20 million individuals. Not just the quaint loss of a couple of numbers, but potentially the contents of entire personnel records. No admission of fault. No apology. One person resigned. Federal employees didn't seem to matter more than Equifax "customers" do.
The problem is that Congress and the courts are controlled by Republicans. Have you noticed that businesses have become somewhat cavalier with the rules since the transition?
The unspoken element here is Microsoft. IBM once warned people that Windows and windows software would never be secure and people and companies who wanted cyber security ought to be opting for OS/2 and its software. And later when Microsoft was found guilty of monopolistic practices and ordered to breakup, Bush and his team stopped the actions for the good of the economy. In short, there will never be an end or control of these things in a world that uses Windows.
A conclusion that should emerge from the continuous on going breaches that the Ethernet may be a great thing for expression of opinion and creativity but the current model is not secure enough for business. We should keep the current Ethernet for entrainment but should have another parallel network which is much more secure. It will require you to login with a chip, fingerprint, eye print, explicit hardware device, or what ever, and yes, nobody is anonymous. You do not have to go there, but if I communicate with my bank I preferred a dictatorship than the wild west.
2
Equifax no longer answers the phone.
Ho do I stop ANY information from being sent to them????
They are no longer players in this game (sadly, by experience: I always get the lowest scores from them).
Ho do I stop ANY information from being sent to them????
They are no longer players in this game (sadly, by experience: I always get the lowest scores from them).
5
The most disturbing element of the story was the sale of shares in the company by employees before the breach was made known to the public. Every one of them should be fired! Ensuring personal gain on their failure to secure against potential loss by others who never even subscribed or gave permission to the company to be tracked for credit worthiness is a lowlife behavior!
11
Fired? At their level they would likely be receiving a bonus for their leadership in handling the situation.
Nothing less than jail time is called for.
Nothing less than jail time is called for.
2
Correction, they should be charged with criminal insider trading and locked up.
1
Signing up for Equifax's 1-year credit monitoring service also waives your right to sue. How's that for a consolation prize?
10
Would you please provide a link and the text that shows that?!
That should NOT be allowed! No doubt, if true, they buried it in the fine print.
Clearly, what this means is that people should FREEZE their credit reports -- with all 3 agencies -- rather than accept the monitoring from Equifax.
In addition, Congress should pass legislation overturning their offer -- and making such subterfuge -- signing away rights in exchange for so-called protection -- illegal. We won't old our breath, however!
That should NOT be allowed! No doubt, if true, they buried it in the fine print.
Clearly, what this means is that people should FREEZE their credit reports -- with all 3 agencies -- rather than accept the monitoring from Equifax.
In addition, Congress should pass legislation overturning their offer -- and making such subterfuge -- signing away rights in exchange for so-called protection -- illegal. We won't old our breath, however!
1
Will the executives be charged with illegal insider trading?
9
I wonder why we are still tied to numbers as means of identification. With the double exponential evolution of artificial intelligence, the security measures we have today will be totally obsolete in the next couple of years. What about imaging and biometrics as means of identification?
If your biometrics data are stolen, you can't just change them like you could change account numbers.
I love how they call us customers.
9
I'm tired of re-assurances of companies that chastise consumers about their passwords while all along their websites have auto-features (save login ID's, credit card, name and address).
3
This is so troubling in so many respects. One troubling thing that I have not seen other commenters mention - Equifax chose to suddenly make this information public today. Why today? Could it be because everyone's attention is focused on Hurricane Irma?
6
Shouldn't Equifax be required to notify people whose personal information was stolen?
15
Couldn't have happened to a better company.
Can we get class actions back so we can all be compensated?
Can we get class actions back so we can all be compensated?
8
This is nonsense- gamble should be fired and investigated by SEC- Congress should hold hearings and get smith et al under oath- and their CIO should be summarily fired-just as any captain in the navy is dismissed for running aground
4
They won't even tell you if you've been affected unless you sign up with their credit monitoring service (with your SS number)! And by signing up, you waive your right to sue them. Please report on that disgusting aspect too.
14
That's almost the most egregious part of this. Diabolical!
1
Equifax executives sold stock after data breach, before informing public.
http://www.marketwatch.com/story/equifax-executives-sold-stock-after-dat...
http://www.marketwatch.com/story/equifax-executives-sold-stock-after-dat...
9
"Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported."
Really? These executives are shameless. People who have their identity stolen get almost no help from these credit companies and have to fight for years to clear their record. These executives don't do their jobs properly and are rewarded with millions of dollars. They should be forced to put that $1.8 million in a fund to help the inevitable victims, not to mention slapped with fines. (Which reminds me, why is no one at Wells Fargo in jail yet?)
The unfettered greed in this country is out of control.
Really? These executives are shameless. People who have their identity stolen get almost no help from these credit companies and have to fight for years to clear their record. These executives don't do their jobs properly and are rewarded with millions of dollars. They should be forced to put that $1.8 million in a fund to help the inevitable victims, not to mention slapped with fines. (Which reminds me, why is no one at Wells Fargo in jail yet?)
The unfettered greed in this country is out of control.
8
So why hasn't Mr. Gamble been arrested for securities fraud for selling those shares? I can't imagine a clearer case of prior knowledge.
8
And, recently, I had a question about my Equifax credit report -- which query was supposed to be a one-time freebie-- and was asked to supply my password. Well, the only other time I'd sought information from Equifax, was back in about 2001 or 2002. Couldn't remember it offhand; couldn't find it in the batch of stickies with passwords for this and that.
So everyone on earth can get access to my data -- and take the pittance I get from Social Security and part-time job -- while I am permanently locked out.
There have always been deranged and evil people everywhere. But in the good old days, they were limited in the number of people they could harm. Now, they can kill us all by going on line.
So everyone on earth can get access to my data -- and take the pittance I get from Social Security and part-time job -- while I am permanently locked out.
There have always been deranged and evil people everywhere. But in the good old days, they were limited in the number of people they could harm. Now, they can kill us all by going on line.
3
"The company said that it discovered the intrusion on July 29 …"
Oh well, at least they notified us promptly.
Oh well, at least they notified us promptly.
6
They had to sell off a lot of their shares in stock before doing so. Nice.
3
Called Equifax recently and was so SURPRISED and DISAPPOINTED there Call Center was in India..... NOT surprised this would happen. Yes, there is no protection from hacking, but to allow People from a Foreign Country open access to USA citizens information is more dangerous not knowing if they are sharing this information on a daily basis.
5
That companies like Equifax, that wield life or death power over our financial lives, exist at all is outrageous.
That there are three such companies is beyond comprehension.
That there are three such companies is beyond comprehension.
5
It's called corporate Fascism.
2
They don't care. They will never be prosecuted. They will continue doing this business as usual. Get used to it.
This is the new Corporate Fascism that each and every one of us faces every day now. We have absolutely no control over our lives and financial and other personal information. It's ALL out there and anyone can purchase it for a small fee.
This is the new Corporate Fascism that each and every one of us faces every day now. We have absolutely no control over our lives and financial and other personal information. It's ALL out there and anyone can purchase it for a small fee.
7
Disturbing on so many levels, especially for those of us who have already been victims of identity fraud. To make it worse, the Chrome browser generates this warning when you follow the link in this article (in the "How to Protect Your Information Online" section) to the Equifax website to check if your information has been compromised:
"Deceptive site ahead
Attackers on trustedidpremier.com may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards). " and provides a link to "Learn more" (which says the site may be fraudulent)
Safari issues a similar warning. One concern is that our attempts to reduce the impact of this breach could actually make things worse. We certainly can't trust the credit bureaus with our data, but
"Deceptive site ahead
Attackers on trustedidpremier.com may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards). " and provides a link to "Learn more" (which says the site may be fraudulent)
Safari issues a similar warning. One concern is that our attempts to reduce the impact of this breach could actually make things worse. We certainly can't trust the credit bureaus with our data, but
2
In my opinion, the fleeting statement about the sale of $1.8M of Equifax stock by its executives is the most telling part of the article. Where is our crack insider trading investigative team when we really need them?
6
No mention of the massive, pre-announcement coincidental stock sale by the three top Equifax executives who claimed to "know nothing" about the cyberattack. That's odd.
8
I suggest a class action lawsuit with 143 million plaintiffs. This company has ALL of my identifying data without my permission and gave it away to thieves. Already, I have wasted hours freezing credit, changing out credit cards, changing passwords, setting up secondary authentications, verbal passwords and pin codes with the IRS etc. One year of credit monitoring is an insult. Why bother? The data stolen lasts for all of our lives, forever. Why shouldn't the free credit monitoring? These companies, especially ones with past breaches need to face real consequences. Jail time, bankruptcy, crippling fines and compensation to their victims are a start. The government needs to focus its attention on developing technology to hackproof social security numbers which are currently woefully insecure, suitable for 1930, not 2017. I didn't ask for this (again) and I know that identity theft can ruin your life along the lines of divorce, serious illness and so on. Soon everyone will understand this. And, just like that, we all have something in common now. Too bad it has to be this.
5
A lawsuit with that many plaintiffs would result in s miniscule reward per plaintiff. The lawyers would benefit most.
@Blue Jay - The point of the class action isn't restitution for the victims. The point is to penalize companies who steal a little bit of money from thousands of people. If a company cheats a million people out of $50 dollars, not many individuals are in a position to take on thousands in legal fees (plus their time) to get justice, but that company just made an easy $50 Million. A no brainer for the company to rip people off.
If instead a few lawyers spend years fighting a class action and take home most of the money, why should that bother me? I was going to be out the money in either event but it punishes the party who ripped me off and creates a deterrent reducing how many such scams happen in the future.
If instead a few lawyers spend years fighting a class action and take home most of the money, why should that bother me? I was going to be out the money in either event but it punishes the party who ripped me off and creates a deterrent reducing how many such scams happen in the future.
1
This time the customary apologies and statements of earnest intent aren’t enough. Heads should roll in Atlanta, starting at the top.
2
Class-action lawsuit brought by 143,000,000 people. Put them out of business.
4
Isn't selling stock after learning about a major security breech but BEFORE it is announced, a case of insider trading?
6
This article isn't accurate relative to what Equifax is doing for customers. The website that Equifax set up to deal with the breach www.equifaxsecurity2017.com isn't functional, and ironically is currently being blocked by my anti-virus software because the site has apparently been "corrupted." The phone number posted by the company will automatically disconnect callers after 5 minutes on hold. This is a completely dysfunctional and ineffective response to what for many people is not simply an inconvenience but a monstrous violation of privacy. The company's offer of one year's free credit monitoring is a ludicrous attempt at redress that falls absurdly short. What could fairly compensate a customer for the burden of a future that will forever more include credit locks, phishing scams, and the potential loss of a life's savings? And how should society address the widespread existential threats to the safety and security of retirement funds, health care information, and local voting systems -- all of which rely on the data left unprotected by the company? These idiots deserve jail time.
7
There goes my credit score ...
2
Time to implement widespread biometric identification in the US? That would make it much more difficult for those who have stolen your information to use it to pretend to be you. If India can do it with 1.3 billion people, we can.
2
Equifax and all of the credit bureaus have run dirty for decades. They are not a consumer service - they are simply another tool of big business used to hammer the little guy. Anyone who has ever had to deal with one of these companies - especially when you have been a victim of fraud - knows what the word "complicit" means. The government has done nothing to stop them and there is no recourse. These folks are not your friends.
5
“‘This is clearly a disappointing event for our company,’ Richard F. Smith, chairman and chief executive of Equifax, said in a statement.”
Disappointing, really? Why not just add a frowny face?
But thanks for letting me sign up NEXT WEEK for free protection of my data that was already stolen from you. :(
Disappointing, really? Why not just add a frowny face?
But thanks for letting me sign up NEXT WEEK for free protection of my data that was already stolen from you. :(
6
Wow! so much for taking preventive measures. This is why I'm the "luddite" who still pays her bills by check via snail mail. I also check my accounts daily and reconcile my checkbook. Bring back bank tellers and savings accounts!
6
You can feel like you're doing the right things but all your info is already collected and now handed over to others for legal or illegal profit motives without your knowledge.
3
This is only getting worse. Many large organizations are in a rush to get solutions to market as quickly as possible, and have adopted [agile and devops] processes that rarely allow time for proper vetting of security. And FWIW, they are blaming consumers for this rush, and maybe they're right. There really is no "fix" for this, short of doing what "Paul Rand" said in another comment; start regulating the use of personal data about citizens and holding organizations that fail to protect it accountable. The amount of time/money being spent by large organizations to be compliant with GDPR was an eye opener for me. Why the investment? Because fines for being non-compliant are based on a percent of revenue. It's clear this is the only way to make the transformation that is needed.
2
Why do these credit reporting companies have social security numbers at all? I thought these federally-issued numbers existed to enable the US government to track and pay our retirement funds. They've become national ID numbers for use by private companies which do not employ the number holder. Past due time for legislation to control this.
2
Let's help ourselves, the U.S. Postal Service and employment: Any requests for sensitive personal information must be done in writing to the gatekeeper companies of such information and replied by the gatekeeper in writing and mailed back to the approved requesting entity. It may be slower; it may not be 100% safe 100% of the time to keep all sensitive information safe but it will prevent instant identity theft of tens or hundreds of millions of people at one time or over some time period with little effort.
2
This is why the use of Social Security Numbers, s,m for other than Social Security, should be banned. This sia second major breach at a so called consumer credit reporting firm; Experian and T-Mobile a couple years ago.
I now have to pay Experian an annual fee for credit monitoring because of their breach. Now, Equifax is going to force me to do the same thing. What is bad about this, unlike Experian, all my personal information is available to credit fraud and tax fraud.
There are zero protections against this. The so called consumer reporting agencies operate mostly without any over sight. They make a mistake you have to prove it to some back office so called customer care specialist in India. And the mistake never gets fixed.
These companies survived on charging for credit reports, now that they have to provide free reports, they need new revenue. What better way is to charge people for credit monitoring because they can't secure consumer data.
I really hope a nice class action suit si brought against these people fro lives that will soon to be ruined. Unfortunately, our so called president, and do nothing Congress, will do nothing.
I now have to pay Experian an annual fee for credit monitoring because of their breach. Now, Equifax is going to force me to do the same thing. What is bad about this, unlike Experian, all my personal information is available to credit fraud and tax fraud.
There are zero protections against this. The so called consumer reporting agencies operate mostly without any over sight. They make a mistake you have to prove it to some back office so called customer care specialist in India. And the mistake never gets fixed.
These companies survived on charging for credit reports, now that they have to provide free reports, they need new revenue. What better way is to charge people for credit monitoring because they can't secure consumer data.
I really hope a nice class action suit si brought against these people fro lives that will soon to be ruined. Unfortunately, our so called president, and do nothing Congress, will do nothing.
6
The solution is simple. The next time I buy a car or something requiring credit, I will ask the seller to provide me the name of their credit reporting agency. If it is Equifax, I will inform them that I will buy elsewhere. Free enterprise, ain't it grand?
5
I am sure Equifax and the others credit bureaus will be quick to correct your credit report due to the hacking and you won't be stuck proving that that their negligence has resulted in these negative reports.
Right...
And you know, "they do not necessarily get confirmation about whether they were affected. Instead, the site provides an enrollment date for its protection service, and it may not start for several days." doesn't sound the least cynical, or like they are trying to cash in (remember the "free" period is only one year) on the problem they created. No, not at all.
Right...
And you know, "they do not necessarily get confirmation about whether they were affected. Instead, the site provides an enrollment date for its protection service, and it may not start for several days." doesn't sound the least cynical, or like they are trying to cash in (remember the "free" period is only one year) on the problem they created. No, not at all.
5
It is unbelievable that this has happened again. It is shocking how arrogant Equifax's executives have reacted to this situation. Surely their sale of 1.8 million dollars of stock is a criminal act. Let's see if any one of them is fired.
People who are responsible for building I.T. infrastructure for major corporations and government institutions tell me that it is a matter of routine that concerns about privacy and security are routinely thrown out the window. Managers are far more concerned about delivering the project on time and under budget than they are about doing the job right.
People who think that these hacking incidents are unavoidable need to wake up. They will only happen so long as and indifferent public allows it to happen.
People who are responsible for building I.T. infrastructure for major corporations and government institutions tell me that it is a matter of routine that concerns about privacy and security are routinely thrown out the window. Managers are far more concerned about delivering the project on time and under budget than they are about doing the job right.
People who think that these hacking incidents are unavoidable need to wake up. They will only happen so long as and indifferent public allows it to happen.
9
Let me guess - Equifax has a clause in their contracts that prevent class action lawsuits.
To whoever did the hack please release a bit of the personal data of the lawmakers who are against better consumer protection. Believe me that will get their attention!
To whoever did the hack please release a bit of the personal data of the lawmakers who are against better consumer protection. Believe me that will get their attention!
10
Equifax should be held criminally liable.
9
That equifax is offering a year's free service is insulting. The company knew about this breech several months ago, plus several of their executives profited financially. Yes, assume your data was compromised and set up either fraud alerts or freezes or your accounts.
The telephone number they provided is useless. There are so many customers calling that it took 4 calls to get through, after 15 minutes of being on hold their system disconnected you. Hold the CEO, the CIO and CTO responsible and fire them all.
The telephone number they provided is useless. There are so many customers calling that it took 4 calls to get through, after 15 minutes of being on hold their system disconnected you. Hold the CEO, the CIO and CTO responsible and fire them all.
8
A first real test for Jeff Sessions and his Justice Department. The Equifax executives who cashed in their stock after learning of the breach must be indicted for insider trading and remanded to a Federal Jail pending trial.
14
Don't hold your breath!
Good thing that the law now puts the risk of loss for false charges on the credit card companies and the banks .
Surprised that the Republicans haven't done away with this consumer protection.
Wonder if we should make the companies like Equifax who were hacked shoulder some of whatever losses occur -- taking it off consumers and merchants.
Surprised that the Republicans haven't done away with this consumer protection.
Wonder if we should make the companies like Equifax who were hacked shoulder some of whatever losses occur -- taking it off consumers and merchants.
1
Where is the class action suit I can join? Someone please point me to it.
I never gave Equifax permission to access or store personal data about me. And now they expose me to risk of identity theft as a result of their not storing that data securely?
How are they not responsible for causing me emotional duress at minimum and financial ruin at worst? They knew about this at the end of July – and they did not make it public until September? Who's interests were they serving in not releasing this information as soon as they became aware that they had been compromised? They were clearly not serving my interests or those of other Americans who's information they hold.
We need a Congressional investigation into the legality and liability of these 3rd party "credit rating" companies. They hold great power to cause harm and there is no outside oversight at all.
I never gave Equifax permission to access or store personal data about me. And now they expose me to risk of identity theft as a result of their not storing that data securely?
How are they not responsible for causing me emotional duress at minimum and financial ruin at worst? They knew about this at the end of July – and they did not make it public until September? Who's interests were they serving in not releasing this information as soon as they became aware that they had been compromised? They were clearly not serving my interests or those of other Americans who's information they hold.
We need a Congressional investigation into the legality and liability of these 3rd party "credit rating" companies. They hold great power to cause harm and there is no outside oversight at all.
12
This headline says "customers" had their data stolen. How am I a customer when I have never agreed to any type of relationship with this company?
6
We the little people pay the taxes and have to sweat out our credit scores, in addition to worrying about innumerable payments due to manage household expenses. Those recipient corporations, and the jokers who are monitoring the credit score game, could care less about the little people. Because if one of them folds, a new one will soon appear. There are no sufficient legal protections in a breach of this kind, one of which affected me when China somehow glommed onto the security information of tens of millions of Federal employees with clearances. Isn't it too bad, but also telling and typical, that the newest department of the Federal government, CFPB, is probably going to disappear soon?
6
I guess it affected some more than others...
Three Equifax executives sold a combined $1.8 million in stock just days after the company discovered a major breach of its data system, but well before it disclosed the hack publicly.
The cyberattack between mid-May and July was disclosed by Equifax on Thursday. The attack exposed the Social Security numbers and other sensitive information of about 143 million Americans.
The stock sales were executed on Aug. 1 and Aug. 2 by Chief Financial Officer John Gamble and two other executives, Rodolfo Ploder and Joseph Loughran. Equifax said it discovered the hack on July 29. Bloomberg News first reported the divestitures.
The sales effectively insulated the executives from a downturn in Equifax's stock Thursday. The stock dropped 13 percent in extended trading after the announcement of the breach.
The executives claim they "knew nothing" of the cyberattack, or what is commonly called the Sgt. Schutz defense.
Three Equifax executives sold a combined $1.8 million in stock just days after the company discovered a major breach of its data system, but well before it disclosed the hack publicly.
The cyberattack between mid-May and July was disclosed by Equifax on Thursday. The attack exposed the Social Security numbers and other sensitive information of about 143 million Americans.
The stock sales were executed on Aug. 1 and Aug. 2 by Chief Financial Officer John Gamble and two other executives, Rodolfo Ploder and Joseph Loughran. Equifax said it discovered the hack on July 29. Bloomberg News first reported the divestitures.
The sales effectively insulated the executives from a downturn in Equifax's stock Thursday. The stock dropped 13 percent in extended trading after the announcement of the breach.
The executives claim they "knew nothing" of the cyberattack, or what is commonly called the Sgt. Schutz defense.
11
What is outrageous is that Equifax kept silent for over thirty days. So that now we are playing catch up with the criminals.
Really no different than wells Fargo opening accounts unbeknownst to customers or Goldman betting against their customers investments in 2008. just to mention two of many.
"We are beset on all sides by the inequities of the selfish and the tyranny of evil men"...Perhaps ?
Really no different than wells Fargo opening accounts unbeknownst to customers or Goldman betting against their customers investments in 2008. just to mention two of many.
"We are beset on all sides by the inequities of the selfish and the tyranny of evil men"...Perhaps ?
5
Another big failure of a for-profit enterprise allowed to have so much power over American citizens. Are we done with the conservative myth of privatization of everything as the ultimate economic model? One good thing: enough class action suites by the 100 plus million people affected to send this company into oblivion. Too bad the three executives who managed to make a nice buck out of this will still laugh all the way to the bank though.
3
Now,the hacked data will be available on the dark web. Such hacking attacks happen at regular intervals,and no nation is safe. Even government data gets hacked. The society does not enjoy protection from hacking. The users are at the receiving end. When Pentagon is not safe from hacking,you and me are the most vulnerable creatures . No protection,and there is a prayer on a user's lips that the data is not misused. The best way to prevent such hacking is go back to the old days. If credit information is required,maintain registers ,and give it in writing about the credit-worthiness of a customer,and send the information through courier or by post. It is a fool-proof method. It will also result in employment. Why such agencies are needed? Making enquiries with banks is sufficient - the customer has not given any trouble to the bank ,maintains account as per the norms,and has not defaulted on payment.
5
A lot was supposed to change but has not and does look like will not. The US government is the largest spender of the tax payer supported credit card which allows for spending which will never be paid off. Imagine hackers stealing from that pool of tax payer money along with the millions who already are doing with their fradulent schemes.
2
So, let me get this right....Equifax has known of the breach for over a month, but victims of the security breach, such as myself, are only now learning about this. And why aren't the CFO and other execs who sold stock options immediately after learning of the breach, not being charged with insider trading? Further, why were the victims of the breach not automatically provided heightened security of their info (such as credit freezes)? I happen to pay attention to the news and read the newspaper. Many hundreds of thousands affected may not know that their most private information may have been stolen and are unaware that they need to take special steps to secure their identity? I am outraged with Equifax.
3
I got a credit freeze from all three credit bureaus. Cost $$ to get and each time I need it lifted, I get charged more $$. Supposedly only the credit bureau and I know the data necessary to have the freeze lifted. Now I know that is not true. So, is this "service" worth anything? It seems not. Equifax needs to pay greater restitution than a year of free, useless, "credit protection service".
3
I'm not a big fan of class action lawsuits, but it's time. Some smart lawyer needs to take these companies to task with an award big enough to bankrupt Experian and make its colleagues sit up and take notice. This is the the only business model when, if they make a mistake, we, not they, are forced to correct it and suffer the consequences.
4
This type of hacking is another form of terrorism, just as the hacking into our 2016 election was.
We need the congress to step up and respond with the same speed and intensity as it did after 9/11 and pass legislation requiring the companies that allowed such sloppy work be held accountable in a way that will affect their viability, just as terrorism affects our lives.
We need our government to stand up for our people, not just the corporations.
We need the congress to step up and respond with the same speed and intensity as it did after 9/11 and pass legislation requiring the companies that allowed such sloppy work be held accountable in a way that will affect their viability, just as terrorism affects our lives.
We need our government to stand up for our people, not just the corporations.
2
That three companies already have detailed private information about you that they sell at a profit to other companies is the real problem. To Equifax, here's the world's smallest violin playing just for you. You have violated our right to privacy and you are just as guilty for amassing private information as the hackers. Of course the F.B.I. will protect those with the money; the credit reporting agencies and the clients that buy our personal information.
2
Did anyone notice when going to www.equifaxsecurity2017.com (listed in this article) and then trying to check the impact or enrolling in the credit monitoring that www.trustedidpremier.com is not even an https site? I kind of find that odd that my google browser says security error when trying to enroll on a website for free credit monitoring. Makes me think they hired a great company to support them that does not even use the new standard web protocol for exchanging information.
2
Wow. They sold stock after discovering the security breach, but ready before it was made public. Isn't that the definition of insider trading?
4
Equifax says that it will enroll affected people free in its TrustedIDPremier identity protection program, but the links do not work. There is an infinity loop where one is asked to enter their last name, last six numbers of social security number, and prove their not a robot. That tells you if you are affected, and advises you to click a link to continue enrollment. Every link on the enrollment page simply takes back to where you were first asked to enter your last name, last six digits and prove you're not a robot. No wonder they got hacked if they cannot set something this simple up properly.
3
Given the website and the free ( one year, limited time offer) it almost looks like they hacked themselves to get more "customers".
3
"... three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered."
I feel like this interesting little tidbit of info should have been placed near the top of the piece. Isn't this basically insider trading?
I feel like this interesting little tidbit of info should have been placed near the top of the piece. Isn't this basically insider trading?
4
It's insane that these companies still store sensitive data in clear text. Encryption should be the default, you would think!
4
Equifax offers an 'extended' 7 year fraud alert but you have to provide a police report to justify it. They, and the other agencies, should waive that requirement and enable anyone to request the extended fraud alert.
The extended fraud alert requires anyone issuing credit against your Social Security number call you on the phone using a number that *you* supply with the extended fraud alert application. That helps defeat fraudulent credit applications.
How do we force Equifax to do this? Write our Congressman?
The extended fraud alert requires anyone issuing credit against your Social Security number call you on the phone using a number that *you* supply with the extended fraud alert application. That helps defeat fraudulent credit applications.
How do we force Equifax to do this? Write our Congressman?
2
The police don't like doing theae reports either. Getting them to act is like pulling teeth. Another barricade to an already messed up system.
1
These companies take data about us, sell it around and control our lives with it. All Equifax can do is offer us 1 year of monitoring? Come on! I want to see a serious penalty applied here! Who do they think they are?
What is Equifax's loss here? "We had a breach...so sorry...here's one year of monitoring" Really?!
Who will cover the cost of time and expense if, I mean, *when* a person suffers due to this breach?
What is Equifax's loss here? "We had a breach...so sorry...here's one year of monitoring" Really?!
Who will cover the cost of time and expense if, I mean, *when* a person suffers due to this breach?
3
And now they're offering 1 free year of free monitoring after which you're supposed to pay the very same company money to monitor breeches. If I was a conspiracy theorist (I'm not!) I'd argue they allowed the breech so they could charge consumers even more money.
3
"This is clearly a disappointing event for our company...." Let's try something like, "We have failed the trust of our millions of customers."
When Wendy's says they are out of vanilla and I can only have chocolate that is a 'disappointing event'.
I just checked the credit rating for Equifax. It would seem that Equifax has a credit rating higher than 1% of the population- that would be the prison's inside trader population to be exact.
When Wendy's says they are out of vanilla and I can only have chocolate that is a 'disappointing event'.
I just checked the credit rating for Equifax. It would seem that Equifax has a credit rating higher than 1% of the population- that would be the prison's inside trader population to be exact.
4
Equifax's Chairman is "disappointed" by the breach? His wallet should be lighter. The credit rating companies know they are hackerdom's ultimate challenge and should have managed data security on that basis. A "gee I'm sorry and to make it up, will let you know for free if you have to spend a year and hire a lawyer to prove you didn't request the Visa card issued in your name to someone in the Ukraine" is not enough.
These clowns need skin in the game. There must be financial costs that senior and IT must pay from their basic and incentive compensation, not the corporate till. At minimum senior management and the corporation should be held jointly liable. Here is something useful for the Consumer Protection Bureau.
These clowns need skin in the game. There must be financial costs that senior and IT must pay from their basic and incentive compensation, not the corporate till. At minimum senior management and the corporation should be held jointly liable. Here is something useful for the Consumer Protection Bureau.
2
Ok. Nobody can protect us, any more than anybody can protect us from carrying big amounts of money around with us.
But in that case, they only get the money we carry.
We have become so sophisticated that they can get get all the money we own, everywhere.
Those of us with a few thousand in a bank account may chortle at your loss of billions of money you stash offshore that you made here on our labor, but decide not to pay taxes on - boo hoo.
And we might have a laugh at the fact that the people you wouldn't pay enough, went to work for those who would, and are now bleeding your chintzy behinds dry.
And we might think that it is time that you, who so unfairly distributed the wealth - record profits - your companies enjoyed on the labor we generated to your CEO's and Executive Officers and Board Members and stockholders and left us out of the dole for so many years - stole from us - and now complain like the thief who objects to the "redistribution" of the money in the wallet he took from you.
Cash your check now, and spend it. Great economic strategy.
But in that case, they only get the money we carry.
We have become so sophisticated that they can get get all the money we own, everywhere.
Those of us with a few thousand in a bank account may chortle at your loss of billions of money you stash offshore that you made here on our labor, but decide not to pay taxes on - boo hoo.
And we might have a laugh at the fact that the people you wouldn't pay enough, went to work for those who would, and are now bleeding your chintzy behinds dry.
And we might think that it is time that you, who so unfairly distributed the wealth - record profits - your companies enjoyed on the labor we generated to your CEO's and Executive Officers and Board Members and stockholders and left us out of the dole for so many years - stole from us - and now complain like the thief who objects to the "redistribution" of the money in the wallet he took from you.
Cash your check now, and spend it. Great economic strategy.
1
To put this in perspective, most news organizations mention the % of the total US population impacted - roughly 40%. But that is an underestmate. That number includes infants, children and adolescents who do not have credit at this point of their lives. Roughly 196M Americans are over the age of 21, the core group that has credit ratings, independent purchasing power, independent credit etc. The hack impacts about 74% of that group. That number is staggering and upsetting. And puts almost every single adult in the US at risk. This is the new terrorism, cyperterrorism and so far, our leaders have been silent.
4
The free service they are offering allows you to lock and unlock Equifax credit reports. Hmm. The problem is that the bad guys won't need to - they will use their ill gotten data to obtain credit reports from the other two providers. How does this service protect me? It does not. Only if the bad guys are dumb enough to apply for credit with a company that uses Equifax and not the other two companies. I can't count on that, nor should you. So what to do? The only way to protect your credit is with a (paid!) subscription to a service that works with All Three Companies - Equifax, TRW, Transunion. Equifax should be providing this to all affected individuals, for free, for a minimum of three to four years.
1
Anyone who logs onto the Equifax site to get help (seemingly just a sales pitch) apparently hasn't absorbed the meaning of the security breach. Companies like AMEX spends the money and maintain secure sites. There is no excuse for this.
2
Why is the sale of $1.8 million of their Equifax stock by its executives, during the period that they alone were aware of the breach, not insider trading?
14
First and foremost, we need to get our government to keep its promise. Baby-boomer parents were ASSURED by our own government that a person's Social Security number would NEVER be used as a personal identifier. I still have my original Social Security card that I got when I was in the eighth grade. It clearly states on the bottom: "For Social Security and Tax Purposes Only. Not for Identification". New cards don't have that wording on them anywhere. Now, we're even required by law to get a Social Security card for our newborn children so they can be tracked from birth. Yet another BIG lie from our government!!
6
The government did not make a business decision to use ssns for credit purposes. That was a free enterprise decision. Sheesh!
1
I have had my information stolen twice from the government including the Bureau of Personnel Management because I signed up to volunteer at a VA hospital right before the breach was discovered.
I change my passwords on financial and other significant sights every 6-8 weeks and they are complicated. I track them on a spreadsheet where they are not put down, but rather described (phrases like 'nanny's dob' show up along with characters, house numbers, which I remember from childhood - other people's addresses - also described, not actually put down).
This latest hack is why I would not trust password generating sites. It seems that ANY site can be vulnerable to a hack and theft. I also froze all three of my accounts at the credit reporting agencies after the Bureau hack a couple of years ago...
Even so, I do not feel secure. When one retires, a hack into a significant financial site could truly change life with no option to recover...
I also would never, ever tie my financial accounts to my smart phone. I think it's nothing short of crazy to be carrying sensitive financial information around in my pocket for the sake of a bit of convenience.
I change my passwords on financial and other significant sights every 6-8 weeks and they are complicated. I track them on a spreadsheet where they are not put down, but rather described (phrases like 'nanny's dob' show up along with characters, house numbers, which I remember from childhood - other people's addresses - also described, not actually put down).
This latest hack is why I would not trust password generating sites. It seems that ANY site can be vulnerable to a hack and theft. I also froze all three of my accounts at the credit reporting agencies after the Bureau hack a couple of years ago...
Even so, I do not feel secure. When one retires, a hack into a significant financial site could truly change life with no option to recover...
I also would never, ever tie my financial accounts to my smart phone. I think it's nothing short of crazy to be carrying sensitive financial information around in my pocket for the sake of a bit of convenience.
8
In spite of Congress's refusal to legislate the matter, consumers own their own personal data. Companies who collect it without consumer consent are engaged in stalking and theft.
Equifax owes damages to every consumer whose property has been stolen as a result of Equifax's negligence.
Equifax owes damages to every consumer whose property has been stolen as a result of Equifax's negligence.
14
The three senior executives who cashed in on their shares immediately after this third breach, and the other senior executives who derived benefits, should be subject to clawback, federally prosecuted and jailed for repetitive nonfeasance, misfeasance and malfeasance.
This is the third Equifax breach. Why didn't they adequately fix their security of our information the first two times?
Sorry, is no excuse. They're in the business of buying and selling our information, for which they are paid huge salaries and benefits.
We are innocent third parties and have no choice when Equifax is making huge profits harvesting and selling our information, which impacts our lives, when they screw up.
Are they are the village idiots? Or maybe they're not since they continue to hurt millions of third parties like us, and they continue to get away with it!
When is the House and Senate going to decline their industry's political contributions to them, and start to protect their constituents, US!
This is the third Equifax breach. Why didn't they adequately fix their security of our information the first two times?
Sorry, is no excuse. They're in the business of buying and selling our information, for which they are paid huge salaries and benefits.
We are innocent third parties and have no choice when Equifax is making huge profits harvesting and selling our information, which impacts our lives, when they screw up.
Are they are the village idiots? Or maybe they're not since they continue to hurt millions of third parties like us, and they continue to get away with it!
When is the House and Senate going to decline their industry's political contributions to them, and start to protect their constituents, US!
34
Well, the solution is simple. It is my information, my SSN, my Credit Card numbers, my credit history. I should be allowed to determine who maintains it.
I can't get a mortgage without having a credit history? Probably true, so I contract with an agency to maintain my credit history just I opt to get a bank account or a credit card. I choose, not some random chance of 1 in three as it is currently and without my control.
Now I am in charge as I can and will ask questions of how my information is stored and who has access to...and if I want them to have access to it.
My credit history is mine, and mine alone. Once we decide this is the societal approach, the quicker we will be able to escape issues like this of unknown agencies having our information.
Unless I miss my reads of my credit cards, it is illegal for someone other than whom I am doing business with having my numbers so how did this company get my information?
Unless I miss my reads of the laws surrounding SSN, it is illegal for someone other than whom is authorized to have my SSN so how did this company get my information?
Credit agencies, all powerful as they are, are also very likely illegal - congress needs to clarify this via explicit laws and we need to take control of who can manage our personal information. It's clear "letting it be random," is not working.
I can't get a mortgage without having a credit history? Probably true, so I contract with an agency to maintain my credit history just I opt to get a bank account or a credit card. I choose, not some random chance of 1 in three as it is currently and without my control.
Now I am in charge as I can and will ask questions of how my information is stored and who has access to...and if I want them to have access to it.
My credit history is mine, and mine alone. Once we decide this is the societal approach, the quicker we will be able to escape issues like this of unknown agencies having our information.
Unless I miss my reads of my credit cards, it is illegal for someone other than whom I am doing business with having my numbers so how did this company get my information?
Unless I miss my reads of the laws surrounding SSN, it is illegal for someone other than whom is authorized to have my SSN so how did this company get my information?
Credit agencies, all powerful as they are, are also very likely illegal - congress needs to clarify this via explicit laws and we need to take control of who can manage our personal information. It's clear "letting it be random," is not working.
14
The best protection is full disclosure. We should make social security numbers public, in a public searchable database. It sounds outrageous but every employer one has ever applied for a job, every financial institution one has ever dealt with, every medical facility, car dealer etc. in addition to all credit agencies have our Social Security number. So how are we going to keep it confidential as the experts propose, if it is in all these databases exposed to hacking or simply from an employee of the firm? What financial institution or other firm will deal with you simply because you tell then your social security number? Would it better if they could verify your identity with an official database?
4
Why can't this company simply deploy a warning service automatically for all affected accounts? The time required to "sign up" for protection for the breach they allowed, when calculated for the hundred million plus victims is enormous.
6
The rest of the world moved long ago to a dual authentication, biometrics enabled national ID card. We already accept that when we get a passport to travel. Maybe it's about time to revamp the SSN card, which was never intended for general ID purposes?
9
I'm so comforted that their CEO finds it "disappointing" that this event happened. Is that and one year of their own limited service the best he can muster? How about some real protection like paying for a credit lock at all 3 agencies, not just his own. But until there are real and personal consequences for those at the helm, corporate America will keep humming along, serving up platitudes to the common folk who are impacted by their transgressions, while hurriedly cashing in their stock before bad news hits.
33
I was using the Equifax website earlier today to lodge a dispute, and it wasn't working right.
Went through the trouble of setting up an account to see if that might help, but along the way I noticed some glaring inconsistent behavior in the site, and lots of standard security practices not in place (hiding my SSN when I type it in, for instance). The whole time I couldn't help but feel the site was ripe for being hacked.
Guess it was blatantly obvious to everyone else too (except their Chief Technology Officer, apparently).
Went through the trouble of setting up an account to see if that might help, but along the way I noticed some glaring inconsistent behavior in the site, and lots of standard security practices not in place (hiding my SSN when I type it in, for instance). The whole time I couldn't help but feel the site was ripe for being hacked.
Guess it was blatantly obvious to everyone else too (except their Chief Technology Officer, apparently).
16
Their website and customer service is horrible. It's the worst. I was trying to unfreeze my account but I didn't have my pin number. I spent so much time trying to deal with it online and on the phone. The only way to get a new pin was to mail them a copy of my driver's license and my social security number. How safe is that? They don't care about there customers.
2
There are questions on other sites about signing up for their service regarding its potentially excluding you from any class action lawsuit.
1
Is it time to abolish credit reporting? We don't need credit reporting agencies who make social mobility impossible for many. Granted, they reduce the risk of doing business with an unreliable person but, in so doing, credit reporting agencies have contributed to keeping swaths of people in poverty.
15
Equifax is awful. I entered my last name and last 6 digits of my Social Security number to see if my information may have been compromised, and got a page saying "Thank you," for more information read the FAQ, which redirected back to the home page. I tried it several times with the same result.
16
The hack was discovered on 29 July? And the news is not revealed by Equifax until more than a month later????
14
Does anyone know if we can get NEW social security numbers? WE can't change our birthdates, but we can get new credit cards. This probably sounds naive, but ? (I guess there are illegal ways to get new identities--why can't there be legal ways if you info has been stolen?)
4
Yes, but it's a hassle, and you have to have a good reason for doing so. Google it.
Granted, not thrilled about stolen identities and compromised national security.
But after two years of wasting an insane amount of time and effort unsuccessfully dealing with Equifax staff, trying to get incorrect information removed from my Equifax credit report....
This faster, more effective alternative shows promise as a commercial venture.
But after two years of wasting an insane amount of time and effort unsuccessfully dealing with Equifax staff, trying to get incorrect information removed from my Equifax credit report....
This faster, more effective alternative shows promise as a commercial venture.
4
I went to the special website set up to tell you if your info was stolen and entered my last name and last 6 digits of SSN, and it does not give you any answer... it just sends you to a webpage to enroll in their premium protection program (like I'd really have confidence in THAT). I suspect there is really no way to get a yes or no answer regarding whether your personal info was part of this hack - that Equifax special website is an unbelievably tone-deaf bait and switch.
17
It would take a major class-action lawsuit against Equifax to jolt all these big corps into action to beef up its cybersecurity front.
17
Then, when such restitution is made, shut it down, turn off the lights and close the door. They need to be an example to the others.
11
I think the more "disappointing event" is that according to SEC filings, John Gamble, chief financial officer; Jospeh Loughran, president of U.S. information security and Rodolfo Ploder, president of workforce solutions solutions sold shares worth 1.8 million dollars days after the company was aware of the breach.
It is reassuring to know our sensitive personal information is in the hands of men who have shown such capability, integrity and credibility.
Gordon Gekko would be proud.
It is reassuring to know our sensitive personal information is in the hands of men who have shown such capability, integrity and credibility.
Gordon Gekko would be proud.
21
Sounds like the definition of insider trading. If it is true, they should be charged. But with this administration?
3
"three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported."
These 3 executives should be prosecuted for insider trading and face jail time. The fact that they did something so obvious shows they had no fear of repercussions. Sadly, they are right and won't suffer anything more than a financial slap on the wrist. Teach your children this lesson:
"Laws are like cobwebs, which may catch small flies, but let wasps and hornets break through." - Jonathan Swift
These 3 executives should be prosecuted for insider trading and face jail time. The fact that they did something so obvious shows they had no fear of repercussions. Sadly, they are right and won't suffer anything more than a financial slap on the wrist. Teach your children this lesson:
"Laws are like cobwebs, which may catch small flies, but let wasps and hornets break through." - Jonathan Swift
22
Equifax says it best: "Powering the world with knowledge™" Cashing in your stock CFO and others should be a crime, talk about insider information..........
14
The best thing a hacker could do for humanity is to hack these companies that have our personal info and delete it all - then we'd be safe. They're no better than a lot of people in the finance industry - pathologically selfish, sociopaths, don't care about consequences for others.
9
Hmmm ... maybe it's time for some class action law suits.
Money is the only motivator corporations understand.
Money is the only motivator corporations understand.
9
Senior officials who sold shares before the public knew about the problem should be prosecuted for insider trading. So let's all hold our breath until that happens.
12
What function does this company, and others like it, serve? Shut 'em down. That will halt the leaks.
9
"Millions of Users" is a pretty massive undersell, TImes. We're talking about the social security numbers of every American with a credit history—virtually every American adult. If there was justice in this country, this would mean the end of Equifax.
14
Remember Equifax the next time someone says "the government" is uniquely incompetent, and that government should be more like a business.
32
Hey Equifax.
The better you manage your trusted data
the better your reputation will be.
The better your reputation
the more good word spreads.
The more good word spreads
the more customers you get.
The more customers you get
the more money you make.
Then you can take lots and lots of bonuses and stock perks. Because those things are the icing and you've taken care of the cupcake already.
I might be naive, but isn't that worth doing?
The better you manage your trusted data
the better your reputation will be.
The better your reputation
the more good word spreads.
The more good word spreads
the more customers you get.
The more customers you get
the more money you make.
Then you can take lots and lots of bonuses and stock perks. Because those things are the icing and you've taken care of the cupcake already.
I might be naive, but isn't that worth doing?
Equifax needs to be put out of business, its assets liquidated, and the proceeds distributed to all of those injured by its malfeasance.
16
Gee, the company is so sorry that three senior executives sold their shares before the announcement was made and it was not a planned sell off so what does that tell you. Ever her of Insider Trading one of the items that Trump and the Republicans plan to do away with. Yes, lets loosen all those laws from 2008 when the corporate executives made billions and we got to pay the fallout. Hey, ain't corrupt capitalism great. Nothing will happen to the three of them probably be rewarded by Trump the sort of thing he would do. By all means Sessions is right the big groups to get after are the Dreamers lets not worry about executives who steal millions. What a great country and give all your information to not hackers, but crime families to exploit. Jim Trautman
9
The information stolen is sufficient to open all sorts of credit accounts and perpetrate identity theft for the rest of my life. No doubt this is easily available on the dark web.
The penalty for this should be swift and severe. As far as I'm concerned, Equifax should be no more. Criminal charges against management.
I'll be calling the GA Attorney Generals' office requesting prosecution - please do the same.
The penalty for this should be swift and severe. As far as I'm concerned, Equifax should be no more. Criminal charges against management.
I'll be calling the GA Attorney Generals' office requesting prosecution - please do the same.
12
So Equifax didn't care enough about our data to provide the necessary security. If you put all the guilty parties behind bars, how many executives that make these kind of decisions would be serving time? The three senior executives, including CFO John Gamble, who sold shares after the breach, make you question why we did away with public hangings. What a bunch of dirtbags.
7
It is ridiculous that a company that aggregates consumer credit information (and sells credit protection services) was hacked. Two aggravating factors distinguish this from the Anthem, TJ Maxx, Target, etc. hacks: (i) those attacks compromised parts of consumers' information; Equifax provides a comprehensive picture; and (ii) the vast majority of consumers affected did nothing to interact or provide information to Equifax--the collection of information is involuntary and can not be avoided.
9
This is freaking ridiculous. At the minimum the CEO and other management needs to be investigated for insider trading.
8
What bothers me most, and what has always been rather unsettling about the credit reporting agencies in general, is that, as I went to the Equifax site to see if my information had been compromised, after confirming that all was well (as far as they know), the site offered me a potentially costly premium upgrade. Really, Equifax? You're using this as a marketing opportunity?
It seems that one of the somewhat shadowy, unregulated credit reporting organizations is leveraging its own security negligence to upsell panicked consumers who depend on Equifax for all of their financial security. Unbelievable.
It seems that one of the somewhat shadowy, unregulated credit reporting organizations is leveraging its own security negligence to upsell panicked consumers who depend on Equifax for all of their financial security. Unbelievable.
19
143 million "customers"? i don't think so. 143 million people do not have purposeful relationships with equifax. the company takes our data, stores our data and shares our data without asking us for it -- and without, i would guess, most of us knowing they are doing so. we aren't customers. do we have the option to ask them to stop collecting our data? to stop sharing our data? to stop doing business with us? do we have any agency at all in this alleged business-customer relationship?
26
Those not customers have no contracts with Equifax to force them into binding arbitration either. Class action lawsuit of epic proportions should follow along with criminal charges of theft for taking personal data without the owners' permission.
The Target breach got us a chip on all our credit cards, triggering adoption of a technology that needed to be deployed 10 years earlier.
The Equifax breach will hopefully trigger the end of our social security number being the key to our identity and private data. It's a complete insecure system that the government, healthcare providers and financial institutions had to replace 30 years ago.
The Equifax breach will hopefully trigger the end of our social security number being the key to our identity and private data. It's a complete insecure system that the government, healthcare providers and financial institutions had to replace 30 years ago.
8
Not with Republicans in control of our government. They will bend over backwards to enable businesses to exploit average Americans.
1
The really troubling thing about this is that there is no way for consumers to control the information that credit rating agencies have about us. We don't choose to do business with these agencies. It's just a matter of time before all of us lose control over our private information.
Congress needs to strictly regulate credit agencies, and force them to safeguard our information, with serious penalties for failure. That is the only way data security will be taken seriously.
Congress needs to strictly regulate credit agencies, and force them to safeguard our information, with serious penalties for failure. That is the only way data security will be taken seriously.
18
Equifax was criminally negligent and if it were in health-care, it would be required to notify each and every individual whose data were accessed by Federal law. Why is it that a credit monitoring company with potentially more important information is given a free pass?
13
And who is going to hold them criminally liable,? Trump?his AG Jeff Sessions? They are too busy going after the innocent dreamers.
1
It seems to me that these "credit reporting" corporations are doing nothing more than vacuuming up their customer's money and doing little to prevent access to the information that they collect that makes them rich.
It's about time that these corporations that do little more than collect information about millions of people to become responsible for the information they collect, and be criminally liable if they are responsible for its release.
Excuse me, but if you make people pay for protection of their information and you fail to do so, you should be put out of business.
It's about time that these corporations that do little more than collect information about millions of people to become responsible for the information they collect, and be criminally liable if they are responsible for its release.
Excuse me, but if you make people pay for protection of their information and you fail to do so, you should be put out of business.
6
This should yield the largest class action lawsuit in the history of this be knighted industry. Not only should equifax be held liable, but any company that provided them with information. As for those who sold stock, perhaps 10 years in a federal prison would be too little.
20
Consumers have no choice about handing over our data to these companies. If we are going to have access to the economy at all, we have to trust these companies with all our information. We have no idea when or who hands over the information.
I join the chorus of angry consumers asking what the consequences for this will be? Our Congress won't do anything to protect us, and they're really the only ones with the power to.
I join the chorus of angry consumers asking what the consequences for this will be? Our Congress won't do anything to protect us, and they're really the only ones with the power to.
11
When when Social Security was created, the cards clearly stated that the Social Security number was not to be used for identification purposes. There was training material also released at the time to communicate this.
We need to revert back to those days.
I think that technology exists to enable more secure and sophisticated ID techniques than use of SSN's.
We need to revert back to those days.
I think that technology exists to enable more secure and sophisticated ID techniques than use of SSN's.
6
Completely agree.
At the very least - need a "public facing" number that means nothing without an offline internal record to match it to. Then all a hacker could get would be something like 7UJE833 and nothing they could do with that unless they had someone on the inside to find the record that matched to.
At the very least - need a "public facing" number that means nothing without an offline internal record to match it to. Then all a hacker could get would be something like 7UJE833 and nothing they could do with that unless they had someone on the inside to find the record that matched to.
I don't think that "may" is an appropriate qualifier here. If the data was accessed, every single person connected to that data should consider themselves affected. "Customers" isn't great, either. Banks and other lenders are Equifax's customers--the rest of us are just data to be bought and sold.
13
What service do they provide again? We've had incorrect and outdated marks on our credit that we've attempted to rectify (with paid receipts) that Equifax still takes min. 2 months + to remedy. When you're trying to refinance your mortgage & are caught off guard by some random old "ding" this is a big deal. This data breach add'l proof that they offer no real protections to the public, only the run-around.
7
So you do your part to protect your accounts, e.g. complex passwords, two step authentication, etc., and then this happens. When my bank account is cleaned out what is the link to an Equifax website that allows me to apply for compensation for my losses?
17
When will companies that make it their business to collect consumer information, identifying information and private credit records of individuals, and sell it for profit, be held liable for not maintaining the security infrastructure that this private information requires?
21
Equifax should essentially be put out of business for this level of breach. If hackers were able to access this trove of highly sensitive personal information through a simple Equifax website form, they were grossly negligent in failing to protect over 140 million people's private information. They should be liable for ALL resulting damages, and punitive damages seem called for given the massive failure of security and volume of compromised data. Equifax failed in the worst possible way, and their leadership should be held accountable. Shareholders won't like it, but this gross failure needs to be addressed.
18
As a former Internet technician, I have seen this time and again. Security software and IT budgets are expensive for corporations, and they are always looking for ways to cut costs. Senior officers are more attuned to balance sheets and are often baffled by tech-speak, and put their heads and company wallets in the sand as a result, preferring to deal with cybersecurity expenses "at a later date," all while giving lip service to the public about their company data integrity. It borders on farce, and criminal negligence in some cases.
That this breach was due to an easily exploited and known website vulnerability just proves the point. Since credit reporting agencies are probably the largest central repositories of massive amounts of private consumer data, they should have spared no expense to lock it down.
Will Equifax execs be held to account? Very doubtful. It's laughable that they are offering a post-breach protection service. For one thing, the horse is already out of the barn, and for another, what good is their so-called protection, given the breach in the first place? This is an extremely significant event that is bound to cause untold havoc and trouble for consumers.
That this breach was due to an easily exploited and known website vulnerability just proves the point. Since credit reporting agencies are probably the largest central repositories of massive amounts of private consumer data, they should have spared no expense to lock it down.
Will Equifax execs be held to account? Very doubtful. It's laughable that they are offering a post-breach protection service. For one thing, the horse is already out of the barn, and for another, what good is their so-called protection, given the breach in the first place? This is an extremely significant event that is bound to cause untold havoc and trouble for consumers.
15
Only problem they will change their name like the Anderson accounting firm that was part of the big crash in 2000. A few days later, the same crew opened a new socalled company only difference they changed the name. Until government does its job of passing laws and enforcing them nothing will change. Hey, we need all our resources to hunt down the Dreamers and the 3 million that voted illegally. 2017 is like living in the Twilight Zone. Jim Trautman
2
Another hack, the biggest yet. Now the bad guys have our social security numbers and the rest of our personal information and can impersonate any of us. It's been called a 10 on the scale of 1 to 10 and I'd agree.
Were you as shocked to discover that Equifax had just recently been hacked several other times and didn't take this seriously? Where's the congressional hearings?
How can our elected representatives not hold their feet to the fire for the loss of our most personal information. It's all out there now and for the rest of our lives and how is Equifax to compensate us for a lifetime of trouble? A year's worth of free credit protection is nonsense.
The way to reduce this is to make the existence of the company contingent on the security of the customer's personal information. If a company knows it's going out of business if they lose our info, they'll take this more seriously and be a lot more proactive. It's just the cost of doing business if we don't change the laws.
Were you as shocked to discover that Equifax had just recently been hacked several other times and didn't take this seriously? Where's the congressional hearings?
How can our elected representatives not hold their feet to the fire for the loss of our most personal information. It's all out there now and for the rest of our lives and how is Equifax to compensate us for a lifetime of trouble? A year's worth of free credit protection is nonsense.
The way to reduce this is to make the existence of the company contingent on the security of the customer's personal information. If a company knows it's going out of business if they lose our info, they'll take this more seriously and be a lot more proactive. It's just the cost of doing business if we don't change the laws.
13
"How can our elected representatives not hold their feet to the fire for the loss of our most personal information"?
Elected representatives, particularly on the Right, labored for decades to create the legal system we have now: an machine dedicated to expanding corporate power and granting them virtual immunity from responsibility or liability.
In the banking world Wells Fargo is a recent example: a corporation operating as one of the keystones of our economy. An economy weak willed politicians love to remind us is based on transparency, trust, and confidence that our government will keep banks on the up and up or indemnify our loses.
In Equifax we have a corporation also a key component of the strange way we conduct our economic life. A corporation which promises accurate, secure financial communications. A corporation which has repeatedly ignored its commitments for the sake of squeezing every penny out of their customers.
For Wells Fargo and Equifax no problemo; on the small chance they are held accountable for the fraud that is their daily operations they face courts from the Supremes on down which have openly cast their hats in the ring on the side of business and the wealthy.
Victims of corporate theft are held to the highest legal standard while the real criminals, boards and executives, walk away with our money and our economic lives in ruin just for saying "We're trying, honest. But if you don't buy that, there's a rogue clerk in our Albuquerque office..."
Elected representatives, particularly on the Right, labored for decades to create the legal system we have now: an machine dedicated to expanding corporate power and granting them virtual immunity from responsibility or liability.
In the banking world Wells Fargo is a recent example: a corporation operating as one of the keystones of our economy. An economy weak willed politicians love to remind us is based on transparency, trust, and confidence that our government will keep banks on the up and up or indemnify our loses.
In Equifax we have a corporation also a key component of the strange way we conduct our economic life. A corporation which promises accurate, secure financial communications. A corporation which has repeatedly ignored its commitments for the sake of squeezing every penny out of their customers.
For Wells Fargo and Equifax no problemo; on the small chance they are held accountable for the fraud that is their daily operations they face courts from the Supremes on down which have openly cast their hats in the ring on the side of business and the wealthy.
Victims of corporate theft are held to the highest legal standard while the real criminals, boards and executives, walk away with our money and our economic lives in ruin just for saying "We're trying, honest. But if you don't buy that, there's a rogue clerk in our Albuquerque office..."
1
Mr. Richard F. Smith, the chairman of Equifax, is quoted as saying that the breach “strikes at the heart of who we are and what we do,” which he does not clarify. But it’s obvious that “who you are” is a bunch of incompetent clowns who don’t know how to conduct your hyper-sensitive business. And since this is not the first breach, then you are also a group who does not care about American consumers. And “what you do” is demonstrate your ineptitude, your total lack of qualification to run your business. So, Mr. Smith, if you have an ounce of decency left, which I doubt, you should resign immediately. And for good measure, you should return your multi-million dollar bonuses, totally undeserved, so that the money can be used to start solving a problem that you obviously have been too incompetent to solve. It's time to show that accountability means something.
27
Enough already!
Ban the use of private personal information for executing transactions and authentication and all that information will instantly become useless to commit fraud.
Information that can't change must never be used for authentication.
Ban the use of private personal information for executing transactions and authentication and all that information will instantly become useless to commit fraud.
Information that can't change must never be used for authentication.
9
I thought something odd was going on. I recently received an email, supposedly from my bank, saying they pushed up the due date on my card because it fell on a holiday. If I had Qs I should cal 1-800-blah blah. Luckily, I called the no on the back of my card. I was told the email was a fraud. But it looked official, and I think it had the bank logo at the top. However, when I lined up my bank emails it was the only one w/out a logo to the side. And some info was wrong. But they DID have the last 4 of the card no, the date I last paid, the amount I last paid, and my email address. Pretty scary, huh? Now I think I know where they got it. I think we're in for trouble. If I had not been so lazy as to not look for that email, I would have called the fraudulent email no. I'm no genius, but I'm not stupid. I'm afraid a lot of people are going to fall for this type of thing. I almost did!
16
Get a new card (with a different account #) right away.
1
Since Equifax has shown a blatant disregard for security and our interests, businesses needing this type of information should only use one of the other two services.
4
The credit rating agencies need their own "report" that assesses their competency and accuracy. Right now Equifax would have the analog of a 300 FICO score.
3
You mean "analogue"...."analog" is just the companion term to "digital.
4
It's OK Mr. Schmoe, analogue is an acceptable variant analogue. Mr. Bill, this might be something you wish to learn.
2
These private credit rating companies need to be shut down. They cause more harm than good, and are mainly there to protect predatory credit card companies from mass revolt. This kind of breech is a disaster for consumers, no worse than allowing criminals full access to our government agencies. All 140 million "customers" should be given lifetime forgiveness for any fraud perpetrated in their names.
10
Absolutely. This will follow us for the rest of our lives. Equifax should be shut down.
1
Potentially adding to the criticism---what a joke with the word potentially. These executives are as culpable as the hackers and are just plain thieves in these actions. They should be prosecuted and locked up.
5
I just adore those 3 top men selling their stocks the next morning - fast and quiet... If this is not insider trading I don't know what is ?
16
Like with the corporate individual known as "Wells Fargo & Co", there will be no legal repercussions now for the corporate individual known as "Equifax Inc".
However, with us natural individuals, our legal system will not protect us from either the criminal activities of the former or from the negligence and incompetence of the latter.
And yet the US Supreme Court tells us that corporate individuals are people, too. Not so, Supreme Court. Not so.
However, with us natural individuals, our legal system will not protect us from either the criminal activities of the former or from the negligence and incompetence of the latter.
And yet the US Supreme Court tells us that corporate individuals are people, too. Not so, Supreme Court. Not so.
7
First we are told to get credit reports to protect ourselves from fraud. Then surprise! Our credit reports cause us to be victims of fraud. Paranoia, anyone?
5
The social security number is both username and password, making a fundamentally insecure system. Banks don't change because we bear the loss of identity theft, not them. Once your SSN is out, you're done. Don't let the hackers distract us from the real problem: a system based on a single, unchanging number is ripe for abuse.
5
What's also stupid is we just can't get a new SSN.
Credit card gets stolen, we get a new one. No problem. Why not with SSN?
Credit card gets stolen, we get a new one. No problem. Why not with SSN?
What a classy company: releases my social security number to the world and then tries to sell me a billion shares of stock before that news hits the market.
6
Customers???? These credit organizations pick apart our personal lives and call us customers?
4
Citizens are not the credit organizations' customers. Citizens are their prey and their hostages. Corporations who extort, share and sometimes falsify citizens' data and often use the threat of credit damage to intimidate citizens from standing up to abuse are these organizations' customers. Thank your legislators for empowering these companies to hold citizens hostage, letting them extort our social security numbers and personal information, for profiting from selling our information and for denying citizens any means to protect themselves. This is an industry composed of government-sanctioned predators.
2
"three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered."
This is prima fascia evidence of insider trading. Where is the SEC?
This is prima fascia evidence of insider trading. Where is the SEC?
10
The SEC is now run by a Wall Street insider that Trump picked. Don't expect too much help from it,
2
Not only is Equifax, criminally negligent. Something smells of insider trading. How dishonest in your face can you get. Well, I guess we know.
3
Was it mere coincidence while watching the cable station "OWN" (crime shows) most of today that Equifax was regularly running an ad about their free scans available for anybody interested in seeing if their information was indeed being circulated on the dark web? And then talking about their credit protection service. With no mention of the breach. Wow, the audacity.
3
this is absolutely ridiculous. And to top it off executives sold stock after the breach. they should offer free services for 5 years to all people and those jerks who sold their stocks to PROFIT from this robbery should give ALL their profits to the people hurt
4
They should go to jail. White collar crime is out of control and the joke is they get fines. Lets see steal millions collect the interest and then you get fined a few thousand dollars. Who says crime does not pay. But, Sessions and others are to busy wasting resources to arrest low level drug dealers while their big white collar friends laugh all the way to their million dollar homes, vacation homes and their kids to the best schools. Jim Trautman
4
Not five years. In perpetuity.
This will follow us the rest of our lives.
This will follow us the rest of our lives.
1
Everyone - Do what I did. Take every one of your credit cards and Max It Out or better go to the A.T.M. and Max It Out As Cash. Buy everything you want.
Cut up the cards.
Wait 7 years. They will come calling wanting to lend you money again. Why? It's what money lenders do.
If everyone did this at once it makes Equifax and Credit Cards as an entire concept look silly.
Cut up the cards.
Wait 7 years. They will come calling wanting to lend you money again. Why? It's what money lenders do.
If everyone did this at once it makes Equifax and Credit Cards as an entire concept look silly.
For some reason "buy everything you want" made me giggle.
Did you leave out a step though i.e. declare bankruptcy immediately afterwards so you don't pay the credit card bills?
Did you leave out a step though i.e. declare bankruptcy immediately afterwards so you don't pay the credit card bills?
1
Sure, except this doesn't work if you're not rich.
2
Paying attention to your credit, and making sure you have strong passwords are so crucial these days. Nothing is safe, apparently.
Very simple fix: we need to stop using a 9-digit number as the end-all-be-all for identification in this country. Let's create a nationwide biometric identification database to be housed and protected by the federal government. India did this last year (it's called Aadhaar) and enrolled 99% of the country in one year.
3
The infuriating fact is that such data breaches are allowed as excuses for further charging and harassing consumers to 'secure' their accounts - at their own time and expense, and frequent inconvenience, instead of at the expense of the lax and even negligent corporations entrusted with our data!
11
Exactly! Someone will come up with a system where I need a phone, a tablet, a SMS, a voice call where I have to give all my info, and then an email with a code that expires in 4 minutes and then stand on one foot while petting my dog and giving them his nose print and my finger print as ID.
And then another "simple web vulnerability" will give the crooks my info. Maybe I should just strike a deal with them at that point lol.
It's why security at our end is just a fool's errand. The problem is the other end, not ours. All the "multi-factor" authentication won't help if the crooks can just break into the vault directly.
And then another "simple web vulnerability" will give the crooks my info. Maybe I should just strike a deal with them at that point lol.
It's why security at our end is just a fool's errand. The problem is the other end, not ours. All the "multi-factor" authentication won't help if the crooks can just break into the vault directly.
1
This is the simple truth and the 'real story' behind this multi-part betrayal of the American public. Its counterpart is seen in the blind eye turned onto Russian and alt.right hacking of our democratic elections from Brexit to the U.S. Presidential election of 2016. The gutting of the FCC and the SCOTUS's twisted corporate bias that views climate denial and science denial as 'freedom of speech,' when the stakes are a major extinction is yet another manifestation of this disease.
1
The very idea of the centralized credit rating system is baffling for someone coming from Europe. The amount of information that is readily available here to entities you've never heard of is crazy. I got a mortgage from my bank - what does Equifax have anything to do with this private transaction between my banker and me?
Americans have no sense of privacy and this is why it is a good thing that the European Union is trying to push back on some American practices.
Right now, it's about stolen credit card numbers and W2's, which can certainly have devastating consequences. Back then in Europe however information was centralized and used with the intention of exterminating a whole people. Never again.
Americans have no sense of privacy and this is why it is a good thing that the European Union is trying to push back on some American practices.
Right now, it's about stolen credit card numbers and W2's, which can certainly have devastating consequences. Back then in Europe however information was centralized and used with the intention of exterminating a whole people. Never again.
7
The site asks for six digits of an SSI and a wait of a week. Okay.
Rather than that, i may sue.
Rather than that, i may sue.
7
Remember the Martha Stewart incident. It sure does look as though the top executives of Equifax engaged in "Insider Trading". Hopefully they can face legal action and be convicted. Jail time would certainly seem appropriate.
7
There is one, and exactly one solution to this problem. Make corporations liable for breaches of private information. This will curtail the incessant collection of information on consumers, without their knowledge or consent, by forcing companies to either flush their data or fully anonymize, encrypt, or otherwise secure whatever is collected.
Every time this happens the corporate entities wring their hands and moan that they need to improve security, but nothing ever comes of it. For a company like Equifax, whose *business* is to collect private information, to lose control of it, in fully unencrypted form, is catastrophic. Were the above rule implemented, this would shutter the company, and rightly so. But as long as they can get away with merely saying their mea culpas, without any legal or financial risk for failure to protect private information, there will never be any incentive to rectify their feckless treatment of sensitive data.
Every time this happens the corporate entities wring their hands and moan that they need to improve security, but nothing ever comes of it. For a company like Equifax, whose *business* is to collect private information, to lose control of it, in fully unencrypted form, is catastrophic. Were the above rule implemented, this would shutter the company, and rightly so. But as long as they can get away with merely saying their mea culpas, without any legal or financial risk for failure to protect private information, there will never be any incentive to rectify their feckless treatment of sensitive data.
350
Glad you think you have the only solution.
What if you give your password over the phone during a transaction and someone uses it to get to your accounts. Are the companies liable then, or should we lock you up?
What if you give your password over the phone during a transaction and someone uses it to get to your accounts. Are the companies liable then, or should we lock you up?
But, but, but...those would be REGULATIONS! As all Trump voters know, REGULATIONS stifle "innovation" and innovation is far more important than the ruination of individual people's credit reputation.
hearing about three senior execs selling their stock makes me livid!!! the money they made from those sales should be distributed to the individuals who will have to deal with identity theft as a result of this breach, but you know it won't. and its emblematic of how biased and backwards everything is for the average citizen in late-capitalism.
9
Their credibility score just took a nosedive.
3
This article contains an insert "How to Protect Your Information Online". That NYTimes page includes a link to an Equifax website that purports to tell you if your information has been compromised. If you visit the Equifax page and enter the info they request (last name and last 6 digits of SSN), you get a response that says "Yes you have been compromised" and then a button to sign up for some Equifax paid service. It appears that they are more interested in milking customers than providing information about what information was stolen.
9
Can you say class action law suit?
5
"...a disappointing event"??? The very definition of an understatement for the people whose data was hacked.
3
This is the 1st major hack that includes Social Security numbers, Date of Birth and Driver's License numbers. Target was just credit & debit cards and Yahoo was just email addresses and passwords. This is far more serious and wide-reaching. It affects pretty much every american that has a financial life. When will all the tech companies that sell these software suites & security appliances be held at least partially responsible?? Every time this happens, their stocks rise - while they should be falling instead! As if Equifax doesn't have all the latest & greatest protection silicon valley sells. Of course they do! The problem is that all of these products have been proven absolutely useless against the professional, sophisticated worldwide hacking community. The only thing they protect against is amateur hacks from the likes of you and I. It's perverse!
4
I'm sure getting Equifax to "respond to and adjust any possible errors in your personal report" will be no problem at all. They're very well known for that.
7
Expect these types of incidents to continue until we make Chief Data/Information Officers criminally responsible for data breaches. The technology exists to stop hackers but since the penalties out weigh the cost companies won't take all necessary precautions to properly safeguard personal data.
6
I would hope that we in the States take this opportunity to consider the upcoming protections that the EU is implementing, and not just for their citizens, but anyone physically located in the EEA. The General Data Protection Regulation (GDPR) would take a huge bite out of an organization like Equifax in instances like this. GDPR maximum fines will be $20million Euros or up to 4% of annual profits, whichever is greater -- we clearly need an approach like this in the States. It's the only way that company will start to take our data and its safeguarding seriously.
9
I have been on the phone trying to contact Equifax for the last hour. So far they have disconnected me 4X due to high call volume. Is there a lawyer out there ready to file a class action suit for those of us who have been comprimised?
23
This as Trump continues to "gut" the Consumer Financial Protection Bureau.
15
There are more than a few reports of Equifax being the source of spam (mywot.com rating), and now they have exposed quite a few Americans and Canadians to a serious data breach.
Companies, like Equifax, should be held financially and criminally liable – just like Wells Fargo, which has used its market position to facilitate crime that ultimately makes victims of "All the People".
Companies, like Equifax, should be held financially and criminally liable – just like Wells Fargo, which has used its market position to facilitate crime that ultimately makes victims of "All the People".
8
Yay internet!
Can't wait til our appliances, cars and pacemakers are all 100% online too.
By then I'm sure we'll have cybersecurity down cold.
Can't wait til our appliances, cars and pacemakers are all 100% online too.
By then I'm sure we'll have cybersecurity down cold.
15
Are you old enough to remember when your social security card had emblazoned across its face, "Not to be used for identification."
Who as the federal employee who said, "Nah, it's okay." Let's give him or her (probably not a her) the Ignoble Prize.
Who as the federal employee who said, "Nah, it's okay." Let's give him or her (probably not a her) the Ignoble Prize.
2
Let’s also talk about the three Equifax execs who sold 2 millions $ worth is stocks a few days after they learned of the breach. It’s in Bloomberg news.
10
CNET Reports "Several reporters at CNET have attempted this process and received two different results": "Equifax will provide you with an enrollment date for credit monitoring" OR "Equifax will let you know you were not impacted." It is unclear whether receiving an enrollment date implies that you were affected.
It is outrageous that they don't actually let you know if you've been compromised.
It is outrageous that they don't actually let you know if you've been compromised.
10
My information was compromised according to Equifax. So when I went to sign up for the free monitoring service, Equifax required my agreeing to their arbitration rules, which are not even spelled out. This is outrageous. They bait the consumer with a free service, but their real goal is not to help the consumer, rather their real motive is to limit my legal rights against them. The free service is a Trojan Horse. Beware!
21
Maybe Blockchain is the solution and make credit bureaus obsolete.
3
You may want to add this delicious fact:
"Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers."
Source: Bloomberg
"Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers."
Source: Bloomberg
12
The execs cashed out their stocks first! We should have been told immediately not after they saved themselves!
9
"three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered"?
Now why isn't that actionable "insider trading"?
How about punishing some of these white-collar malefactors...for a change?
Now why isn't that actionable "insider trading"?
How about punishing some of these white-collar malefactors...for a change?
14
Equifax are the criminals. Who told them that they could warehouse our data in the first place? I don't want them to have my data, but they do anyways.
6
Yes, and if the data is erroneous and it costs the consumer his/her credit rating, are they liable? You are guilty until proven innocent and they don't make it easy to do so.
2
The special website and phone line established by Equifax for this breach are not functioning properly; maybe they're overwhelmed. I went to the website, clicked on the "Check Potential Impact" box, and entered my information. I did not get the promised message telling me whether my data had been compromised. Instead, I was transferred immediately to a screen showing a future enrollment date for Trusted ID Premier. I called 866-447-7559 twice to ask if my data had been compromised. Each time, I received a recorded message telling me to wait, and then the system disconnected my call.
4
Same here - I waited til a little before 1:00 AM and got through. The temp operator has no idea what I was asking - in her mind how it was explained to her was that if you don't get an answer about your info, but they give you a date to enroll in the protection plan... that date you come back to the website and your answer will magically be there then as to whether or not your info was stolen. I guess I will try that on 9/13 but I really doubt that is what is going to happen. I plan to get fraud alerts in place tomorrow.
Surprise. That means you are at risk.
The response is more definite if they think (think!) your data was not involved.
There is apparently a different response when they think your data was actually taken.
The arrogance of the ambiguous responses is infuriating.
The response is more definite if they think (think!) your data was not involved.
There is apparently a different response when they think your data was actually taken.
The arrogance of the ambiguous responses is infuriating.
1
the credit report industry is a scam. we pay them money to intrude on our personal business in the name of betting better credit.... which will be exploited. we compete to please them so that we can get better credit which will be exploited. baaa baaaa baaa! they do not provide any service that the public really needs they provide a service that the exploiters of the little guy need to keep him under the thumb.
7
"This is clearly a disappointing event..."
WOW, understatement of the year right there.
WOW, understatement of the year right there.
4
Why would anyone trust Equifax’s assertions now, after the *third* breech? On what basis could one believe that Equifax knows what happened, how much data was compromised, or even if they have fixed their (many) problems?
What are we to make of the “analysis” implied by the figures quoted in the ariticle?: Data for 143 million consumers “potentially” compromised, better than. 50% chance one’s data has been hacked - if you have a credit report - , but “only” 209,000 credit card numbers?
Incompetence and negligence indeed.
Here are some questions I think Equifax should answer publicly and quickly:
Has any independent and disinterested external group verified Equifax's assertions regarding this breech?
Has any qualified, experienced, independent external group audited Equifax's security policies, procedures and systems? Not just what was written in documents, but what was actually done in practice? And not only for this breech, but for the two prior as well? What were the results? Were any shortcomings fixed promptly, and then verified independently?
What independent security and penetration testing was done for the Equifax systems in question? What were the results, and when were any shortcomings fixed? How often is penetration testing repeated?
What are we to make of the “analysis” implied by the figures quoted in the ariticle?: Data for 143 million consumers “potentially” compromised, better than. 50% chance one’s data has been hacked - if you have a credit report - , but “only” 209,000 credit card numbers?
Incompetence and negligence indeed.
Here are some questions I think Equifax should answer publicly and quickly:
Has any independent and disinterested external group verified Equifax's assertions regarding this breech?
Has any qualified, experienced, independent external group audited Equifax's security policies, procedures and systems? Not just what was written in documents, but what was actually done in practice? And not only for this breech, but for the two prior as well? What were the results? Were any shortcomings fixed promptly, and then verified independently?
What independent security and penetration testing was done for the Equifax systems in question? What were the results, and when were any shortcomings fixed? How often is penetration testing repeated?
137
Agree 100%!
(Note: it's "breach" not "breech"! Sorry, couldn't help myself. But we need to be precise -- and better than Equifax in describing these matters!)
(Note: it's "breach" not "breech"! Sorry, couldn't help myself. But we need to be precise -- and better than Equifax in describing these matters!)
These are the correct questions to be asked. The true root cause(s) of these breaches need to be identified via an independent audit/investigation and equifax and the other 2 major credit reporting services need to ensure that preventive actions are implemented and verified as to effectiveness.
Why mention the Yahoo breach in the same article? Yahoo didn't have my SSN, date of birth or my driver license number.
This is outrageous! Equifax should not be able to continue as a business.
This is outrageous! Equifax should not be able to continue as a business.
6
Being able to access someone's email account lets you know which businesses (s)he has relationships with. And many people reuse passwords, so that gives the thieves a lot of access.
2
That website is a joke. Couldn't understand if my information was stolen, after entering my details they asked me to continue the enrollment EXACTLY on 09/11. What is this?
4
So, why do i have to enroll in anything? Equifax knows the details, why not just automatically set up the service for every single customer? Because, they want you to enroll for free, then pay them for the next ten. An anyone verify the hack? Who's to say this isnt a scam? Just curious.
5
Same as some of your other readers, I went to the website and followed the process to get information about whether my information was compromised. All I got was information that I could enroll for account protection next week. So much for being open and honest. Come on Equifax, get your act together.
6
We are rapidly approaching the day when "Mr. Robot" won't be just science fiction.
1
Why did "a website application" have access to 143 million people's info anyway? I'm going to say it was so they could sell it to anyone who came by with a buck or two.
3
Put a freeze on your credit with each credit bureau. It may cost five dollars per account but no one can access or review your credit without the multi digit number that the bureau will send you to unlock it when you want to apply for credit .
It is about the only thing you can do to protect yourself.
And the info should not be for sale anyway but that is another (losing ) batttle.
It is about the only thing you can do to protect yourself.
And the info should not be for sale anyway but that is another (losing ) batttle.
6
The fee varies from state to state. I paid $10 apiece.
Equifax should pay this fee for every single person who is in their system.
1
Why are we hearing about this more than a month later?
6
Other companies have sat on the info far longer. This is actually an improvement.
Wow. Go to the website link in the article where Equifax is supposed to tell you if your data was hacked. When I did it - it told me nothing about my data, and instead informed me that I was now signed up for some service (perhaps credit monitoring?) but that I needed to check back in 2 weeks to complete my "registration". Does not engender confidence.
4
The web site doesn't work. Not quite ready yet. So why did Equifax make their announcement now? The cynic in me suggests perhaps because there's a hurricane dominating the news.
2
This is ridiculous, I called the help line, after being on hold for over an hour, disconnected twice, I finally reached the call center and they said that if we did not receive a letter or e-mail we were not affected. Then why have a help line? If you have a data breach at least let us go on line to your site and check if our data has be hacked. Moreover the free security should be available immediately. I filed for the program and was given a date next week to complete the application. What?, you have got to be kidding me, Hollywood couldn't make such a script. Reminds me of the movie about the Iran hostages with Alan Arkin and John Goodman "What this is the best bad idea you guys came up with?"
5
The opening salvos of World War III are already being fought in cyberspace.
1
The naivete and negligence regarding security of both large businesses and government in the 21st century in the United State is breathtaking. Chinese hackers obtained information for 4 million federal employees two years ago. DNC and RNC servers were both hacked by the Russians last year.
Does anyone wonder why Hillary Clinton used a private server for her communications?
Does anyone wonder why Hillary Clinton used a private server for her communications?
7
Privatized profits on socialized risk with no public recourse = Oligarchy
8
Thanks, Equifax for not having more secure protections... disgusted.
1
Perhaps all the Equifax employees' credit scores should drop by a couple hundred points for their poor handling of all this financial information.
1
I think hacking should be a capital offense.
After a descent period of suffering.
After a descent period of suffering.
1
Good thing Equifax offers credit and identity protection services.
105
It seems like in the terms and services of the "free" enrollment, you waive your right to sue them or be part of any class action suit. Beware!
Exactly! And worst of all they are peddling their "Credit Security" services to unknowing consumers on nationwide TV!
For a fee
Thank lobbyists and weak kneed politicians for allowing private companies to build mega databases and using social security numbers to do so. Criminals cannot build giant databases, but they can surely steal them once someone else is allowed to build them. "If you build it, they will come."
We should start by scrapping social security numbers, replace them with new tax ID numbers and award serious prison time to the officers of any corporation that attempts to build databases by pressing citizens to turn over these ID numbers.
We should start by scrapping social security numbers, replace them with new tax ID numbers and award serious prison time to the officers of any corporation that attempts to build databases by pressing citizens to turn over these ID numbers.
6
There is a rumor that Equifax executives sold their stock before the hacking announcement was made. If that is true, they should be prosecuted for insider trading. They should also be locked away for incompetent management, but - unfortunately - that is not illegal.
5
Not a rumor, FACT. They made the trades on July 29, worth $1.8 BILLION.
1
A class action lawsuit against Equifax is in order. And a court order to force them to cease and desist from dealing citizen's private financial information.
6
I'm in the middle of a lawsuit against these companies for being more fraudulent with my credit reports than the possibility of some guy in Nigeria ever could be. That they lobby so exensively and consider themselves above the law, when what they 'provide' affects almost every detail of our lives should be frightening on a regular day. This breach shows just how negligent they are.
1
Pathetic - I entered my info on Equifax's own website in response to their promise to let me know whether my info may have been compromised - in two different places - and each time all they did was tell me to return to their site in several days to "enroll". So I called their 800 number for the hotline they set up to deal with the crisis and waited on hold for a long time and then reached a human who said - that they can't tell me whether I might have been affected, she can't tell me when they can tell me, and that she has no other information for me.
They've been sitting on this landmine since July and they are no more prepared to deal with the inevitable requests from consumers who need to know whether they were affected than this? Unacceptable. I told their agent that I think they are in a world of trouble if this is how they are going to deal with nearly 200 million people, and that I hope they do a better job protecting my data in future.
Class action lawsuit, anyone?
They've been sitting on this landmine since July and they are no more prepared to deal with the inevitable requests from consumers who need to know whether they were affected than this? Unacceptable. I told their agent that I think they are in a world of trouble if this is how they are going to deal with nearly 200 million people, and that I hope they do a better job protecting my data in future.
Class action lawsuit, anyone?
10
I'm sure that they assured all their clients countless times that anything like this happening was very nearly impossible. Very nearly impossible.
"...John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered."
What's in his wallet? Seriously, he should be fired for not improving Equifax's cybersecurity after being burned and warned several times. Who rates the ratings companies?
What's in his wallet? Seriously, he should be fired for not improving Equifax's cybersecurity after being burned and warned several times. Who rates the ratings companies?
2
Equifax provides a link to check to see if you've been affected and states that, based on the name and SS number you enter, you will receive a message indicating whether your personal information may have been impacted by this incident. However, I tried and received no information at all about whether or not I was affected by the breach.
3
If the CFO doesn't go to jail for selling shares "in the days after the breach was discovered" there is something badly wrong with our justice system. Not only does his company put millions of its customers in potentially disastrous situations, now he's also ripping off its shareholders, and all while personally enriching himself in the process. It's absolutely outrageous. This behavior is why millions of Americans don't trust corporate executives, and it must be severely punished.
9
These "credit monitoring" behemoths are a joke. Why is it a "strike" against my credit rating that I haven't had a loan taken out in my name recently? (I paid off my truck loan 3 years ago, never missing a payment!) Why is it a "strike" against my credit rating if there's an "inquiry" into my credit report? When I monitor my own credit report, I find it full of rampant mistakes, such as living in Arizona (when I've NEVER lived in Arizona, ever!) and the only employment is a job I had in college 13 years ago! Waste waste waste of time and resources! This credit score malarkey is way out of hand. Shut them all down.
6
If these companies are dumb enough to give thieves my identity. they should believe I'm dumb enough to pay the bill.
1
We need to stop using social security numbers as a means of authentication and simply use them for identification. By the I mean asking someone for the last four digits of their SSN should not confirm their identity. There should be the assumption that everyone knows everyone's SSN. Treating SSNs as private at this point is simply foolish.
4
So the company that lost our personal data, wants us to entrust them again with the same private data to see if we were affected.
Fool us once...
Fool us once...
4
What will be especially ironic and redress-proof will be when someone whose info, stolen from these vultures (Equifax), is used for ill gain potentially damaging the victim's credit, which will then be used by Equifax and its ilk to further victimize those who were compromised by Equifax's corporate incompetence and arrogance.
5
Congress needs to shut them down and have homeland work with the other two credit report agencies. We are not their customers, banks and credit card companies are their customers. Shut this silly private company big brother down.
6
When are the executives who run these companies and government agencies going to be accountable for losing our data? When are they even not going to get their bonus this year, let alone getting demoted or fired?? I take multiple efforts and spend on software, and guard my use of the internet to protect myself, but I have been on "credit monitoring" for the last 6 years from other entities who have lost my data, all beyond my control.
Ship captains are accountable when their ships collide, workers are fired for far simpler errors, and these folks get away with millions of peoples' critical information getting hacked, with a simple "Sorry" and a website we can log into? Really? They have the resources to hire the best minds available. If they can't manage their own companies, the Consumer Financial Protection Bureau should manage it for them.
Ship captains are accountable when their ships collide, workers are fired for far simpler errors, and these folks get away with millions of peoples' critical information getting hacked, with a simple "Sorry" and a website we can log into? Really? They have the resources to hire the best minds available. If they can't manage their own companies, the Consumer Financial Protection Bureau should manage it for them.
3
Pathetic! Why does this company enjoy so much privilege? And why aren't the Equifax execs who sold stock upon learning about the breach not in jail? Very sad!
5
Are you telling me that this company, which has the power to assign me a credit rating that will determine my security as a borrower, employee, renter, lessee, and engage in myriad other transactions, is so incompetent and inept that they have allowed some of my most sensitive information to be stollen? What recourse did we have to protect ourselves against this ever happening? None that I know about.
4
Who are these people and why do they have our information? Again, monopolies == the country's personal information concentrated in the hands of three obviously incompetent companies, unauthorized by us, allowed to make billions off of our personal data. How did we let ourselves get into this mess?
2
I heard the CEO talk about this today -- he called people with credit report "customers." I don't think I ever asked these turkeys to collect data on me. I resent being called a customer, I did not want my data collected!
3
These companies collect and sell my data, and there's no way I can opt out. They use sophisticated algorithms to predict how likely I am to pay. Several years ago, a state employee lost a laptop computer with the SS#s and personal data of every registered voter in my country. Unsuprisingly, they offered the same solution as Equifax--1 year of "insurance" that would, in theory, protect me if someone used my personal information. I chose instead to "freeze" my data, which the credit bureaus discourage because they want to sell it. So they make that process as miserable and time-consuming as possible. I hope this wakes someone in government up to the unbridled power these companies have over the average consumer--and how little they think about their responsibilities to us.
6
Why wasn't this information encrypted? I believe that's standard practice these days and for Equifax not to have done so is criminal negligence. I will happily join the inevitable class action lawsuit.
8
What will it take for legislature, technology experts and financial institutions to retire the use of social security numbers? There are so many advanced technologies that can be leveraged to better secure and identify individuals and their information. Hackers will continue to breach and use this information if it's stored on some cloud or server like the one breached at Equifax. This is not their first breach and there will be more to come.
6
It's like they haven't heard of encryption. Separate identifying data, put it on two servers in encrypted files, then call them when you need to make an inquiry. This happened at Experian as well. These companies have basically one job, which is to hold data securely. And they make little effort to do it responsibly.
6
Dealt with equifax and that other credit agency years ago to clean up some wrong information on my credit report. Don't want to deal with them again. I, since, have changed my credit cards, bank accounts and mortgage. I had to clean up the mess myself when it was their own bad data and when it was a question of fraud I just moved everything as quick as I could. While I wish the best for all those whose financial information was compromised, I feel nothing for Equifax. They make their living on data collection and reporting and if they cannot keep that information secure, I think they are culpable.
8
There need to be $B fines (think Volkswagen emissions penalty) for companies that don't adequately protect the sensitive data that has been entrusted to them. Until the cost of failure exceeds the cost of enacting the necessary protective measures, we will see this over and over. If the fine puts them out of business, then so be it - end result will be the elimination of a source of vulnerability.
9
There is tort involved in each of these attacks - for some people credit ruin is the least of the potential problems. Yet the liability that companies share is negligible. It's time for some class action if there is no appreciable regulation soon.
11