What I want to know is was it China that did this, and what is President Trump, Rex Tillerson, and US Cybercommand going to do about it?
6
Their enrollment process is completely messed up. A number of hours after initiating the enrollment process via their web site I received an email which directed to their web site for identity verification. When I entered my last 4 digits of SSN and my birthday, it said wrong identification. Seems like the only people in the world who don't know about my SSN and birthday are Equifax people.
35
I think this hack was an inside job of existing/recently departed employees.
Equifax's execs actions after the breach are revealing: Execs were more interested in their own profits than protecting your personal information.
Execs found out about the breach on July 29; sold stock on August 1, The rest of us, including Equifax subscriber, found out about this a month later?
Equifax's execs actions after the breach are revealing: Execs were more interested in their own profits than protecting your personal information.
Execs found out about the breach on July 29; sold stock on August 1, The rest of us, including Equifax subscriber, found out about this a month later?
55
Why is there this notion that the hackers have stolen MY info/identity? If anyone had asked Equifax for all info on Outdoor Greg, it would have said pay us, this is our proprietary information. So what has been stolen is EQUIFAX's property, and now that property might be used against me. This is no different than if a construction company left dynamite sitting out at a jobsite, and somebody used it to blow up my house. Guess who would be liable for that? Will a good class-action attorney please contact me immediately? (To pay me a consulting fee for this analogy, of course.)
35
Our vulnerability to exposed information like this is incredibly frustrating - we have no real power over who gets to see what, unless a lock is placed on the account. And be aware, the credit bureaus love capitalizing on this. Experian is the most appalling charging customers $24.95 a month to keep your account locked. If you ask me, they can care less about our identities and financial privacy and want only to exploit customers who most assuredly will be hurt by these breaches
24
A few friendly amendments to your article. First, Innovis does not seem to offer credit/security freeze. It directs you to the security freeze links of the big three credit agencies. Is Innovis just making this service hard to find on their site, or did they find a loophole to exempt themselves from this service? Second, before you freeze your credit, request your free annual credit reports. That way, you will have information available that may be asked to verify your identity before the big three will grant your freeze. Finally, while you're at it, go to the Consumer Financial Protection Bureau, and get the number to opt out of unwanted credit card solicitations.
39
Who is Equifax and why do they have my personal information? Who gave them the right to my information??
41
Great advice and appreciated the direct links! I just froze my accounts and all offered it (surprise!) for free. Ron jokes about how Equifax will make money on this- that should be addressed and dealt with. Too much of our personal information is out there in the ether, 99% of it not by consumer choice. Beyond credit date are mailing lists bought and sold and so much more. Consumers are powerless to protect their own data and then are forced to take all the steps to shield themselves once these giant companies prove themselves to be irresponsible and inept at managing the data they have collected.
30
there's no mention here of Credit Karma, which gives you free, unlimited access to your credit reports from equifax and trans union. Is there a reason this option was left out? Are the reports unreliable? My reports have been frozen for several years now. I use Credit Karma to see my scores and reports. If this site is bogus, please let the public know.
6
I've read that Karma info is not all up to date, some of the inquiry they do is a soft & not a hard pull. I think the main focus should be on a freeze. I have made the decision to assume my info is stolen & will be used - doing reports or monitoring would tell me if my info is being used & it's definitely good to know that, but for me that would be too late. I think the only option is to do a freeze which can prevent use of personal info by criminals. Equifax's year of monitoring I think is mostly useless - so ok you can see if/when your info is being used, to reverse & clean that up is a huge task & may not ever be complete especially if the criminals are from overseas.
6
Tried to place a freeze on my Experian data (online) and was provided a message stating this had to be submitted analogue! The Equifax process was free and processed online (the same data).
SITE RESPONSE:
To request a security freeze, send all of the requested information via certified or regular mail to Experian Security Freeze, P.O. Box 9554, Allen, TX 75013. Include your full name, with middle initial and generation, such as JR, SR, II, III, etc.; Social Security number; date of birth (month, day and year); current address, previous addresses for the past two years and any applicable fee as indicated below.
Send copies of any documents you wish to provide to us and always retain your original documents. You may also submit your request electronically at experian.com/upload. We will send you a confirmation notice once the security freeze has been added, and you will be given a personal identification number (PIN) that will be required in order to remove the freeze temporarily (in order to apply for credit or for any transaction that requires that another party access your personal credit report) or permanently.
If you are paying for a security freeze placement, enclose your check or money order for $10.00.
Mail this form, along with payment (if applicable) to:
Experian Security Freeze
PO Box 9554
Allen, TX 75013
SITE RESPONSE:
To request a security freeze, send all of the requested information via certified or regular mail to Experian Security Freeze, P.O. Box 9554, Allen, TX 75013. Include your full name, with middle initial and generation, such as JR, SR, II, III, etc.; Social Security number; date of birth (month, day and year); current address, previous addresses for the past two years and any applicable fee as indicated below.
Send copies of any documents you wish to provide to us and always retain your original documents. You may also submit your request electronically at experian.com/upload. We will send you a confirmation notice once the security freeze has been added, and you will be given a personal identification number (PIN) that will be required in order to remove the freeze temporarily (in order to apply for credit or for any transaction that requires that another party access your personal credit report) or permanently.
If you are paying for a security freeze placement, enclose your check or money order for $10.00.
Mail this form, along with payment (if applicable) to:
Experian Security Freeze
PO Box 9554
Allen, TX 75013
15
you're suggesting in the midst of all this that i freeze my credit report with a "little known" company called Innovis? you really think im going to give my ssn to a company ive never heard of at this point?
10
Hope you didn't sign up for the monitoring service. You agree to arbitration and waive your right to participate in a class action.
16
Got credit monitoring going, but couldn't do a credit freeze on any of the site's. Clunky and difficult to navigate, Equifax, Experion, and TransUnion each had it's own hoops to jump through. None would let me compete the process and one kept saying that it couldn't confirm my identity, even with my SSN and date of birth. Another sent me digging for papers when it asked for the date and amount of my last car loan! What a racket.!! If only the hackers had had as much difficulty as I had . . . .
101
Please please please people. If even 1% of people who have been affected by this breach called their senators and representatives, that's almost a million and a half phone calls on this issue. Tell them that they need make Equifax provide lifetime monitoring/fraud alerts/credit freezes entirely free of charge to all those affected by this breach. For the rest of their lives.
In fact, consumers should be automatically notified by e-mail every time a creditor or employer or anyone else runs a credit report on them. The technology exists, and the carelessness these agencies have demonstrated with our financial information demands that these changes be made at THEIR expense. A million and a half phone calls within the space of a week should light a fire under our legislators to do something about this.
In fact, consumers should be automatically notified by e-mail every time a creditor or employer or anyone else runs a credit report on them. The technology exists, and the carelessness these agencies have demonstrated with our financial information demands that these changes be made at THEIR expense. A million and a half phone calls within the space of a week should light a fire under our legislators to do something about this.
66
The high handed behavior never ends... these organizations never seem to learn humility without the threat of being shut down... Went to enroll in the identitiy theft protection... at end of enrollment, system says,
"Thank You
Your enrollment date for TrustedID Premier is:
mm/dd/yyyy (actual date 2 -3 days later)
Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process."
Seriously? After such a major mess up, they cannot send a reminder of some sort on day of enrollment!
Then comes the kicker... when u see the enrollment tab...Within a few days, you will receive an email with a link to activate TrustedID Premier. Please be sure to check your spam and junk folders if you do not receive your activation email within that timeframe....
Within what timeframe? A FEW DAYS!!!
Service has been pathetic for years, and still remains the same.
"Thank You
Your enrollment date for TrustedID Premier is:
mm/dd/yyyy (actual date 2 -3 days later)
Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process."
Seriously? After such a major mess up, they cannot send a reminder of some sort on day of enrollment!
Then comes the kicker... when u see the enrollment tab...Within a few days, you will receive an email with a link to activate TrustedID Premier. Please be sure to check your spam and junk folders if you do not receive your activation email within that timeframe....
Within what timeframe? A FEW DAYS!!!
Service has been pathetic for years, and still remains the same.
8
I just entered my dog's name and the date and time. It confirmed that her data may have been impacted by the breach. Woof!
36
Oh God! Been waiting, and fuming, for years for someone to say this!!
Yes, they will make money off of this in a year's time (just as the airlines, and the banks etc did). And yes, there's nothing anyone will be able to do about it, because any efforts to hold them accountable, monetarily, would be thwarted by members of the Congress whose pockets are always lined by every industry in this country! We have formalized corruption into our social system!
Yes, they will make money off of this in a year's time (just as the airlines, and the banks etc did). And yes, there's nothing anyone will be able to do about it, because any efforts to hold them accountable, monetarily, would be thwarted by members of the Congress whose pockets are always lined by every industry in this country! We have formalized corruption into our social system!
26
The difference being that the airlines and banks arguably provide a useful service to consumers.
8
Equifax want you to call them to see if you have been compromised when they should be writing you and notifying YOU. The make it your responsibility when it is truly theirs. Equifax is fully 100% liable for the information breach which is suppose to be illegal. Is their security below par and will the other credit agencies be next due to bad management? basically Equifax released your information without your consent, they are fully liable. Make them come to you
109
Equifax charged me $10 to do a security freeze. They didn't charge my husband. I heard that Equifax wasn't going to be charging for this, but they did. Then I tried Transunion and Experian, they also charged me $10 each, but they wouldn't let me put a security freeze in for my husband when I used only his information. They kept telling me they had already frozen my credit. The only the thing that was the same for both of us was the address. I have not been able to find out if freezing for one of us freezes the other.
One thing people need to be aware of is that anything beyond a credit freeze will impose an obligation to accept binding arbitration. I'm told that AAA provides identity theft protection with membership, but I will have to call on Monday to find out what I have to do. Their website wasn't very helpful. I'm told as well that you can get identity theft protection through your homeowner's insurance.
One thing people need to be aware of is that anything beyond a credit freeze will impose an obligation to accept binding arbitration. I'm told that AAA provides identity theft protection with membership, but I will have to call on Monday to find out what I have to do. Their website wasn't very helpful. I'm told as well that you can get identity theft protection through your homeowner's insurance.
9
Equifax is very lucky there are major hurricanes and earthquakes this week, so they aren't the scrolling headline on CNN.
Nevertheless, they and the other two credit agencies should be required to freeze everyone's credit files ans change PINs until they've cleaned this mess up.
Nevertheless, they and the other two credit agencies should be required to freeze everyone's credit files ans change PINs until they've cleaned this mess up.
21
I think they deliberately waited until a moment when they could hide behind other news.
Didn't this breech happen in July?
Didn't this breech happen in July?
25
They're also lucky that we are in the current political climate. No worries about any of this getting regulated.quite the contrary.
19
I had been paying Equifax $14.95 / month for some years now to subscribe to their special credit security services. I also had my data ripped off. I'll certainly be filing to recover my fees, which apparently bought me absolutely nothing other than a false sense of security.
19
They are allowed to monitor us - why isn't there some way for us to monitor these companies? There ought to be "scores" given out for the effectiveness of their security systems, points for responsiveness of the companies to complaints and to fixing inaccuracies, and also points for customer service. And we should be able to selectively block certain credit reporting agencies from getting and especially keeping, selling or using our information if their scores are low.
21
Well have to wait about 7.5 years to start having a series discussion about this.
10
Dear NYT,
Please let us readers know when and how to sign up for a class-action suit. I'm ready.
Please let us readers know when and how to sign up for a class-action suit. I'm ready.
30
I have frozen my credit with the big 3 reporting agencies, but one of my biggest fears is that someone will use my identity to rent a room or apartment and then get evicted! This could make renting in the future impossible for me.
How can I protect against this? I have found some info on tenant background and checks for evictions, but can't find out how to freeze the information about me.
Can NY Times write an article with guidance for this?
How can I protect against this? I have found some info on tenant background and checks for evictions, but can't find out how to freeze the information about me.
Can NY Times write an article with guidance for this?
14
A cell phone and two factor authentication is far better security than a social security number these days. Why are we so behind the times?
16
What ever happened to not allowing Social Security numbers to be used for identification?
18
The criminals who run Equifax should be jailed for fraud.
30
On second thought I should probably stop paying my car loan & go crazy with my credit card etc & go into dept so my high score I've worked many years for will take a dive. Cant open any new accounts with bad credit! If 100 million people did that & essentially revolted, this would have a significant effect in the corrupt greedy banks & financial institutions that own us all. If very few can borrow where would they go for business?
19
Equifax should not be allowed to operate any longer. The Federal Consumer Protection Agency should close them down, or what ever government agency has the power to do so. And the SEC should go after those executives who knew about the breach and waited until they sold their stock before they finally got around to reporting it.
143 million unsuspecting citizens are put in jeopardy because this company did not do their job, even thought they sell security software to others.
Why do we need 3 reporting agencies anyway?
Come on Government agencies do your job.
143 million unsuspecting citizens are put in jeopardy because this company did not do their job, even thought they sell security software to others.
Why do we need 3 reporting agencies anyway?
Come on Government agencies do your job.
27
You are saying, in effect, "there oughta be a law." But there probably isn't.
4
Unfortunately, the CFPA will more likely get shut down long before equifax ever does. Don't forget, we're making America great again.
25
Authentication procedures are such a safer way to go. I've always been leery of these companies. Doesn't feel good to be right.
And now, I have been unable to put freezes on or even access my credit reports from any of the Big Three. We've probably swamped them with our requests. Again crazy - they could be making lots of money from us on the freezes!
The whole thing really smells bad!!
And now, I have been unable to put freezes on or even access my credit reports from any of the Big Three. We've probably swamped them with our requests. Again crazy - they could be making lots of money from us on the freezes!
The whole thing really smells bad!!
7
I have heard that if you sign up for them to monitor your credit that, under the terms that you must accept, you waive your right to participate in a class action suit or to sue them if you are actually damaged.
4
Looking at the bonanza the Equifax will reap from breach, why other credit companies should tighten their security?
7
I checked into the biggest 'credit protection' companies around and learned that they do not place a credit fee for their members. What they claim to do is scan hundreds of millions of transactions a second to find out if there is any activity going on with your security number... and they charge a fee for this every month for the rest of your life.
Here's how you can do the same for yourself without ever paying a monthly fee:
1. Get a Discover credit card. They offer a FREE service to card-members that does the same scanning thing that the big monthly service company does; see www.discover.com/freealerts
2. Place your own credit freeze with the 3 major credit-rating agencies with the kit provided by a company at www.FreezeOutCrooks.com
They charge a one-time service fee for the package, that even has pre-stamped envelopes to the agencies, full instructions on filling out the pre-printed Credit Freeze request letters, and even a manila CREDIT FILE folder for your copies - and avoid paying hundreds a year.
Here's how you can do the same for yourself without ever paying a monthly fee:
1. Get a Discover credit card. They offer a FREE service to card-members that does the same scanning thing that the big monthly service company does; see www.discover.com/freealerts
2. Place your own credit freeze with the 3 major credit-rating agencies with the kit provided by a company at www.FreezeOutCrooks.com
They charge a one-time service fee for the package, that even has pre-stamped envelopes to the agencies, full instructions on filling out the pre-printed Credit Freeze request letters, and even a manila CREDIT FILE folder for your copies - and avoid paying hundreds a year.
8
Forgive me for being naive but, how on Earth could it possibly be legal for companies like Equifax to unilaterally aggregate my private financial and historical information?
The NYT not only aggregates but publishes private financial and historical information whenever they can lay their hands on it.
The NYT not only aggregates but publishes private financial and historical information whenever they can lay their hands on it.
4
Ron Lieber says: "That’s all well and good, except that the thieves might use the stolen information to apply for credit with lenders that check the credit reports only at the other big agencies, Experian and TransUnion. So this protection is incomplete."
This is incorrect. I looked up https://www.equifaxsecurity2017.com/trustedid-premier/ and it says clearly that this is 3-bureau credit monitoring. Quoting their words here: "Credit file monitoring and automated alerts of key changes to your Equifax, Experian and TransUnion credit files." (There is, however, a footnote that Experian and TransUnion credit monitoring will take several days to begin).
It is Sept. 10 now, 2 days after the date this article was published. So it is possible that Equifax expanded the monitoring offered after the publishing of this article.
This is incorrect. I looked up https://www.equifaxsecurity2017.com/trustedid-premier/ and it says clearly that this is 3-bureau credit monitoring. Quoting their words here: "Credit file monitoring and automated alerts of key changes to your Equifax, Experian and TransUnion credit files." (There is, however, a footnote that Experian and TransUnion credit monitoring will take several days to begin).
It is Sept. 10 now, 2 days after the date this article was published. So it is possible that Equifax expanded the monitoring offered after the publishing of this article.
2
Ron Lieber says: "Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message."
Well, I tried the same and I got the message that my "personal information was not impacted by this incident."
Notice the "not" in that sentence? So it is not the same as "may have been impacted". It is also the correct response because the personal information of a non-existent person could not have been impacted. I think that Ron Lieber did not carefully read the message on his screen, which only confirms my belief that he was out to "get" Equifax when he wrote this article. I will read any future articles by Mr. Lieber with a critical eye and a pinch of salt.
Well, I tried the same and I got the message that my "personal information was not impacted by this incident."
Notice the "not" in that sentence? So it is not the same as "may have been impacted". It is also the correct response because the personal information of a non-existent person could not have been impacted. I think that Ron Lieber did not carefully read the message on his screen, which only confirms my belief that he was out to "get" Equifax when he wrote this article. I will read any future articles by Mr. Lieber with a critical eye and a pinch of salt.
4
i put in the info on my 17 year old daughter and it alao came back "not"
Perhaps you didn't read the article. He says they later changed this.
4
Since I do not intend to spend the rest of my life looking over my shoulder, all I want to know now is, just how to go about changing my social security number?
9
Come to think of it, if we handle this right, this whole Equifax debacle may turn out to be a blessing in disguise.
Our doctors, and insurance companies, and most employers (now including many unknown hackers thanks to Equifax)) already have our SSAN's, names and addresses, dates of birth, State I.D. and/or drivers' license numbers etc., etc...
If there was ever a time to change this very dumb antiquated system, NOW IS THAT TIME!
Aside from the obvious IMMEDIATE BENEFITS to be gained, think of all who are now, and have been for years, illegally using identities belonging to people either no longer alive, or no longer mentally viable.
As an immediate additional benefit, this will all be brought to a sudden end!
Now, let us make fresh lemonade out of these lemons that have been forced upon us!
Our doctors, and insurance companies, and most employers (now including many unknown hackers thanks to Equifax)) already have our SSAN's, names and addresses, dates of birth, State I.D. and/or drivers' license numbers etc., etc...
If there was ever a time to change this very dumb antiquated system, NOW IS THAT TIME!
Aside from the obvious IMMEDIATE BENEFITS to be gained, think of all who are now, and have been for years, illegally using identities belonging to people either no longer alive, or no longer mentally viable.
As an immediate additional benefit, this will all be brought to a sudden end!
Now, let us make fresh lemonade out of these lemons that have been forced upon us!
9
And guess who the Social Security Administration uses to verify identification?
Equifax!
But if you still want to change your social security #, call Social Security and ask. You'll probably need to go to your local SS office with a great deal of documentation.
Equifax!
But if you still want to change your social security #, call Social Security and ask. You'll probably need to go to your local SS office with a great deal of documentation.
6
We will get action on a better system of national IDs only when a bunch of senators and reps get their identities stole. Hint.
7
I am a little puzzled by the following thought expressed in this article:
"On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.)"
I do not understand what is wrong with asking for the last six digits of the author's Social Security number so that Equifax may confirm that they have the correct person identified. Does Mr. Lieber think that Equifax should know who is sitting in front of the computer on the other end of the net connection simply by knowing the person's last name? Am I missing something here?
In summary, Mr. Lieber seems intent on criticizing Equifax for any real or imaginary error that he can think of. Before you ask, I do not work for Equifax and do not receive any compensation from Equifax for writing in their defense. However, I do stand against irresponsible and spiteful "journalism".
"On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.)"
I do not understand what is wrong with asking for the last six digits of the author's Social Security number so that Equifax may confirm that they have the correct person identified. Does Mr. Lieber think that Equifax should know who is sitting in front of the computer on the other end of the net connection simply by knowing the person's last name? Am I missing something here?
In summary, Mr. Lieber seems intent on criticizing Equifax for any real or imaginary error that he can think of. Before you ask, I do not work for Equifax and do not receive any compensation from Equifax for writing in their defense. However, I do stand against irresponsible and spiteful "journalism".
I believe Mr. Leiber stated that takes gall because we already know they can't be trusted with our social security numbers. I felt the same way--and also, normally I have to provide only 4 numbers. So I felt that I was risking even more information if someone is hacking that web page. I mean, social security numbers are a primary piece of information that needs to be protected, right?
17
Well, yes... but for that same reason, the SSN would be more likely to be known only to the owner (though more frequent data breaches would reduce that possibility) compared to other more public types of information like phone number or address. Past addresses could also have been used as verification. They are usually used when accessing the annual free credit report.
1
Ajoy, you are very talented. Perhaps you should peddle your services to a more worthy client than Equifax.
5
At least for this fleeting moment in time, I think the most likely people who would be able to act in our behalf would probably be Chuck and Nancy.
6
Here's info on the class action lawsuit. Btw, if you contact equifax directly, it seems you can not be part of the suit.
http://www.prnewswire.com/news-releases/classactioncom-files-lawsuit-on-...
http://www.prnewswire.com/news-releases/classactioncom-files-lawsuit-on-...
7
Mare -- please research your second sentence above. I read, like you, that if you ask for Equifax's assistance, you were barred from being in the class-action suit. But later I read that Equifax had been forced to change that. So check it out.
1
I took the plunge, started @ equif-up and did a freeze, it was suspiciously easy & no prompt to charge a fee. In my state (WI) it's $10 based on the FCRA, maybe their charge system is asleep on a Sunday morning or the freeze wasnt really processed - how can you know with this company. Next to Esperian & Transunion, no problem except couldnt find the freeze page from the TU main site, thanks to this column for providing the correct link. Paid $10 each & the freeze was processed.
Hey Equifax, I think you should reimburse me for the $10 X 2 freezes that I am forced to do because of your complete incompetence!
Hey Equifax, I think you should reimburse me for the $10 X 2 freezes that I am forced to do because of your complete incompetence!
10
I think the site https://www.equifaxsecurity2017.com/ has been hacked. Avast for Mac find s2 security sits when i navugate to the site.
3
Just followed your directions for a credit freeze with all four agencies. Equifax's was free, as was Innovis. Experian said a $5 fee was required in Ohio, and TransUnion couldn't process my request either online or using their phone system - they said they couldn't verify my information.
3
Thanks so much for the information. Have been working on this all morning. It is an absolutely hellacious experience trying to get to my information from those collecting it without permission. The https://www.annualcreditreport.com/index.action broke several times with error messages showing up, either on their site or one of the credit reporting sites. I managed to get equifax in, but they are going to mail (not email, mail) the report rather than deliver online, because the information they use to verify me is different than my real information. I finally called the number which seems to work better; they will send paper in 10 to 15 days, yes 10 to 15 days. I bet the US postal service is going to get very busy very quickly. I have also wandered around the credit reporting sites trying to freeze my credit reporting. So far Equifax can't even display the page (server error), you can't log in too Transunion to invoke a credit freeze, all you get by logging in is the 19.99 per month offer, you have to invoke it (https://www.transunion.com/credit-freeze/place-credit-freeze). Of the 3 Experion provided the best and easiest service as well as free access to your Experion credit report. Time to call in the government, again. My feeling is forget all the different sites, I want to log onto my social security(https://secure.ssa.gov/mySSA/start) and get them from there, free with daily updates.
2
First of all, I've always thought the entire Credit Reporting business was a gross violation of a person's right to privacy. And look at the mess Equifax have made of it - not only have they violated my privacy but they have compromised me through flawed and careless security measures and avoidable breaches of safeguards and security when it comes to sensitive, personal data. Ron Lieber describes exactly what I did yesterday and got precisely the same responses. What a joke. Credit reporting agency legislation needs urgent review with stringent regulation applied and enforced given the enormous impact they can exert on people's lives and fortunes (or misfortunes) as the case may be. I sense a massive class action suit against Equifax is in the works already...and I'll be adding my name to the list of 146 million plaintiffs.
16
All courtesy of the 'no government-no regulation people.'
17
What we need is a small group of dedicated hackers who find a way to break into files and actually destroy the data and backups. This will get the attention of Equifax and the rest of the parasitic, predatory data mining operations such as Equifax and Facebook.
7
Ron, can you address the difference between TransUnion's security freeze and their free TrueIdentity product? I think this is confusing many people . . . thanks!
5
The company (& its fellow competitors) should be prosecuted under the RICO act---it isn't just profiteering, it's RACKETEERING!
7
The only website that didn't work properly for a fraud alert was Experian -- I look forward to the resulting class action lawsuit and the bankruptcy of Experian -- even if it means a check for $1.50.
4
Does the 1 year free automatically enroll you into the paid program?
My data were stolen from Wells Fargo. They offered me free monitoring for a year. But after a year enrolled me in the paid program and took funds from my acct. I did not notice for a while and they only refunded some of the funds when I complained.
My data were stolen from Wells Fargo. They offered me free monitoring for a year. But after a year enrolled me in the paid program and took funds from my acct. I did not notice for a while and they only refunded some of the funds when I complained.
7
We froze our accounts with these outfits after the OPM and Anthem breaches, but now you're telling us that those freezes are like permafrost in the tundra. Dandy for the global warming deniers, but we real-world dwellers are about to be knee-deep in mud.
This corporation and its execs may be punished, but only because they got caught. Exposing the gears and belts of the money-scooping machinery to scrutiny by the press--THAT's the unforgivable breach. Now watch those who want to gut the Consumer Financial Protection Bureau get all indignant and pretend they didn't know, or claim it was all the Bureau's fault.
The Thief-in-Chief may well have done us a service in focusing our attention on the rampant corruption of our "system." David Cay Johnston's book Perfectly Legal (2003) disabused me of the notion that we had minimal corruption at the top, but the Democratic National Committee shenanigans and the Republican installation of the Weasel in our henhouse confirmed the growing suspicion that the top is rotten, sly folks at every level are on the take, and a chunk of the populace is fine with that. Now it's evident that we're just like the countries we used to be so contemptuous of--you know, those corrupt banana republics.
Exceptional, not so much.
This corporation and its execs may be punished, but only because they got caught. Exposing the gears and belts of the money-scooping machinery to scrutiny by the press--THAT's the unforgivable breach. Now watch those who want to gut the Consumer Financial Protection Bureau get all indignant and pretend they didn't know, or claim it was all the Bureau's fault.
The Thief-in-Chief may well have done us a service in focusing our attention on the rampant corruption of our "system." David Cay Johnston's book Perfectly Legal (2003) disabused me of the notion that we had minimal corruption at the top, but the Democratic National Committee shenanigans and the Republican installation of the Weasel in our henhouse confirmed the growing suspicion that the top is rotten, sly folks at every level are on the take, and a chunk of the populace is fine with that. Now it's evident that we're just like the countries we used to be so contemptuous of--you know, those corrupt banana republics.
Exceptional, not so much.
11
What can be done right now to protest. If 143 million people put a freeze on what would happen? One immediate impact would be revenue loss to these agencies. Perhaps that would get their attention.
4
I signed up online for a credit freeze at Equifax a few minutes ago and I was supposed to print the last screen with the secret pin number to remove the freeze in the future, but the document was blank and there was no print button. Now I have freeze that I can not remove.
5
Ken, hopefully you haven't closed that window yet! You must click in the area that "looks" blank, but in reality, it is not ... it's a .pdf document, and if you print using Adobe's clickable print icon, you'll see it, Also, clicking in that area allows you to scroll up/down to finally see the message. I too was worried at first, as I guess most people were.
3
I ran into the same - typical equif-up lack of clear instructions - at the top of the indented screen there's a black bar, you need to hover the mouse over it slowly & the PDF menu options will appear & at top right is a print icon.
3
Check your downloaded files. You should see a file called SFF. That contains your PIN. You'll note that the PIN is simply the date and time you created the freeze.
2
OK- I went to the EquiFax web site to freeze my credit report, as recommended here. Their web site is very busy, I couldn't get through on my computer, but my phone connected. I went through the freeze form, everything went as described, except that the final page with the info required to un-freeze didn't load properly! I called the number for the special call center and am waiting...
3
I would be agreeable to Equifax (a corporate 'person') being subject to the death penalty, namely liquidation of assets. Not to shareholders, but to everyone in their database whose credit is compromised. It would be nice to have a RICO charge stick also, and make their management liable for damages. This might act as a wake up call for the other two big credit-scoring companies.
7
I never explicitly or voluntarily gave a "credit reporting" company any of my personal, or financial information, ever. Forgive me for being naive but, how on Earth could it possibly be legal for companies like Equifax to unilaterally aggregate my private financial and historical information? Would it not be illegal for a mere individual to collect financial information from unwitting strangers and sell it for personal gain i.e. credit reports, etc? How is it possible that we even allow Equifax to exist? Are there no fundamental constitutional protections?
9
I have not read all the comments so do not know if this has been brought up. So if my SSN, birthday, address are out there. What about the data being used to scam the IRS and filing false returns. Will the Equifax credit protection prevent or fix this one as well? I do not think so and I will not know about it until I have filed my return and it gets rejected because someone already filed a return.
4
Equifax, Transunion, and Experian all three of the credit reporting agencies need to provide lifetime credit monitoring services. Irrespective of the fact anyone requests a soft pull or a hard pull, the consumer should be notified. The life time credit monitoring process should continue till the entire credit reporting process is revamped. WIth 143 million consumers affected, this breach has probably affected the 75% of the working age population (appx 200M).
5
I was able to set freezes on three out of the four suggested companies -- for some reason Experian denied my freeze online. I now have to send them documents via certified mail. What a pain. I will call and give them a lashing first. (Kidding, kind of...) Thank you for this information, it has been helpful.
4
That same thing happened to me with Experion on Friday, but I tried again last night and it worked online.
I had the same problem with Experian's online system but was able to do a freeze over their automated phone line. Worth a try before going to the trouble of printing and mailing.
3
Experian refused mine as well.
If you freeze your credit at Equifax, you get a 10-digit pin code that you need to remove or temporary lift. Unfortunately, the pin code is not very secure: if you froze your credit today at 11:25 ET, your pin code is 0910171125, i.e., date and time. That makes brute-force attacks very simple. Sure: the integrity of our sensible data is of greatest concern to Equifax.
4
Also, if they hack into Equifax again, all of the freeze requests are on the system with a time stamp that conveniently provides the PIN to unfreeze.
2
The article says to place the fraud alert for the longest possible time, but the longest on offer with all three credit agencies is 90 days. There is a 7-year possibility, but that requires a police report to prove you've been a victim of identity theft. The fraud alert isn't much help if it only lasts 3 months. Whoever stole all our information probably won't start using it for months, or years, long after we've all forgotten this event occurred.
5
Why can I, for free, have my bank email me whenever I use the ATM--or have a credit card charge above a certain limit, etc--but can't have this simple service provided by the credit reporting companies? These companies need to be reigned in, big league.
9
It's because there's something in it for them -- they stand to lose money when fraudulent transactions are involved. Not so in the case of these credit reporting companies...
We have been so whipped that what we complain about is the fairness of freeze fees within a system that does not keep our data safe and makes it hard to remove damaging but inaccurate information and does not hold the companies responsible for the damages done to us. Like blacks in the segregated South, we just say that that is how it is and we have to live with it.
16
Actually, Blacks didn't live with it (please google, Civil Rights Movement) and we don't have to now. And in any case, these situations are not the same. Not the same at all.
5
Here's a breakdown by state regarding credit card freeze fees. My question is why isn't it free for everyone nationally for everyone? It's not like each state has its own bureau. Why do some states allow these blood sucking companies to make money off their failure to screen bad actors from fraudulently applying for data and/or securing my information? I'm contacting our attorney general about IL and its fee allowance.
http://www.creditcards.com/credit-card-news/credit-card-freeze-data-1276...
http://www.creditcards.com/credit-card-news/credit-card-freeze-data-1276...
28
Thanks Karen. Very useful info.
2
This is a situation that affects 143 million Americans - certainly more than the 5 or 6 million in hurricane country, a hurricane that will pass in a few days. And yet, no mainstream media is paying much attention to the violation of our most private information.
Equifax obviously didn't do one single thing to protect our data from hackers. Why spend money on that? Instead, all the company's stop eeuctives, including their Chief Financial Officer John Gamble, Jr., sold of shares of Equifax stock worth more than $1 billion, before the breach was maade public.
These are the real crooks - the ones sitting in Equifax corporate offices with tens of millions of dollars annually to do nothing to protect the information of 143 million Americans who were never given any choice to use Equifax or not. These are the multi-millionaires and billionaires to whom Trump wants to give a tax cut.
Does anyone think this Republican controlled Congres will ever do anything to protect the American people from this complete scam? Or regulate their business? Or report their insider-trading stock transactions to the SEC?
We are so screwed in this country. I am beyond furious, like millions of my fellow American minions.
Equifax obviously didn't do one single thing to protect our data from hackers. Why spend money on that? Instead, all the company's stop eeuctives, including their Chief Financial Officer John Gamble, Jr., sold of shares of Equifax stock worth more than $1 billion, before the breach was maade public.
These are the real crooks - the ones sitting in Equifax corporate offices with tens of millions of dollars annually to do nothing to protect the information of 143 million Americans who were never given any choice to use Equifax or not. These are the multi-millionaires and billionaires to whom Trump wants to give a tax cut.
Does anyone think this Republican controlled Congres will ever do anything to protect the American people from this complete scam? Or regulate their business? Or report their insider-trading stock transactions to the SEC?
We are so screwed in this country. I am beyond furious, like millions of my fellow American minions.
52
I have god-awful credit scores, truly horrible scores. Nobody is getting a credit line for so much as a slice of pizza, with my info. I knew my crap financial skills would come in handy one day.
35
It should be illegal for any of these reporting agencies to charge for any security and monitoring services. These agencies are able to profit on their incompetence. They freely exchange private information with their other cronies and we cannot stop it. And now, this massive breach? Nice how the Equiflunkie bigzwigs manages to cash out stock before the breach news broke. The rich criminal executives just get richer at our expense.
27
Back to burying money in the back yard(Swiss franks and gold), and feeding the Cane Corso pack by hand alone..
These guys are salivating over the interest and late fees that will be generated by the hurricanes.
These guys are salivating over the interest and late fees that will be generated by the hurricanes.
7
The consumer experience on this is moving way faster than Irma. In case the investigative work continues, here's my experience: When I checked my name and last 6 digits of SS#, I got a message that my data was not involved. My husband got the opposite. I signed up for all 4 credit holds anyway...all were free. Signing up for the "free" 1-year TrustID was a one-click step (which means my personal details were transferred from Equifax to TrustID without any check box with terms to accept).
As for the larger story, there is SO much wrong going on here...insider trading being on the top of my list (breach happens, bigwigs sell stock, THEN little guy informed). Or the perfect example of how we NEED regulation and we NEED enforcement. How do we incite change? I'm going to send this article to my legislators. What else can I do? I'd like all articles to end with that advice, too.
As for the larger story, there is SO much wrong going on here...insider trading being on the top of my list (breach happens, bigwigs sell stock, THEN little guy informed). Or the perfect example of how we NEED regulation and we NEED enforcement. How do we incite change? I'm going to send this article to my legislators. What else can I do? I'd like all articles to end with that advice, too.
18
Let's get Elizabeth Warren on the case. One of the best things that happened to consumers was the Federal Consumer Protection Agency. And she was responsible for this.
And while we are at it, we ought to jam the phone lines at the White House, the Congressional and Senatorial offices and our State Attorneys General offices
This could end up being the worst financial disaster that has hit ordinary people.
And it was discovered way before now. Close Equifax down.
And while we are at it, we ought to jam the phone lines at the White House, the Congressional and Senatorial offices and our State Attorneys General offices
This could end up being the worst financial disaster that has hit ordinary people.
And it was discovered way before now. Close Equifax down.
5
When I clicked the Times' link to Equifax's security page, my anti-virus program gave me a message that malware had been detected on that site, and the threat to my computer had been contained. How reassuring!
10
This comment is so spot on in its simplicity that I have to repost it. Try sending it to your representatives and senators.
Easy solution: require ALL three credit companies to freeze All information and only release it when told to by the owner of the information,I.e. The consumer - you!!!
https://www.nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-in...
Easy solution: require ALL three credit companies to freeze All information and only release it when told to by the owner of the information,I.e. The consumer - you!!!
https://www.nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-in...
27
Any chance a class action suit has already been filed? If you know of one, please post the link.
9
Tried to post a link for you--apparently it was edited out. Roy Barnes (former governor of GA) and others have started a class action lawsuit. There is an article in the Atlanta Journal (just google Roy Barnes Equifax).
1
http://www.ajc.com/business/former-gov-roy-barnes-others-file-equifax-da...
Makes sense because it is based in Atlanta.
Makes sense because it is based in Atlanta.
1
While average Americans watch the 'media/propaganda' sector of the Empire's center-ring circus about the catastrophe of Irma, the long-term financial impact of Hurricane Equifax will likely overwhelm those of Irma.
The unreported 'negative externality costs' dumped on America and 'we the American people' by this disguised global capitalist Empire's malfeasance will not just be a 'storm surge' but a tsunami.
The unreported 'negative externality costs' dumped on America and 'we the American people' by this disguised global capitalist Empire's malfeasance will not just be a 'storm surge' but a tsunami.
5
So I followed the link in this article and requested fraud monitoring from Equifax, which lasts only 90 days. Then I read Farhad Manjoo's column on the breach and found out that, in clicking through for the fraud monitoring, I have waived my rights to sue Equifax regarding the breach. Maybe Ron Lieber want's to mention that fact before he advocates readers to request a fraud alert?
12
This gotta to be a type of Disaster Capitalism where you let it happen or actually engineer one
4
As stated, the only job of the executives and the board of this company was to protect our data. Clearly they failed. Appropriate consequences such as resignation of the CEO and certain Board members would be in order.
Unfortunately the probability of this happening is low. They will simply say "I'm sorry" and go on collecting their seven figure income's until such a time they're able to execute their retirement funds. So much where the concept of performance based leadership!! LOL!!
Unfortunately the probability of this happening is low. They will simply say "I'm sorry" and go on collecting their seven figure income's until such a time they're able to execute their retirement funds. So much where the concept of performance based leadership!! LOL!!
11
In reality, the only job of the executives and the board of this company was to protect their profits, minimise their responsibility and costs and sell as many of their shares before announcing the data breach so they could not lose their money from the subsequent share price plunge.
In all of these, they excelled at their jobs admirably! They didn't fail and their performance has been brilliant!
What more do you expect? Justice? Fairness? Responsibility? Moral Integrity?
How are those profit burners supposed to help their fulfillment of the Great American Business Sucess Model?
In all of these, they excelled at their jobs admirably! They didn't fail and their performance has been brilliant!
What more do you expect? Justice? Fairness? Responsibility? Moral Integrity?
How are those profit burners supposed to help their fulfillment of the Great American Business Sucess Model?
7
Hey lawyers,
Where do I sign up for the class-action lawsuit that will bring them to the table and put them completely under?
Where do I sign up for the class-action lawsuit that will bring them to the table and put them completely under?
13
You and the other 143 Million victims are probably limited to one on one Arbitration knowing American Business Behaviour, Scams and hidden T&C caveats...
1
The following appears on https://www.innovis.com/personal/lc_securityFreeze:
"Is there a cost to me?
There is no charge for the addition, temporary lift, or removal of a Security Freeze."
So why does the NYTimes article say "You can thaw your freeze every time you want to apply for new credit by using a personal identification number that the companies give you, which you absolutely should not lose. This costs a few more dollars."
"Is there a cost to me?
There is no charge for the addition, temporary lift, or removal of a Security Freeze."
So why does the NYTimes article say "You can thaw your freeze every time you want to apply for new credit by using a personal identification number that the companies give you, which you absolutely should not lose. This costs a few more dollars."
4
There is one really bad piece of advice in this article. Do not go to their website and put in your last name and the last six digits of your SS number. If you do that, you have essentially compromised your security further. If your data had not been hacked, it is easier now. There are only a maximum of 1000 numbers I have to go through to figure out your SS number now.
7
Ron Lieber's article is satisfying as a rant, worthless as advice. Everything he advises costs money or involves yet more passwords, and nothing he suggests can't easily be worked around by someone determined to do so. Very poor job.
1
Years ago someone started trying to use my good credit rating to get credit cards. I discovered it when Visa didn't send a bill for a few months, and I phoned them. They said I had moved to a P.O.Box in another borough. I called the 3 credit agencies, and their solution was that any application for a c.c. in my name had to be first cleared by them phoning my home number, which they were willing to do for one year.
4
Do you think that President Trump's info was stolen? How about Mitch McConnell, Paul Ryan, Ted Cruz, Chuck Schumer etc?
I doubt it very much, because they are special and their data must be actually secure.
I doubt it very much, because they are special and their data must be actually secure.
10
Finally, an investigation fit for James Comey.
5
I smell a huge class-action suit coming
4
What about CIA and other Intelligence Agencies who knew Kaspersky Lab was a
Russian Govt. operated organization. They saw fit to stay quiet and let Kaspersky
sell their so called protection to millions of Americans.
Think our elected officials will take these agencies to task for acts of high treason or will they keep throwing cash at them whenever it is demanded.
Russian Govt. operated organization. They saw fit to stay quiet and let Kaspersky
sell their so called protection to millions of Americans.
Think our elected officials will take these agencies to task for acts of high treason or will they keep throwing cash at them whenever it is demanded.
5
I tried to get an online Equifax report just now. Twice. Then after making me jump through hoops for 18 minutes, they alert me Online Delivery Unavailable. But I can download a long form, make copies of my IDs (pay stubs, SS#, drivers license) and pop them in the mail to a PO box in Atlanta and wait ... this is a joke. Also .. how am I supposed to remember what account I "may have" opened in 2009? That was one of several security Qs before I could secure a report that was not even available!
8
If you are a citizen who is too lazy to vote, or a citizen who continues to vote for the corrupt corporate owned Republican Congress that made this whole crooked system possible, I blame YOU.
16
What makes These three companies the depository of this information.
One hates to think of socialism but at sometime our information is such a thing that its protection seems to become a national interest. I guess I am among those that thinks the company ought to be sued out of existence. Along with executives wealth whom may have not done what may have. OH boy another Congressional Investigation.
One hates to think of socialism but at sometime our information is such a thing that its protection seems to become a national interest. I guess I am among those that thinks the company ought to be sued out of existence. Along with executives wealth whom may have not done what may have. OH boy another Congressional Investigation.
4
At 8:10 AM PDT I entered a random name and random six digit number, and was told that my information was possibly impacted. Then directed to their TrustedID site for credit monitoring for one year.
What a total failure the data breach was, and what a scam Equifax has created to make money off of their own failure.
What a total failure the data breach was, and what a scam Equifax has created to make money off of their own failure.
3
I went to the Trans Union webpage to put a fraud alert. I had to register, which I did. When I went to login, their system gave me a different security question than I chose. I couldn't get it to reconsider, and after a few tries, it froze me out. When I got a human on the line, in another country, he said that a) their systems were processing the information incorrectly and b) to call back tomorrow on a different phone number than the one listed on the webpage...I told him I'd call my Congressman instead. What a sick joke on individuals. I never contracted with these clowns, they are clearly over their heads, and yet I'll be on the hook when the inevitable fraud occurs.
6
Elect Bernie, Elizabeth Warren and like minded Reps to congress.
8
Any public statements or bogus apologies from the CEO, or even the PR people?
We're sorry if you feel inconvenienced by this unavoidable error?
We're sorry if you feel inconvenienced by this unavoidable error?
2
No, but they sold their shares before going public with the breach
4
They are interviewing Martin Shkreli for the job of Vice President for Public Relations and Customer Service.
4
Easy solution. Stop using information that doesn't change for authentication purposes.
All private data stolen would immediately become useless to commit fraud.
There is still a matter of privacy loss but that could be greatly diminished if private information is not collected when it is not necessary.
All private data stolen would immediately become useless to commit fraud.
There is still a matter of privacy loss but that could be greatly diminished if private information is not collected when it is not necessary.
1
Experian appears to be refusing all online requests for credit freezes.
I'm not alone, a friend of mine is reporting the same thing. I tried to call, but the support line must be overwhelmed, because my multiple attempts failed - no one picked up. Is anyone else having the same problem with Experian?
I'm not alone, a friend of mine is reporting the same thing. I tried to call, but the support line must be overwhelmed, because my multiple attempts failed - no one picked up. Is anyone else having the same problem with Experian?
1
Yes, I am being told that I have to write them with all pertinent identification information and include a copy of a driver's license or state ID card, even though the web page describing my state rights says I can apply online. Equifax, TransUnion and Innovis all went through. Experian has decided to play hardball - little do they know this consumer is determined and is composing the letter now.
1
Equifax needs to lose its contract for this. They are charged with monitoring our information--nothing voluntary on our part--and they lose their information to thieves. Thats it. Contract over.
5
Hello Democrats!
Hello Bernie, Elizabeth, Chuck and Nancy.
Here's an organizing issue to address the outrage of tens of millions of Americans.
Come up with a simple to grasp plan that kicks these credit bureaus and takes our side and run with it.
Make yourself the party of useful solutions to the everyday issues Americans face.
The "Fix-it" party should be the motto.
Go after these Equifax crooks and their Republican enablers.
Hello Bernie, Elizabeth, Chuck and Nancy.
Here's an organizing issue to address the outrage of tens of millions of Americans.
Come up with a simple to grasp plan that kicks these credit bureaus and takes our side and run with it.
Make yourself the party of useful solutions to the everyday issues Americans face.
The "Fix-it" party should be the motto.
Go after these Equifax crooks and their Republican enablers.
12
Once you freeze your credit, "the bureaus are not supposed to release your information..." Oh, whew, that makes me feel SO much better. Because we all know "not supposed to" means "absolutely won't," right? And this in an age where "customer service" has devolved to "We regret your inconvenience [just not enough not to charge extraneous fees for any effort to assuage it; because even though the inconvenience is entirely our fault, you don't think we're going to take any responsibility for that, do you? What, do you think you're better than us?] and appreciate your patience."
About all you can really do is keep constant vigilance because, despite your best efforts to protect yourself, the hackers are always one step ahead and the companies don't really care since either way they make money. Better yet, cancel your credit cards altogether, go back to the glorious stone age when you paid bills by check (or even in person with cash whenever possible), and quit deluding yourself into believing that conducting business online constitutes progress.
About all you can really do is keep constant vigilance because, despite your best efforts to protect yourself, the hackers are always one step ahead and the companies don't really care since either way they make money. Better yet, cancel your credit cards altogether, go back to the glorious stone age when you paid bills by check (or even in person with cash whenever possible), and quit deluding yourself into believing that conducting business online constitutes progress.
3
I fully intend to sue Experian for the cost of all the credit freezes in small claim's court.
5
It appears that we can place freezes at all three bureaus at no charge as of 9-10-17...
2
One thing people can do is stuff the email boxes and social media of our representatives in congress to demand that citizens be protected from scams such as Equifax. Do it until its very clear how important this is. If congress doesn't protect us from Equifax who will?
3
It seems reasonable that Equifax should at least pay for all of the credit freezes we've had to establish because of their lax security.
3
Seems like these credit companies will be out-of-business in the Future. This article highlights that there is room for improvement. New product on the Market that does a better job, for sure. Since the latest Wells Fargo problems, I'd say that this new product will not be associated with Banks.
4
I also heard that in the fine print, if you sign up for their monitoring program, you waive your legal rights to sue them in the future. So it is possible that they might not only make money from our misery, but immunize themselves from genuine legal challenge. Probably better to use a competitor's credit protection service whose interest would be more aligned with your own. Thank you.
4
is it possible that children's info was also compromised such that we should follow these steps for them, too? I hope the author will see this question! Since no one has asked Equifax to gather their data, I wonder how far they had gone in compiling records in kids.
2
And why are there three or four of these private entities amassing and trading on the stories of our financial lives, and then some? Three or four or more points of failure. This arena shouldn't be a wild west of competition. No profit should be involved.
Whatever it morphs into, after this (if ANY change does materialize, and yes, a rueful laugh followed), it should be treated like Fort Knox. A HIPAA-like form should regulate access to the data. An FDIC-like entity should ensure that security of our data deposits are as tight as current state of the art allows. Use big fines and jail time to impose compliance, or at least get the executives' attention. Biometrics, not SSNs, need to become part of the lock and key.
Whatever it morphs into, after this (if ANY change does materialize, and yes, a rueful laugh followed), it should be treated like Fort Knox. A HIPAA-like form should regulate access to the data. An FDIC-like entity should ensure that security of our data deposits are as tight as current state of the art allows. Use big fines and jail time to impose compliance, or at least get the executives' attention. Biometrics, not SSNs, need to become part of the lock and key.
4
If everyone put a freeze on their credit reports, then the finance/credit industry will have no use for Equifax and their peers?
4
As a former system and network administrator, the fact that Equifax has said they aren't going to contact those impacted directly by mail--standard industry practice under such circumstances--suggests one of two possibilities. Either the company is too cheap to hire temp staff to print, fold and mail form letters, or there is reason to believe the address data has been corrupted. The latter case suggests the situation may be much more dire than the company has admitted: not only did Equifax not have adequate security in place, but they don't even have a reliable backup of their database. This might also explain why their breach query site is asking for six digits of the SSN rather than the customary four.
6
I have a hard time paying for something that I don't feel should have been public to begin with. We need to examine this whole process and come up with a way to protect individuals.
8
This is a great article. I checked and Equifax believes my "personal information may have been impacted." I will be vigilant in taking action to keep my personal information safe.
My worry though, is all of the people who are not capable of doing so, the elderly, the mentally ill, less informed individuals, and the young whose personal information will forever be in the hands of criminals. Perhaps in addition to reining in the behemoth credit bureaus, the government should take action to educate and offer assistance to vulnerable populations regarding the risk to, not only their finances, but to their quality of life. A person's credit rating dictates the amount they will pay in interest for any major purchase. Those with a poor credit rating pay far more of their hard earned income for many of life's necessity including to borrow money, to get auto or home insurance, and to rent a home. This situation is potentially one more nail in the coffin of those already struggling financially.
My worry though, is all of the people who are not capable of doing so, the elderly, the mentally ill, less informed individuals, and the young whose personal information will forever be in the hands of criminals. Perhaps in addition to reining in the behemoth credit bureaus, the government should take action to educate and offer assistance to vulnerable populations regarding the risk to, not only their finances, but to their quality of life. A person's credit rating dictates the amount they will pay in interest for any major purchase. Those with a poor credit rating pay far more of their hard earned income for many of life's necessity including to borrow money, to get auto or home insurance, and to rent a home. This situation is potentially one more nail in the coffin of those already struggling financially.
7
Not sure if others are finding this, but Experian doesn't have the 'information' to do a freeze (they require it be in writing), but they do have the 'information' to give us the full credit report and the ability to inquire if we'd like a 'lock' for a monthly charge and for credit monitoring. We'll hold off for now, since that feels more like an upsell than a real gain. Transunion charged us $5 for the freeze, and Innovis was free for putting on a freeze.
I have always felt like the credit report business was biased. Their board of directors are loaded with financial industry types. I'll pass - this year, I'm paying off the few debts I have and will try to stick to cash. Enough.
1
The only problem with this approach is you need to prove to the silly mortgage industry that you can pay off debt. The only way to prove you can pay off debt is to have debt.
My husband and I had trouble qualifying for a mortgage because we didn't have enough 'debt payment history'. We, for the most part, only bought things we could pay for. What were we thinking...
My husband and I had trouble qualifying for a mortgage because we didn't have enough 'debt payment history'. We, for the most part, only bought things we could pay for. What were we thinking...
3
Equifax indicates that they have added 2000 call center agents and are in the process of adding more. Their call center is in Costa Rica. How did they train and provide computer/phone equipment for 2000 people in a day?
4
One evening about 8 months ago I used my credit card to purchase gas in New York. Within 30 Minutes I got a notification from the credit card company asking if asking me if I was in the state of Texas trying to charge a purchase on the same card I just used in N.Y.
My credit card was obviously compromised.
On the advice of the credit card company, I immediately canceled the card.
Within a couple of days just to be on the safe side, I asked Equifax for my
credit score which as a monthly subscriber I was entitled to at any time.
My credit check showed no indication of suspicious activity. However, my score, dropped 100 points from the mid 800's down to the mid 700's
After making many calls to Equifax, trying to get an explanation, somebody finally told me that following my bank's advice and having them cancel my credit card is what damaged my credit score.
Equifax said, whenever a bank cancels a customer's credit card, the customer's credit score takes a huge it!
I had my bank's customer service contact Equifax to explain (what I already explained) that IT WAS I who canceled the card, as per the bank's advice, out of necessity.
My score was not restored. As a result, I canceled my monthly Equifax subscription.
While this may or may not have anything to do with the Equifax hacking scandal, it certainly appears that safeguarding the valuable credit standing of their clients is not high on their list!
My credit card was obviously compromised.
On the advice of the credit card company, I immediately canceled the card.
Within a couple of days just to be on the safe side, I asked Equifax for my
credit score which as a monthly subscriber I was entitled to at any time.
My credit check showed no indication of suspicious activity. However, my score, dropped 100 points from the mid 800's down to the mid 700's
After making many calls to Equifax, trying to get an explanation, somebody finally told me that following my bank's advice and having them cancel my credit card is what damaged my credit score.
Equifax said, whenever a bank cancels a customer's credit card, the customer's credit score takes a huge it!
I had my bank's customer service contact Equifax to explain (what I already explained) that IT WAS I who canceled the card, as per the bank's advice, out of necessity.
My score was not restored. As a result, I canceled my monthly Equifax subscription.
While this may or may not have anything to do with the Equifax hacking scandal, it certainly appears that safeguarding the valuable credit standing of their clients is not high on their list!
12
Maybe this event will finally prove that these companies have too much power, too much information, too much freedom. They should be regulated (preferably out of existence).
3
Maybe it's back to cash and checkbooks. I'm not so sure the internet is going to be up in a few years, anyway, or at least not in a usable state. I am in despair that the international community will ever get it together to really enforce anti hacking laws.
4
Why is the victim of identity fraud liable for losses to which he is a third party? If the burden was owned by the private sector, perhaps the free market would address the problem after all.
2
Because corporations have the rights that humans have--with far more cash to influence our electeds. Thanks, SCOTUS and Citizens United!
3
Don't be surprised to find Russians or Chinese government agents involved in this. It is an existential threat to the American capitalist way of life, as much or more so than hacking the election. Virtual money is the fuel that turns the wheels of the economy, and it is compromised. We can no longer trust the systems that we rely on to pay our mortgages and buy our groceries.
Social philosophers such as Jared Diamond have predicted that our support systems are overly complicated, and subject to potentially catastrophic failures (read "Collapse"). I don't think he even thought about intentional acts such as this. If those thieves want to destroy our economy, all they have to do is post that information on Wikileaks, and that's it. Game over.
Social philosophers such as Jared Diamond have predicted that our support systems are overly complicated, and subject to potentially catastrophic failures (read "Collapse"). I don't think he even thought about intentional acts such as this. If those thieves want to destroy our economy, all they have to do is post that information on Wikileaks, and that's it. Game over.
5
same thing happened with me after my credit and other information were hacked during target security breach. target offered me a 2 year credit protection through experian which is expiring soon and now experian is soliciting me to continue for almost 15$ per month.
equifax is offering us only one year protection with a clause for arbitration.
this hack caused more serious problem as data related to your entire credit history, addresses, phones, employment history, SSN etc. are stolen. think about it, after one year either you choose to remain vulnerable or become a cash cow for these companies.
they should offer life time data protection to all affected including credit freeze. it should be part of any class action settlement.
equifax is offering us only one year protection with a clause for arbitration.
this hack caused more serious problem as data related to your entire credit history, addresses, phones, employment history, SSN etc. are stolen. think about it, after one year either you choose to remain vulnerable or become a cash cow for these companies.
they should offer life time data protection to all affected including credit freeze. it should be part of any class action settlement.
4
A friend entered phony information into the webpage that Equifax has set up for people to determine if their files have been compromised. Lo and behold, she was told that "hers" had been. There's a high level of confidence for you.
When I put a freeze on my accounts on all three credit reporting bureaus, Equifax requested the least amount of information for enacting it; it was cursory compared with the other two, which had lengthy processes before putting them in place.
Even now, Equifax has flimsy security and questionable verification practices. I guess that after dumping their stock its executives are asleep at the switch.
When I put a freeze on my accounts on all three credit reporting bureaus, Equifax requested the least amount of information for enacting it; it was cursory compared with the other two, which had lengthy processes before putting them in place.
Even now, Equifax has flimsy security and questionable verification practices. I guess that after dumping their stock its executives are asleep at the switch.
71
Innovis did even less of a check before allowing me to freeze my report--SS#, DOB and address. The other three at least did a fact check for prior employers, mortgage payments, etc. You can also have the IRS give you an individual PIN number every year if you believe you may been compromised (as I am sure we all have been). No one can collect your tax refund without it. Thanks for the practical advice, NYT!
1
They clearly have no grasp of what was taken.
2
Haven't you noticed that it is much easier to open a credit account (and have these companies report your credit score) than it is to get your own information from these companies? There are always multiple levels of security/questions you have to answer to get your own credit score. But for you or a thief to open an account in your name, you never have to provide any identifying information
27
Equifax says they are "currently unavailable to service your request" if you try to place a security freeze online. The other two cost me half an hour of time and $40.66 to freeze accounts for myself and my wife. What a scam!
26
I had no problem with any of the three, and it was free. Don't know why you had to pay. It did take a while, but a lot less than fixing things after a problem occurs.
Don't know why you had so much trouble. I froze my info at all three bureaus and it didn't cost me anything. It did take a while (you need to create PINs and PWs) but I'm sure it took much less time than it would to correct an identity theft problem after it happens.
I was able to freeze on all three without charge. Transunion was the worst; you have to find http://freeze.transunion.com to do it.
Given what has happened here, it is just me, or does Equifax need to be forced to go out of business ASAP? Shouldn't the government or the justice system be going after a company that is such a travesty of what it *claims* to be?
Equifax is no better than a mob-run scheme: we got your info without your permission, we resold it for profit, we didn't bother protecting your info, at least 3 of our executives showed our zero-morality stance by engaging in insider trading when they found out what had happened, and now we'd like you to pay us (and to continue to pay us forever) to "secure" your information which we have no right to have, and which we have proven that we CANNOT secure.
Taken all together, that's not a corporation, it's a shake-down - Equifax wants us to pay them "protection money" - except they've already shown they can't, won't, and likely don't even *care* about protecting ANYTHING but their own bank balance.
If this is not a crime, what is it??
Equifax is no better than a mob-run scheme: we got your info without your permission, we resold it for profit, we didn't bother protecting your info, at least 3 of our executives showed our zero-morality stance by engaging in insider trading when they found out what had happened, and now we'd like you to pay us (and to continue to pay us forever) to "secure" your information which we have no right to have, and which we have proven that we CANNOT secure.
Taken all together, that's not a corporation, it's a shake-down - Equifax wants us to pay them "protection money" - except they've already shown they can't, won't, and likely don't even *care* about protecting ANYTHING but their own bank balance.
If this is not a crime, what is it??
128
Equifax and the other credit agencies are nothing but organized crime organizations extorting their unwilling victims - We The People.
The Equifax officers who kept the breach quiet while they sold their stock should be arrested and charged with financial fraud, RICO violations, conspiracy, etc.
It's long past time for these white collar crime bosses to be treated as the criminals they are - and sent to prison for long sentences plus hefty fines. Make the punishment fit the crime - and the likely lifelong impact on the victims. Then liquidate these companies and use the funds to compensate the victims.
Meantime, the despicable con man in the White House and his GOP co-conspirators are busy dismantling all regulations and the Consumer Financial Protection Bureau.
This is a disaster on the scale of Hurricane Harvey - perhaps even greater, since it affects the entire nation and just about everyone who has a credit report - which is just about every U.S. citizen and legal resident - for years to come, possibly for the rest of our lives.
And now Equifax and the other big credit agencies stand to make even more profit from their crimes, by charging us for "credit protection" and credit freezes - in other words, extortion!
Oh, and don't bother to attempt changing your Social Security number - as
commenter Tupaia G reports here, the Social Security Administration uses Equifax for "identity verification."
My disgust and fury at all of this is beyond words.
The Equifax officers who kept the breach quiet while they sold their stock should be arrested and charged with financial fraud, RICO violations, conspiracy, etc.
It's long past time for these white collar crime bosses to be treated as the criminals they are - and sent to prison for long sentences plus hefty fines. Make the punishment fit the crime - and the likely lifelong impact on the victims. Then liquidate these companies and use the funds to compensate the victims.
Meantime, the despicable con man in the White House and his GOP co-conspirators are busy dismantling all regulations and the Consumer Financial Protection Bureau.
This is a disaster on the scale of Hurricane Harvey - perhaps even greater, since it affects the entire nation and just about everyone who has a credit report - which is just about every U.S. citizen and legal resident - for years to come, possibly for the rest of our lives.
And now Equifax and the other big credit agencies stand to make even more profit from their crimes, by charging us for "credit protection" and credit freezes - in other words, extortion!
Oh, and don't bother to attempt changing your Social Security number - as
commenter Tupaia G reports here, the Social Security Administration uses Equifax for "identity verification."
My disgust and fury at all of this is beyond words.
56
Just an FYI for everyone; if you sign up for the free service equifax is offering then you cannot partake in any class action lawsuit.
19
Equifax claims this is not true. Obviously, no one should take their word for it. Sad (and difficult) as it may be, people need to read the language in the agreement you will be asked to sign on to BEFORE you accept.
This is not completely true, and does not apply to the data breach. It's a stock binding arbitration clause for complaints about the credit monitoring service. I am not a lawyer, but I am dubious about how enforceable "forced agreements to relinquish your rights to legal remedies" ... especially in a scenario of alleged gross negligence as this. See http://www.snopes.com/equifax-credit-monitoring-class-action/.
FYI: A.G. Eric Schneiderman took action against Equifax to eliminate this provision from their terms and conditions.
Easy solution: require ALL three credit companies to freeze All information and only release it when told to by the owner of the information,I.e. The consumer - you!!!
41
And how do they confirm that it is really you?
Interestingly if everyone put a freeze on their credit reports it would dramatically crimp the profits of these unsavvory companies.
I just put freezes on all four credit rating agencies. Easy and now I can relax knowing that not only did I protect myself, I am sticking it to "the man"
I just put freezes on all four credit rating agencies. Easy and now I can relax knowing that not only did I protect myself, I am sticking it to "the man"
7
The Management of Equifax could be replaced by wild Monkeys and the Consumer would see an improvement with customer service !
How does a Company such as this gain access and the responsibility that goes with being one of the major big three Credit reporting companies ?
I've had a paid subscription to this group for over six years, hoping that or my staying on top of things would help me get back to where I was before the 2008 housing crash.
Nope, in fact I believe it's done the complete opposite, they make money off of me in my attempts in correcting a problem why would they want my problem fixed, so I'd leave as a customer ?
Check out their ratings on the Better Business Bureau Website.
No other company in the U.S. has the number of complaints as they do yet they still manage to have a B rating with them ?
It's a Scam if ever there were one !!
Chuck J
How does a Company such as this gain access and the responsibility that goes with being one of the major big three Credit reporting companies ?
I've had a paid subscription to this group for over six years, hoping that or my staying on top of things would help me get back to where I was before the 2008 housing crash.
Nope, in fact I believe it's done the complete opposite, they make money off of me in my attempts in correcting a problem why would they want my problem fixed, so I'd leave as a customer ?
Check out their ratings on the Better Business Bureau Website.
No other company in the U.S. has the number of complaints as they do yet they still manage to have a B rating with them ?
It's a Scam if ever there were one !!
Chuck J
17
I think we should all publish our SSN, DOB and mother's maiden names on a public website to force the government to act, force banks to change their approval procedures and force credit reporting agencies out of business.
8
If you want to be further *horrified*, consider the privacy policy of TrustedID, the company Equifax is recommending you give all your personal information to: https://www.trustedid.com/premier/privacy-policy.php
TrustedID can:
1) "Transfer" your personal information to "one or more third parties" if they engage in "a sale or transfer of assets". As your personal information is an asset, the sale of that information by TrustedID would apparently not violate its privacy policy. If they go bankrupt? They can sell your information to the highest (Chinese? Russian?) bidder.
2) "Disclose" your personal information to *anyone* to "enforce or apply" "other agreements". If TrustedID enters into an agreement to co-brand a cereal box with General Mills, your ss# could be thrown in as a surprise gift in a box of Cocoa Puffs, and it would be fine by their privacy policy.
3) "Disclose" your personal information to *anyone* to the extent "permissible under applicable law". And as the law places almost no restrictions, good luck and Godspeed to you.
The one guy or gal who may not have access to the information? YOU. TrustedID says that it "may allow" you to access it.
TrustedID can:
1) "Transfer" your personal information to "one or more third parties" if they engage in "a sale or transfer of assets". As your personal information is an asset, the sale of that information by TrustedID would apparently not violate its privacy policy. If they go bankrupt? They can sell your information to the highest (Chinese? Russian?) bidder.
2) "Disclose" your personal information to *anyone* to "enforce or apply" "other agreements". If TrustedID enters into an agreement to co-brand a cereal box with General Mills, your ss# could be thrown in as a surprise gift in a box of Cocoa Puffs, and it would be fine by their privacy policy.
3) "Disclose" your personal information to *anyone* to the extent "permissible under applicable law". And as the law places almost no restrictions, good luck and Godspeed to you.
The one guy or gal who may not have access to the information? YOU. TrustedID says that it "may allow" you to access it.
29
Citizens and need published here specific names and all current contact data for the top twenty Equifax executives. Otherwise MSM keep referring to Equifax as an entity without personally responsible individuals in charge of every aspect of this company's transactions.
11
I agree. I am getting tired of reading about this crime without any indication that there are actual people who perpetrated it. With 143 million of us its victims, how about a couple of people who are actually responsible? I understand if they are afraid for their personal safety, and I am NOT suggesting vengeance. Just responsibility! Who is responsible?
1
Ummmm
Americans are proving that they are in essence very patient and forgiving.
Americans are proving that they are in essence very patient and forgiving.
4
Is it finally time to eliminate the simplicity of the 9 digit social security number? It's always easy to get someone's address and much of their background. In the US our entire financial life is premised on keeping those 9 digits from those who would use them for criminal gain all while using them ourselves for the necessities of modern American life.
It's time to figure out a new method to link our person to our financial life. It won't be a quick solution but it will need to be better and safer.
It's time to figure out a new method to link our person to our financial life. It won't be a quick solution but it will need to be better and safer.
10
Why couldn't we have retinal scanners/facial recognition instead of a ss#. These could work instead of passwords & pin#'s too. Wouldn't that be the way to go? Am I missing a downside to that? Rumor has it the iPhone 8 will have this ability. Now we just need a portable eye scanner to hook to computer and older iPhones & droids just like they have portable credit card scanners? It would make everything so much easier. Instead of a chip on your credit card etc. You'd have an eye scanned chip.
1
I am offended by a system that assesses my personal status as a citizen by a number assigned by a bank. Maybe we should rethink how our society is organized.
5
Such a typical problem that only America could create because Credit Scores & Reports are so important and part of the "Have their Cake and Eat it" corporate capitalist money making, money taking, schemes, rorts and profit centers that American capitalism feeds off to make more and keep you poor.
I am 57 years old and when I was working overseas in 1991 American Express I had been a member since 1988 allowed me to put a charge of US$120,000 to move my entire Household by ship to my Home Country on my $65 a year Amex Green Card, no questions asked even though the largest charge on the card prior to that was less than $10,000 EVER. I borrowed $300,000 from a bank in 1992 and took out a 30 year Mortgage on our first house and just shgowed them my salary and that was fine. Bought a car, spent $40,000 with a card on a luxury Cruise, took out a $650,000 Mortgage in 2002...bought $600,000 shares....Blah blah blah...
What's a credit score? What's a Credit report? Do I need one of those? For What?
Oh...Right...! I have never had a credit Card and always paid what I owed when payment due....Not that I waited 30 years to finally pay of either mortgage...too much interest! First Mortgage was paid off in 5 years and second one in 3 years...Banks hated me. I fully owned our 2.5 Million dollar house 15 years ago..
I am not rich, just prudent.and wise to the tricks banks use.
2 years ago, I got my first Credit Card, no limit, no questions, and I pay the
balance owed when due.
I am 57 years old and when I was working overseas in 1991 American Express I had been a member since 1988 allowed me to put a charge of US$120,000 to move my entire Household by ship to my Home Country on my $65 a year Amex Green Card, no questions asked even though the largest charge on the card prior to that was less than $10,000 EVER. I borrowed $300,000 from a bank in 1992 and took out a 30 year Mortgage on our first house and just shgowed them my salary and that was fine. Bought a car, spent $40,000 with a card on a luxury Cruise, took out a $650,000 Mortgage in 2002...bought $600,000 shares....Blah blah blah...
What's a credit score? What's a Credit report? Do I need one of those? For What?
Oh...Right...! I have never had a credit Card and always paid what I owed when payment due....Not that I waited 30 years to finally pay of either mortgage...too much interest! First Mortgage was paid off in 5 years and second one in 3 years...Banks hated me. I fully owned our 2.5 Million dollar house 15 years ago..
I am not rich, just prudent.and wise to the tricks banks use.
2 years ago, I got my first Credit Card, no limit, no questions, and I pay the
balance owed when due.
6
30 years ago, I could make a phone call to the bank I did business with and when I requested a loan, they would walk over the check with the papers to sign and return. Recently I applied to recast a home equity loan almost at its term and have been held hostage for a month filling out paperwork. Mind you, this bank has exclusively held my business and personal accounts for the past 20 years.
I applied for Kohl's credit card last week. I received the following letter from them:"Dear...Thank you for your recent application. we are unable to approve you request at this time for the following reason: Your credit bureau report indicates you are deceased."
So much for public trust . The credit report was through Trans Union. No way to phone Trans union. Interestingly, their website was "down" and so was equifaxes website when I tried to inquire about this, and request they resurrect me from the dead. These credit reporting agencies have way too much power over our lives (and declaring us dead while still alive).
So much for public trust . The credit report was through Trans Union. No way to phone Trans union. Interestingly, their website was "down" and so was equifaxes website when I tried to inquire about this, and request they resurrect me from the dead. These credit reporting agencies have way too much power over our lives (and declaring us dead while still alive).
8
There is no perfect company, country, or person. Information will never be really secure as long as we share them with anyone that could use them or lose them, including yourself. There is too much information and things can get lost easily. We use the same or similar passwords for every new social media accounts and everything else online. The company lost to the hackers' attack just like anyone can forget their passwords. Any company is made of people, and not perfect people. Hackers just happened to be better at hacking than Equifax was at protecting their info. To make sure no one will apply for credit in your name, just live a credit free life or destroy your credit. America is obsessed with credit and buying a house you can't afford. Equifax is a company, why does it have to provide free service even for a year? It should just pay class suit action settlement for everyone that may suffer from stolen information. It's like asking NYT to provide free news forever since Trump won the election. Any business will close if they have to keep providing free service. It would be wonderful if other, better companies emerged from the mess. But little or no competition and bad technology budget will cause more security breaches in the future anyways.
2
The forms proposed by all three agencies are valid only for residents of the U.S.
Please keep following up on this story. These credit reporting agencies have no business being in business if they cannot do the simplest things right.
I was able to put a freeze on both my husband's and my credit report at Experian via an automated telephone system in under five minutes.
I went through an almost five minute spiel in Equifax's automated system, only to be told to call back between 9 and 5 or use the online system. When I went to the online system, my request could not be processed. Twice.
TransUnion processed my request by automated phone system, then rejected my husband's -- twice -- because "our offices are now closed."
They should be forced to pay everyone for the time and annoyance and worry they have created by their cavalier approach to our financial security.
If 1.43 million people call both their senators and their congressmen this week, we might get something done. Maybe mention repeated and annoying robocalls as long as you have them on the phone.
I was able to put a freeze on both my husband's and my credit report at Experian via an automated telephone system in under five minutes.
I went through an almost five minute spiel in Equifax's automated system, only to be told to call back between 9 and 5 or use the online system. When I went to the online system, my request could not be processed. Twice.
TransUnion processed my request by automated phone system, then rejected my husband's -- twice -- because "our offices are now closed."
They should be forced to pay everyone for the time and annoyance and worry they have created by their cavalier approach to our financial security.
If 1.43 million people call both their senators and their congressmen this week, we might get something done. Maybe mention repeated and annoying robocalls as long as you have them on the phone.
12
Well, what do you think is going to happen when roughly 140 million people try to phone and/or use the website? Maybe wait a few days LOL!
Congress? What fantasy world are you living in?
1
There is no need to try to see if your information has been stolen. There are about 167 million people with a credit card in the US. That means at least 80% of all CC holders have had their identity permanently compromised. Do you think the people responsible will pay for the damages caused to all of us? I don't. The Republicans are hard at work making sure that will never happen. If I were Elizabeth Warren, I'd get a bodyguard.
6
Interested to see if and how the "real" customers of Equifax (The Financial Industry) will react to this fundamental FAILURE. Ideally smart, end consumer focused Equifax customers will publicly denounce and cut all business relationships. However, I realize we don't live an ideal world......
I want a Congressional investigation, a truly top to bottom one, backed up by the federal law enforcement apparatus. Someone has to pay for this and it shouldn't be us customers.
12
To all the people infuriated by these companies, just remember the Republicans are in the process of repealing the one tiny bit of protection against them the CFPB was trying to implement.
24
I somehow knew that Equifax was going to figure out a way to profit from their mistake. Their business practices have always been sketchy. They never correct errors in their system, and now you can bet that their "free" credit monitoring service carries a "renewal" that few will remember after a year, and Equifax will conveniently forget to remind subscribers. It is a potential scam.
8
143 million compromised accounts translates to most of US adult population with credit profiles, I'd think. Equifax website advising customers on whether or not their account is compromised as well as press reports on glitches in that website are both unnecessary!
1
The Consumer Financial Protection Bureau should be expanded to take on this problem and the future of widespread hacking of financial data. Many people will make less money, however, which is why the bureau is currently at risk.
3
Congress needs to deal with this mess now. Surely there are Senators and Representatives who have also had their identities compromised and would have a personal interest in getting much-needed credit reporting regulation through Congress as soon as possible.
2
It is finally time to take these companies down and prevent them from selling our personal data for any reason, and to make all of their monitoring and protection services absolutely free! It is an outrage that out personal data is an unprotected asset that they own, which violates our privacy, yet is not accessible to us without our having to pay them to give it to us. This is legalized corruption at its worst.
13
When I was in college, campus police lent engravers to students so we could put on social security numbers on anything that might be lost or stolen, They said to put our entire number on our bikes. I engraved my social security number on my screwdrivers, because other people borrowed them, and on the top of my tool chest.
3
Two factor authentication (2FA) should be required everywhere, using a separate device with its own protection (that is, Google Auth, not SMS).
I spoke about 2FA to my two, regular institutions. One offers a dongle that has to be used every time I want access. The other had their own proprietary system. I don't want to have to learn a separate system for every institution. GA works fine. Both institutions' representatives listened politely to my point-of-view, and I knew the conversation had ended right there.
What kind of institutions 1) don't insist on 2FA (or a clear and unambiguous waiver for stupid people) 2) don't adopt the industry standard (GA) for the purpose?
It's one thing to be ignorant, it's another to continue ignorantly when you've been shown better.
I spoke about 2FA to my two, regular institutions. One offers a dongle that has to be used every time I want access. The other had their own proprietary system. I don't want to have to learn a separate system for every institution. GA works fine. Both institutions' representatives listened politely to my point-of-view, and I knew the conversation had ended right there.
What kind of institutions 1) don't insist on 2FA (or a clear and unambiguous waiver for stupid people) 2) don't adopt the industry standard (GA) for the purpose?
It's one thing to be ignorant, it's another to continue ignorantly when you've been shown better.
3
I think Equifax is waiving the $10 freeze fee. I just put a freeze on my account and didn't have to pay anything (and I've done this before and had to pay the $10, so it's not that I live in a state where freezes are required to be free).
3
Thank you very much for this information!
In the last ten minutes I froze my reports at all but one of these companies. The last required setting up an account first—which I seemed to have already done, long ago. But I can:t remember which tv show was my favorite then!
In the last ten minutes I froze my reports at all but one of these companies. The last required setting up an account first—which I seemed to have already done, long ago. But I can:t remember which tv show was my favorite then!
These agencies wield way too much say and power over us without being held accountable for this flagrant lack of oversight all I am sure to the benefit of THEIR bottom line. I know we have the wrong administration in place right now but they need to have their feet held to the fire to pay for this for all consumers. Beyond that all companies need to be held to a higher standard in protecting our cyber security. Make them pay dearly for lax security. Require full disclosure of breaches within a set time or suffer severe penalties. They are all too quick to brush things under the rug to avoid losing customers or litigation.
2
Equifax executives failed spectacularly in their duty (to customers as well as consumers) to protect their data. So how did those highly-compensated so-called "leaders" respond? Their first thought was to protect their own wealth by liquidating stock holdings before the failure became public. Unfortunately, they're probably correct in assuming regulators and prosecutors would hesitate to charge them with insider trading out of fear it would destabilize an essential industry.
Their next thought was to immunize themselves and their shareholders from the inevitable lawsuits by making their "generous" remedy to victimized consumers a poison pill: Signing up for "free" credit monitoring would carry the hidden price of signing away the right to sue Equifax. Fortunately, social media allowed astute consumers who discovered the sleazy subterfuge to expose and publicize it. That was enough to force the executives to abandon that ploy.
Their final thought was to limit the credit monitoring to a year, under the assumption that millions of people who otherwise would not have considered buying a "TrustedID Premier" will begin paying for it. In other words, they'll profit from their failure.
This is yet another example of how an unregulated "free market" can do incalculable damage to large numbers of people. What will it take for Congress to finally recognize that government is the only entity that can protect the public from these failures and hold executives accountable?
Their next thought was to immunize themselves and their shareholders from the inevitable lawsuits by making their "generous" remedy to victimized consumers a poison pill: Signing up for "free" credit monitoring would carry the hidden price of signing away the right to sue Equifax. Fortunately, social media allowed astute consumers who discovered the sleazy subterfuge to expose and publicize it. That was enough to force the executives to abandon that ploy.
Their final thought was to limit the credit monitoring to a year, under the assumption that millions of people who otherwise would not have considered buying a "TrustedID Premier" will begin paying for it. In other words, they'll profit from their failure.
This is yet another example of how an unregulated "free market" can do incalculable damage to large numbers of people. What will it take for Congress to finally recognize that government is the only entity that can protect the public from these failures and hold executives accountable?
6
You must understand that in this country, people are in function of business, not business in function of people. Since business have been forever a money source, dont expect government to side with people...
Totally ridiculous that Equifax did not take the highest security in protecting their information. What do we have a consumer protection agency for? They should be fined as they are putting everyone in financial identity jeopardy.
1
A simpler solution is to hold Equifax liable for any financial losses caused by this breach. They were ill equipped to safeguard our personal information which is what they profess to do. And I will wager there are Equifax systems people who knew they had risk of data breach but the costs to eliminate them didn't fit with their short term financial plan. What a disgrace.
5
This is what happens when giant, immensely powerful business enterprises are permitted to operate with zero accountability.
Regulation is often your friend. Those who reflexively vilify it for political gain are not. Who can stand alone as a "free individual" against Equifax and its ilk? Nobody: to even use the phrase is to demonstrate how ridiculous it is in contexts like these.
Regulation is often your friend. Those who reflexively vilify it for political gain are not. Who can stand alone as a "free individual" against Equifax and its ilk? Nobody: to even use the phrase is to demonstrate how ridiculous it is in contexts like these.
4
I'm very angry that my personal information was ever being held by this corporation in the first place. I didnt' authorize that. And I most certainly didn't authorize them to store it on a computer that is linked to the internet, and can thus be hacked.
We need laws that allow us to have our personal information removed from the files of any corporation we dont' want to do business with, including credit reporting agencies.
We need laws that allow us to have our personal information removed from the files of any corporation we dont' want to do business with, including credit reporting agencies.
5
Be aware that if you sign up for the Equifax credit monitoring, you have to accept the terms and conditions, which include your losing the right to join in a class-action lawsuit and your agreeing that any disputes with the company will be settled by an arbitrator. In other words, you are giving up significant legal recourse to have your credit history "protected" by people who couldn't protect your data in the first place.
I have never gotten enough money from a class action lawsuit to even buy a hamburger. They only make money for the legal firms that file them.
1
Ok, time for a quick quiz: How many customers were saved from this security breach because of a brilliantly chosen password? My guess is zero, and that the whole safe-password rap is almost a scam, because only a small proportion of consumers are affected by the quality of their passwords compared to the scads of consumers ripped off by technically sophisticated mass break-ins into insufficiently guarded companies.
Electronic security needs to be massively revamped, and not because of customers choosing weak passwords.
Electronic security needs to be massively revamped, and not because of customers choosing weak passwords.
4
We've all heard to absurd saying that "one person can't change the world". If one person at a time stopped paying their credit card and personal loan debt for just 60 days, we could send a clear message to Wall Street, the corporate world and our politicians that the debtors are in charge now, not the creditors or their enablers (EQUIFAX, TRANSUNION, EXPERIAN, and all the rating agencies to name a few). Just do it and see how good it makes you feel.
1
These companies need to be responsible for the security of our highly sensitive information. It seems Equifax was more concerned with limiting its own financial exposure than the well being of the people whose files they lost. I presume they provide a useful service to the market, but allowing irresponsible or careless handling without consequence rewards and perpetuates bad behavior. The industry needs to do its utmost to protect the public, and then bear all the costs for data breaches.
Also, our national security apparatus needs to be much more active in this space. People's very financial lives are at risk and a broader definition of national defense needs to be operative. Find these hackers, or at least where they reside, and escalate the efforts to bring them to justice. If they are state sponsored or in any way shielded from US law enforcement, make the responsible countries into international pariahs. If enough pressure is brought to bear, things will change.
Also, our national security apparatus needs to be much more active in this space. People's very financial lives are at risk and a broader definition of national defense needs to be operative. Find these hackers, or at least where they reside, and escalate the efforts to bring them to justice. If they are state sponsored or in any way shielded from US law enforcement, make the responsible countries into international pariahs. If enough pressure is brought to bear, things will change.
2
If companies had to pay the cost of their data breaches, a few companies would go bankrupt and then data breaches would become much more rare. It would also become more inconvenient to do many sorts of business, which would be the price for data security.
At present, what we get is that doing business transactions is easy, our data is not secure, and we can pay extra for more security and help in repairing the damages of a data breach. This gives rise to yet another growth industry where it is possible to make a fortune, but that would not exist if things were run properly and those who did not secure our data had to pay.
At present, what we get is that doing business transactions is easy, our data is not secure, and we can pay extra for more security and help in repairing the damages of a data breach. This gives rise to yet another growth industry where it is possible to make a fortune, but that would not exist if things were run properly and those who did not secure our data had to pay.
50
If capitalism worked, Equifax would go out of business. But they wont, which means that at this time and place, we do not have capitalism but rather a different system that is designed to look like capitalism but isnt, a system where businesses can weasel out of the bad things that should happen to them.
55
There's an awfully fine line between "capitalism isn't working to protect people" and "capitalism can't work to protect people." Just as the past 250 years have shown that "capitalism" is almost always "crony capitalism." One almost invariably leads to the other, without aggressive and continuing action by a power capable of protecting people. Strong government is the only way we've found to gain most of the often wonderful benefits of capitalism without catastrophic downsides most folks don't want to accept.
1
And in that respect, the Equifax data breach is like an oil spill. The bad actor gets off with a slap on the wrist, but the victims are left to deal with the consequences on their own and in perpetuity. Just another example of how our system privatizes profit and socializes risk.
6
As the saying goes, privatize the profits and socialize the costs.
3
I just checked, I was not affected but Equifax did take the time to try and sell me their service. Thanks, no thanks.
17
A freeze may be free.
Some states madate that the freeze be free for victims of identity theft. I think for many of us, that may be the case here, curtesy of Equifax.
Some states madate that the freeze be free for victims of identity theft. I think for many of us, that may be the case here, curtesy of Equifax.
19
Except that in order to save the $5 fee, you have to gather the documentation and mail it in. And now I wonder how long it's going to take them to reply to that mail.
Whether the freeze is free or not depends on where you live. Different states have different laws. If you are a victim of ID theft, it is free just about anywhere. If you are NOT a victim of ID theft, it varies: e.g. - no fee in NY, $3 in GA, $5 in MA, $7.50 in TN, $10 in VA. The TransUnion website has a chart setting out the rules for each state: https://www.transunion.com/credit-freeze/place-credit-freeze
1
Equifax should be liquidated and the proceeds used to compensate all of the victims of their data breach.
Also, it is being reported that several high level Equifax executives unloaded large quantities of Equifax company stock a few days after they discovered the breach
Also, it is being reported that several high level Equifax executives unloaded large quantities of Equifax company stock a few days after they discovered the breach
71
No way ??!
Although I've been dealing with them for years and it wouldn't suprise me in the least if it was something like you suggest.
Incompetent is only one of many adjectives I can think of to describe them.
Although I've been dealing with them for years and it wouldn't suprise me in the least if it was something like you suggest.
Incompetent is only one of many adjectives I can think of to describe them.
My thoughts exactly and the execs SHOULD GO TO JAIL.
1
This is beyond infuriating and I hope Equifax gets royally sued. They have some nerve asking customers to apply for security protection when they're the ones we need protecting from in the first place. I'm calling my senators and attorney general.
43
The simplest, most effective solution is to put a permanent freeze on release of your credit report at all three credit bureaus. Given its apparent weak internal controls, leave the Equifax freeze in place permanently; and release the other two bureaus from time-to-time as needed for credit approvals.
26
Agreed. This can easily be done by phone (I just placed all three). @Greg is right, most states mandate fee-free freezes to proven victims of identity theft. However, some states also have free placement of a freeze if you're age 65+, and a few other categories. Removing/replacing a freeze often requires a fee though, check your state regulations. You can find phone numbers for the credit bureaus here on the FTC site:
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
13
Why in the heck are there THREE agencies that I have to pay to have MY information frozen? There should be one single point of contact. One and done. Ridiculous.
59
Execs at all 3 are gloating at the prospects of their sudden windfall! Soon, we'll learn how much profit they earned this quarter and the projected profits in future. The Department of Justice and the state AG's must investigate their practices and prosecute Equifax.
1
One has to pay to freeze, thaw, then refreeze for credit while we aren't even told how our scores are calculated. And each credit reporting company has different standards. A farce and unacceptable for consumers.
And like our phone companies, we get spam/ telemarketers and we have to pay extra for blocking these scum bags yet we can be put on a No Call List that doesn't work. With all the technology there is today, these companies can't come up with better technology to protect us, the consumers?
And like our phone companies, we get spam/ telemarketers and we have to pay extra for blocking these scum bags yet we can be put on a No Call List that doesn't work. With all the technology there is today, these companies can't come up with better technology to protect us, the consumers?
47
So Experian will charge you $10 to do this. Equifax gives you a 500 page error. Good Lord.
10
For a corporation who processes such extremely sensitive confidential information to be hacked such that 153 million people's information is violated is simply criminal negligence. The incidence must be investigated thoroughly and if if found at fault the corporation and its executives must be prosecuted to the full extent of the law. There should be a regulatory agency that specifically monitors and test the security of corporations that hold such sensitive information. Such incidences cannot stand! This is as important as regulating the safety of food and drugs.
45
The best system we currently have for authenticating one's identity is the use of a security token (example: yubikey). To that end, there is a new open-source protocol - U2f - created by google, and supported by major players (Google, Facebook, Salesforce, GitHub, Dashlane, Dropbox, Chrome browser, etc.). This protocol should be used by and for basically everything. It should be the way to verify one's identity - both for logging into your email, and applying for credit. We're talking about plugging a physical "key" into a USB connection and tapping it. Applying for credit over the phone should not be allowed without supplementing identity authentication with U2f.
21
Meh. It's no big deal. China already has that data *and* my fingerprints courtesy of the OPM.
/sarcasm
/sarcasm
16
On the NewsHour yesterday, William Brangham said that in accepting Equifax's offer for 1 year of free credit monitoring, you are waiving your right to sue them - your case would go to mediation.
22
So what? As an individual, it would take years and a ton of money to sue them. And if you join a Class Action lawsuit, the lawyers get most of the money and you'll get $5 (literally). It's much better to do what's necessary to monitor your credit through the free Equifax offer. I suspect that the credit card companies will re-issue credit cards with new numbers like they did after the Target and other breaches that took place around the same time. Next year, Medicare is going to send out new cards that don't include social security numbers.
But everyone will still have to monitor to make sure that no one is opening credit in your name. Most people have a PIN for filing taxes, so most of those scams have gone away.
All of these big companies need to return to using value added networks, which is what everyone used before the web. The web is far too insecure. And they all need to adopt fingerprint or other biometric IDs whenever anyone tries to apply for credit.
It's amazing how many people in this world are completely corrupt.
But everyone will still have to monitor to make sure that no one is opening credit in your name. Most people have a PIN for filing taxes, so most of those scams have gone away.
All of these big companies need to return to using value added networks, which is what everyone used before the web. The web is far too insecure. And they all need to adopt fingerprint or other biometric IDs whenever anyone tries to apply for credit.
It's amazing how many people in this world are completely corrupt.
1
I have FREE ID care through the US Govt. after my information was breached over a year or more ago along with millions of other Americans. I wonder if that protects me in this current crisis.
8
It would not protect you from a hurricane. :)
1
There is no way I am going to accept paying Equifax to lock my credit. I plan to call the California Attorney General's office and inquire about remedies. Oh, and the senior executives who sold millions of shares before the bad news got released, are a couple of crooks and need to go to jail.
60
Yes - jail for Insider Trading is a serious crime. I think!
How did these people Equifax get my private information? There is no privacy in the USA. We are all potential prey in this white collar crime infested despicable country that undeservedly had once been respected. What a horrible place to live. As in Genesis, " Evil lurks at the door".
23
Part of the strategy to tank the economy so we have just one more crisis. If your credit gets compromised.......get out of debt and stop using credit. Maybe people will quit making $$$ on things like pet rocks.
6
This is another example of a private co doing whatever it wants to do with no government oversight. My state and federal Reps should be stepping in to make sure that Equifax offers free freezes to all names on the list, for lifetime if necessary. For this company to make money off of this situation is as bad as the jerks who are selling bottled water at $12.00 a bottle to hurricane victims. How sleazy! And Equifax is in charge and makes judgements about my market behavior. Shame on them!!!
32
John: So, how did we get in this fix.
Jane: Americans love to spend money they don't have.
John: Are you saying Americans need Equifax.
Jane: If they want to buy that new iPhone they do.
John: But wont somebody be able to steal my info.
Jane: Sure. But you could get caught in a hurricane too.
John: So, I should save and only buy what I can pay for.
Jane: If you want to make America Great Again.
John: You do know I read the NYT.
Jane: Of course, I do. It was just a joke. See you later.
Jane: Americans love to spend money they don't have.
John: Are you saying Americans need Equifax.
Jane: If they want to buy that new iPhone they do.
John: But wont somebody be able to steal my info.
Jane: Sure. But you could get caught in a hurricane too.
John: So, I should save and only buy what I can pay for.
Jane: If you want to make America Great Again.
John: You do know I read the NYT.
Jane: Of course, I do. It was just a joke. See you later.
1
That's not accurate. Equifax is not needed to buy an iPhone (or anything else). It might be needed to obtain a new credit card to buy an iPhone. All Equifax and the other credit agencies monitor is what credit you have, whether you pay your bills on time and your average monthly end balances.
Wow. So you didn't use credit to buy your house or car. You are much more fortunate and accomplished than the rest of us. Congratulations. I don't know about you, but I need a roof over my head and transportation to get to work. Unfortunately, where I live public transportation is not so good. If only I could be as morally virtuous, i.e., rich, as you—I wouldn't have to worry.
1
Own a house? I mean, one without wheels?
I have now frozen my big three credit reports. it will cost approximately $500 per year (but only because Equifax will be free for one year). this seems wrong. there should be a way to have secure credit reports and secure monitoring of credit reports. perhaps the answer is that we all need credit, and therefore we should have to pay to get credit, but having that concept presented in this context does not seem right.
12
According to information online, in Texas the fee is $10.83 per credit bureau to place a freeze. Not sure where you got the $500 figure -- unless you signed up for credit MONITORING, not a freeze.
13
It does NOT cost $500 a year to freeze your credit reports. There is no annual charge for this, it is a one-time charge of a fairly small amount. I'm not sure what you bought for $500, but it was not a freeze of your credit files at TransUnion and Experian.
1
All we are doing is closing one barn door after the horses have escaped. Funny, the barn has a few more doors and maybe a couple more I cannot see. I opened a user account at another credit reporting firm and the verification process included answering questions based on my financial history, which was in the electronic vault called Equifax.
6
I have kept my credit frozen for years now. If I need any new credit, I put a temporary thaw that last 30 days after which it will freeze again.
It may be anecdotal but my husband's company was breached and basically most of the executives with higher salaries had fraudulent tax returns filed in their names. My husband was one of the few that did not. We think it was because his credit is frozen. Tough to try to create a bank account to accept the refund if you can not open a new account.
It may be anecdotal but my husband's company was breached and basically most of the executives with higher salaries had fraudulent tax returns filed in their names. My husband was one of the few that did not. We think it was because his credit is frozen. Tough to try to create a bank account to accept the refund if you can not open a new account.
25
We just tried to do a credit check and it would not allow us to do it because of the credit freeze. Glad we keep it frozen. I still have a little concern about SSI number being out there but I have 2 sources of ID required when I log in to the SSI website, login and text message to my cell phone. I highly recommend having this 2nd method of ID which is linked to your personal device. I also have very complicated passwords and user ID (not my name) on any financial websites like Fidelity or my bank, and never save them on my laptop. It takes a while to memorize the passwords but it is reassuring that the complexity will never be hacked easily.
2
What about Equifax's liability ? I can't believe they wouldn't be liable for losses to me resulting from their failure to protect my information ?! Or have I somehow signed away my rights in this ?!
25
Equifax has pretty much said anyone can file a lawsuit.
That is the same as declaring they will file bankruptcy.
They are not going to trust to juries made up of people, many of whom never had a hundred dollars in their pocket at any one time, awarding millions in damages.
That is the same as declaring they will file bankruptcy.
They are not going to trust to juries made up of people, many of whom never had a hundred dollars in their pocket at any one time, awarding millions in damages.
12
@True Observer - Not sure how you came to that conclusion. I believe that if you sue, you have to prove actual loss, so until (or if) you lose money because of fraud traced back to the Equifax breach, I don't think you'd have any legal ground to stand on.
1
They should go out of business, except bankruptcy will take too long.
It's infuriating but true that someone can even legitimately open a credit account in your name without your consent. Some years back my employer opened Amex accounts for all of us as a tool for business expenses. No option to opt out. My card, which I almost never used, was stolen and used fraudulently. (Amex was the only credit company that failed to freeze my account in time to prevent charges, and gave me a hard time about writing off the charges.) This incident affected my credit even though I never requested the card nor signed anything. Why is this legal?
Paging Elizabeth Warren!
Paging Elizabeth Warren!
49
I just entered my info into the site and got a "may have been compromised" message; then entered a fake name and SSN and got a "not compromised" message. I think what this really means is they couldn't identify the fake info, so who knows what message a person would get with a real ID and no compromise. All in all I still do not believe the website is reliable. We will all have to keep checking back, because clearly Equifax rolled out a half-baked website to perform this critical task.
20
Just put a "security freeze" on my Equifax credit file. There was no charge. After I put in my name, ss number and address, it generated a pdf with a pin code with instructions to save it. When I put my information into the website to see if my data had been breached, I got a "may have been breached" response. I then signed up for the free credit monitoring. When I attempted to do the same for my husband, it said he could sign up on 9/12/17.
6
When I did the Equifax credit freeze about 5 hours ago I was told to come back on one date in the future and my husband the same date, while our daughter a day earlier. No doubt their site must be overwhelmed with people entering info.
1
@WWW - I'm guessing they want to control how many people sign on to get free monitoring on any given day so their site doesn't crash.
2
I'd encourage anybody that has to deal with this type of agency (in other words, everybody) to bring your money and your personal information to my apartment and I'll keep it in my purse. I admit to not knowing much about cybersecurity (but apparently nobody else does, either). Your information will be safe with me - I'm known to be able to keep my mouth shut; friends will vouch for this. I'm also frugal (some might say cheap) to a fault, so no worries on the cash front, either.
I'm pretty sure I can do at least as good a job as Equifax. Contact me through this website. I'll keep your info on a zipdrive on my keychain in my Marshall’s crossbody bag (a total markdown out of season) and will stay out of unsafe areas, even while playing Pokemon Go. Regarding cash, it would help me out if you used larger bills rather than tens and twenties, as my apartment isn't very big.
I look forward to doing business with you; I assure you your business is important to me.
I'm pretty sure I can do at least as good a job as Equifax. Contact me through this website. I'll keep your info on a zipdrive on my keychain in my Marshall’s crossbody bag (a total markdown out of season) and will stay out of unsafe areas, even while playing Pokemon Go. Regarding cash, it would help me out if you used larger bills rather than tens and twenties, as my apartment isn't very big.
I look forward to doing business with you; I assure you your business is important to me.
53
As of Saturday evening I typed in a random last name and random 6 numbers as got "Thank You Based on the information provided, we believe that your personal information may have been impacted by this incident. Click the button below to continue your enrollment in TrustedID Premier." I'll leave judgement to others....
12
Equifax knew of its incompetence for over five weeks before it did what it should have done on Day 1 and come clean. Meanwhile, this happened:
1) Over 140 million people had their personal data exposed in the ether
2) Equifax execs sold their personal stock so as to not take a loss
Now there are meetings being held at American financial corporations about how to make a profit off this through new sales opportunities. I'm sure Wells Fargo sees plenty of opportunity here. The credit reporting agencies will make a bundle charging Americans to freeze their credit reports.
But the nation has voted in a political party that puts corporate America ahead of Americans. There will be no consequences for Equifax from this grotesque betrayal of trust just as that same political party will ensure that there is no consequence for the foreign power that corrupted our election.
1) Over 140 million people had their personal data exposed in the ether
2) Equifax execs sold their personal stock so as to not take a loss
Now there are meetings being held at American financial corporations about how to make a profit off this through new sales opportunities. I'm sure Wells Fargo sees plenty of opportunity here. The credit reporting agencies will make a bundle charging Americans to freeze their credit reports.
But the nation has voted in a political party that puts corporate America ahead of Americans. There will be no consequences for Equifax from this grotesque betrayal of trust just as that same political party will ensure that there is no consequence for the foreign power that corrupted our election.
44
Well said. And done so with much restraint. But this time, someone has to go to jail...as soon as they're done watching non stop IRMA coverage on misguided CNN.
6
I wouldn't leave my protection up to the advice of a NEW York times columnist. I would contact my Senator and Congress rep to look into this and demand full and adequate protection from this breach. If everyone does this then it can be addressed at the national level rather than left up to a private company with its self serving Interests. Otherwise they may face a class action law suit.
16
Try reading this information from The Federal Trade Commission: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do They even address the fears about arbitration in the comments section: "Bridget Small - FTC | September 8, 2017 | reply
Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:
“The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”
Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:
“The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”
6
Actually, I have read many articles on this breach and this is the best advice so far. I am all-too-familiar with this having been identity thefted multiple times
1
A credit agency, that tells business how good or bad a person's credit it like it was some demigod above, has been hacked 3 times since 2015. Isn't about time that the credit agencies like this be done away?
22
The tech savvy among us will be able to figure out how to protect themselves. The vast majority of us will have no clue what to do. It shouldn't be up to the consumer to do something about this issue, the responsibility is with Equifax.
17
When you freeze your credit on Equifax, they do not give you the option of choosing your own pin. They generate one, and the first 6 of 10 digits is the date you placed the freeze. They're begging for lawsuits, right?
20
Congress needs to break Equifax, jail those who failed to protect the data and go after the hackers.
32
Agree - this is clearly criminal negligence!
16
I'm confused. The whole article talks about freezing accounts then at the end says it won't work anymore. What did I miss? Should I do the freeze or is it useless?
7
The link for an Equifax freeze now points to a page that offers this: Request an Initial 90 Day Fraud Alert or Active Duty Alert. This is not a freeze. Go here:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
I placed a freeze. It requires a credit card and $5. Now it's time to get bilked by the other two.
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
I placed a freeze. It requires a credit card and $5. Now it's time to get bilked by the other two.
Equifax told me I was "impacted" but then said my husband, with whom I share a mortgage, was not "impacted". How can that be, since both our names are on the mortgage?
6
@Melissa - It doesn't matter if you share a mortgage. Each of you has an individual credit file with all your personal info/credit history, etc. relating to you. By the way, I wouldn't trust that you were "not impacted". Many people posting on this site made up a last name & SS#, and got various answers on fake information.
3
Astonished at the variety of experiences reported here. Just tried freezing my credit at all three sites. All charged $5. All but, yes, Equifax, went without a hitch. Equifax took my money and then produced a totally blank page that was supposed to contain my confirmation and pin#. Couldn't reach any one or even get an email address to correct it. Customer service "chat" is only available 20 hours a week. 20 hours a week for over 100 million affected people.
16
Their customer support, if you can call it that, is off shore. Just like all the other credit reporting companies. Thus, your personal data has been leaving the country fro years. Chances are very good that the off shore site was hacked and gave them a gateway to your data.
16
That same thing happened to me too.
2
Everyone who tried seems to have been able to complete their forms to freeze their credit reports. On the TrustID Premier site, I was told to come back on Sept. 14 to fill out the form. A lot can happen in a week. Was anyone else told they had to delay the process?
6
Yes. My sister and 2 friends are 9/13. I'm 9/12.
2
Yes, I will not be able to enroll until Monday, 9/11.
1
Maybe just as well. Equifax has yet to lift the binding arbitration and anti-class action provisions. If I were you, go to Experian and get ProtectMy ID, it does the same things, as TrustID. Until such time Experian is hacked, that is.
1
Equifax execs sold their shares after discovering the breach. They should be investigated for fraud. Equifax should be broken up, unless a successful class-action suit buries Equifax for good.
28
Yes, well that was certainly insider trading. They should most definitely go to jail.
1
On the point of whether Equifax has any idea who is impacted, I do not know, but when I typed my information the response was that based on the information they believe my information was NOT compromised. So I suppose it is possible that Equifax tells everyone their information may have been compromised unless they know for (relatively) certain that their information was not compromised. That would explain why dummy information results in a warning. If you are not on the safe list, you get the warning. This is just a guess.
6
Good theory. Except that I typed in dummy information, and got the NOT compromised message. So this theory doesn't fit. Be interested to hear if you or anyone finds out what exactly how certain they are of which accounts are hacked, and how they know some accounts were not. If only Equifax was more forthcoming, but fat chance of that.
3
I'd love to see an article about how either the users of Experian are reacting to this breach, what, if anything was done illegally by Experian (evidently incompetence isn't illegal), what financial regulations exist that cover credit agency behavior, etc.
Most importantly, Congress desperately needs to work on a bill on privacy for the 21st century...that expresses who owns our data, how our data may be used, who can access it, etc. It makes no sense that we have strong civil liberty protections on traditional issues (illegal search and seizure, the privacy of snail mail, etc.) but seemingly no protections of identical information held or transmitted electronically).
Most importantly, Congress desperately needs to work on a bill on privacy for the 21st century...that expresses who owns our data, how our data may be used, who can access it, etc. It makes no sense that we have strong civil liberty protections on traditional issues (illegal search and seizure, the privacy of snail mail, etc.) but seemingly no protections of identical information held or transmitted electronically).
11
I would be interested to learn the ways that signing up for this credit monitoring program-- or starting to sign up but not completing the process--will have an effect on one's ability to participate in a lawsuit relating to Equifax's negligence. I couldn't find anything in the terms & conditions but that doesn't mean it isn't there....
I don't quite understand why the burden of protection doesn't fall more solidly on the shoulders of the collector of that information, especially as this is an opt-out collection that (as others have noted) is inconvenient-to-difficult to opt-out of.
I don't quite understand why the burden of protection doesn't fall more solidly on the shoulders of the collector of that information, especially as this is an opt-out collection that (as others have noted) is inconvenient-to-difficult to opt-out of.
6
It took the Equifax CEO three minutes to apologize, and it will take customers hours of work and headache to recover.
10
It is time to put these data shills out of business. Not only should any class action target equifax, experian, and transunion but EVERY company or government agency that has supplied them info without our permission. In addition, every one of the equifax officers who sold stock in advance of the public disclosure should be in prison for the maximum allowed by law. The article refers to us as "customers". We are no such thing. They use and abuse every one of us for their profit with no regard for truth or integrity. They should be, to borrow a phrase, terminated with extreme prejudice.
26
Equifax has been criminally negligent, and its CEO should be so charged.
40
And jailed!
10
"A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. That’s what happened here..."
What exactly was the point of this article?
So it looks like we're going to be chasing thieves for the rest of our lives. As a consumer, I'm not jumping through the fruitless hoops suggested in this article. This is a problem with no end in sight.
No wonder we've lost faith in our institutions. Some of them fail us miserably.
What exactly was the point of this article?
So it looks like we're going to be chasing thieves for the rest of our lives. As a consumer, I'm not jumping through the fruitless hoops suggested in this article. This is a problem with no end in sight.
No wonder we've lost faith in our institutions. Some of them fail us miserably.
20
Sad but true. I know someone who has sufficient resources, so she pays for everything (including her house) in cash. She has no credit history, because she has no credit. I always thought this was a little extreme. I can see this wisdom of her ways now.
9
@mevjecha - If you request a freeze on your file at all 3 credit bureaus, even if someone has your info they won't be able to take out a loan/credit card, etc. in your name because that requires a check on your credit file and it won't be possible.
4
However - Many credit card companies regularly 'check' your rating/ and will increase or decrease your limits > if they cannot access your credit files they might just close your accounts.
1
went to the site put in my and my wife's name and details. of course we were likely impacted. here is what is interesting - I then typed in random letters and 111111. guess what - eqifax has no clue. this company and all credit agencies need to be regulated. this is why we need a consumer protection bureau. these guys should be put out of business. a reminder, this started months ago and no disclosure. please.
20
For those who want the URL for the FTC credit freeze instructions, here is is:
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
There you'll find the three phone numbers I mention in a previous post.
Good luck.
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
There you'll find the three phone numbers I mention in a previous post.
Good luck.
8
anyone has a lot of gall generating "reports" on whether I am "creditworthy" or not. such nerve, let us fix the capitalist system or throw it away.
8
Never been to https://www.identitytheft.gov/ before. They have incorporated equfax's 'breach' into their services, but, do not consider that an ID theft has occurred until your info has been used. I thought their link to this freeze page was helpful: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
“An offer we cannot refuse’ the credit rating industry is modeled after Mafia style “protection rackets”.
Lock em up!
Lock em up!
15
Question: what will happen when hackers gain access to PINs to unlock security freezes?
These corporations do so little to safeguard our information to begin with: what makes us think they'll be safeguard security freeze-related information?
These corporations do so little to safeguard our information to begin with: what makes us think they'll be safeguard security freeze-related information?
8
Credit freeze will not help: hacker who could engineer this break in will have no problem in finding our freeze-taw PINs -- while we will have had forgotten where we hid them.
Class action now!
Class action now!
2
After you have used the PIN, I think someone from the Credit Agency has to call you to verify that you want to unfreeze your account. So they will contact you via the means you set up with them. The credit thief will need to be in control of your cell phone, e-mail, or whatever, in order to be able to pull this off. At least that is what I understand. It is possible to do this, but why would they go through the trouble, when there are millions of accounts that have no security freezes?
1
Not true. My credit has been frozen for some time. All that's needed to unfreeze it is the ten digit PIN, which is generated for you by the agency. With this, you can call an automated system, punch in the PIN, and your credit will be unlocked for as long as you--or an identity thief-- specify.
There is no human verification involved. For all I know the thieves got my PIN as part of the breach. Even if they didn't, they got all the info the freeze was supposed to be protecting.
The entire system is a bad joke and this breach will have disastrous consequences for millions of people. The system is not broken, it is non-existent.
There is no human verification involved. For all I know the thieves got my PIN as part of the breach. Even if they didn't, they got all the info the freeze was supposed to be protecting.
The entire system is a bad joke and this breach will have disastrous consequences for millions of people. The system is not broken, it is non-existent.
I note that some people are having problems requesting credit freezes.
Here are the numbers to call, from the FTC website:
Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
I successfully froze all three of mine a few days ago.
Here are the numbers to call, from the FTC website:
Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
I successfully froze all three of mine a few days ago.
6
Thanks for posting. Experian and TransUnion easy to process. Equifax "unable" to do so.
1
Many commenters note that they are upset that these credit rating agencies, including Equifax, have their information without the commenters' permission. I too have never given any of these credit rating agencies permission to gather information about me, but they obviously have it.
But I fear that I probably have unknowingly given various financial institutions -- banks and bank card companies, online retailers -- the right to give or sell information about me and my purchases when I apply for or use their services. Somewhere in their fine print I suspect they are allowed to share information as they see fit, always, no doubt "to provide better service."
That kind of "allowable sharing" buried in fine print should not be permitted, and acquiescing to blanket, future sharing should not be allowed. Any sharing that goes beyond the original entity that received the information should require the explicit approval before-hand of the customer who gave the information, and in giving that approval, the customer should know exactly who is getting the information, when, and what the information is.
No doubt that will slow somewhat the profitability of information selling and sharing by businesses who do such things, but we, the public, should have the right to know what information any commercial enterprise has on us at any time, without paying a fee.
But I fear that I probably have unknowingly given various financial institutions -- banks and bank card companies, online retailers -- the right to give or sell information about me and my purchases when I apply for or use their services. Somewhere in their fine print I suspect they are allowed to share information as they see fit, always, no doubt "to provide better service."
That kind of "allowable sharing" buried in fine print should not be permitted, and acquiescing to blanket, future sharing should not be allowed. Any sharing that goes beyond the original entity that received the information should require the explicit approval before-hand of the customer who gave the information, and in giving that approval, the customer should know exactly who is getting the information, when, and what the information is.
No doubt that will slow somewhat the profitability of information selling and sharing by businesses who do such things, but we, the public, should have the right to know what information any commercial enterprise has on us at any time, without paying a fee.
11
You gave your bank a permission to share your info with these agencies. Check your contract.
3
I am sure someone has made this observation already. I just want to put what I found here.
On the one hand, there is so much emphasis everywhere on how you should never share your social security number and how confidential it is etc.
On the other, I found so many forms that ask you to put down your Social security number. I have not understood how can such confidential information be asked to be put down on forms - private and government forms - in such an open manner. What if the form gets misplaced and someone gets the details ! And the forms make it mandatory for us to put down that information.
I was once at a Bank for some banking thing I needed, and the execute who was helping me was asking information and typing it into a computer, and casually asked me for the SSN. I was surprised how this supposedly highly confidential information was being freely and openly solicited. And this happens in many departments.
Again, on one hand, the system has made SSN a single point / weakest link in the chain of identity protection and on the other, the system simply does not provide sufficient tools to the people to protect their identity. And when it comes to liability, no of these powerful entities including the government take any responsibility. It is all on the little guy. How can this be in the USA, the most advanced nation on the planet.
On the one hand, there is so much emphasis everywhere on how you should never share your social security number and how confidential it is etc.
On the other, I found so many forms that ask you to put down your Social security number. I have not understood how can such confidential information be asked to be put down on forms - private and government forms - in such an open manner. What if the form gets misplaced and someone gets the details ! And the forms make it mandatory for us to put down that information.
I was once at a Bank for some banking thing I needed, and the execute who was helping me was asking information and typing it into a computer, and casually asked me for the SSN. I was surprised how this supposedly highly confidential information was being freely and openly solicited. And this happens in many departments.
Again, on one hand, the system has made SSN a single point / weakest link in the chain of identity protection and on the other, the system simply does not provide sufficient tools to the people to protect their identity. And when it comes to liability, no of these powerful entities including the government take any responsibility. It is all on the little guy. How can this be in the USA, the most advanced nation on the planet.
18
The SSN was never intended to be an identifier. Indeed when I got mine it was through a savings & loan when was I was a kid with no proof of identity or citizenship. Gradually since it was the only unique number common to almost everyone the SSN became the default identifier. Indeed when someone files for retirement benefits through the Social Security Administration the letter "A" is appended to the SSN and this is your social security benefit identifier and Medicare number. Sometime soon the Medicare number will no longer be your SSN. A little progress, since at least hospitals and doctor offices won't be depositories of SSNs.
2
The most advanced nation on the planet? Please!
4
Just say "no". While I might have given the credit card companies my social security number (I don't remember if I did or not), I haven't given it to anyone else except my employer(s). I simply say that the U.S. Government has instructed people not to use their social security number for anything but social security and that it's not supposed to be used as an I.D.
But I also think there may be a little over-reaction to this breach. There have been plenty of big hacks before. I think the credit card companies will probably re-issue cards like they did after the Target breach. As Doug points out in his post, Medicare is going to re-issue cards next year without social security numbers. And even if someone does charge something to your credit card, the companies have gotten pretty good at detecting fraud and even if they don't, if you get a fraudulent charge on your bill, you call up the credit card company and tell them it's fraud and they'll remove it. The biggest remaining risk is someone opening up credit in your name, but if the bill comes to you, you just call whoever and tell them. Just check your credit report every once in a while and make sure there's no accounts on there that you don't recognize.
But I also think there may be a little over-reaction to this breach. There have been plenty of big hacks before. I think the credit card companies will probably re-issue cards like they did after the Target breach. As Doug points out in his post, Medicare is going to re-issue cards next year without social security numbers. And even if someone does charge something to your credit card, the companies have gotten pretty good at detecting fraud and even if they don't, if you get a fraudulent charge on your bill, you call up the credit card company and tell them it's fraud and they'll remove it. The biggest remaining risk is someone opening up credit in your name, but if the bill comes to you, you just call whoever and tell them. Just check your credit report every once in a while and make sure there's no accounts on there that you don't recognize.
This is a reminder that society doesn't have a solution for accurately identifying people. And any system that is used needs to have a process for detecting and correcting mistakes. Organizations, corporate or government, that manage such systems have no interest in a correction process.
What does someone do if they are mistakenly put on the no-fly list? Or if their fingerprints or retina scan are misfiled in the database as belonging to someone else? A few years ago the NYTimes had a report on just that problem with fingerprints,which caused an innocent person to be held in jail for many months.
What does someone do if they are mistakenly put on the no-fly list? Or if their fingerprints or retina scan are misfiled in the database as belonging to someone else? A few years ago the NYTimes had a report on just that problem with fingerprints,which caused an innocent person to be held in jail for many months.
10
The best way to prevent similar breaches of the public trust is by direct action against Equifax executives. The CEO and all other members of the Equifax executive team should be publicly executed. It matters not whether Equifax violated any laws or regulations in failing to safeguard personal information of more than 100 million people who did not choose to provide their information to Equifax. Breach of the public trust is enough. Public execution will serve as an effective deterrent to malfeasance and misfeasance by other companies. This sanction should have been used against the executives of the financial firms responsible for the 2007-2008 financial crisis. It is the most effective way of preventing future corporate breaches of the public trust.
5
@Steven Merrill - "publicly executed"?? Really?
2
Now is a good time to inform everyone that Equifax, TransUnion, and Experian are not "agencies" per se. These are publicly traded companies eager to make money any way they can using your/our financial information to create reports on your/our credit worthiness. The use of the term, 'agencies.' is a smoke-and-mirrors description to subconsciously convince consumers that these for-profit companies are somehow part of the government infrastructure and, therefore, non-profit. Do not be fooled.
And now-Senator Elizabeth Warren has been exposing these corporations as the crooks they have been, and remain, ever since she taught credit and banking law and Harvard Law School. She knows how they work and how they make money. She knows, as the saying goes, "where the bodies are buried.'
You can find many of Sen. Warren's NPR interviews where she tells us how your mailed-in payment checks, are occasionally put in a "Late Payment" stack, even though your payment arrived before the deadline. The 'late payment' is then reported to the credit reporting 'agencies who report your late payment to the credit card issuer who raises the interest rate on your card. Kickbacks are then paid by the credit card issuer to the 'agency' that reported your late payment.
Agencies? Hardly.
Everyone wins but the consumer. One company charges you a late fee while another makes a kickback while the credit card company makes more money on higher interest rates imposed on the cardholder.
And now-Senator Elizabeth Warren has been exposing these corporations as the crooks they have been, and remain, ever since she taught credit and banking law and Harvard Law School. She knows how they work and how they make money. She knows, as the saying goes, "where the bodies are buried.'
You can find many of Sen. Warren's NPR interviews where she tells us how your mailed-in payment checks, are occasionally put in a "Late Payment" stack, even though your payment arrived before the deadline. The 'late payment' is then reported to the credit reporting 'agencies who report your late payment to the credit card issuer who raises the interest rate on your card. Kickbacks are then paid by the credit card issuer to the 'agency' that reported your late payment.
Agencies? Hardly.
Everyone wins but the consumer. One company charges you a late fee while another makes a kickback while the credit card company makes more money on higher interest rates imposed on the cardholder.
39
I have no idea whether what you say is true. I have seen no evidence if that game playing in my forty years of having and paying credit cards and loans. Regardless, such games are not possible when one pays bills online (receipt of payment provided immediately), by phone (a confirmation code provided), or in person at the bank or other payment center. So the answer is do not send payment by USPS when there are alternative methods available.
2
@Passion for Peaches - The credit card billing scam was real with some companies. Due to the legislation passed during the previous White House administration, credit card companies have to mail bills to consumers at least 21 days before they're due to help eliminate the purposeful delay of processing payments.
3
I've had credit cards since 1973 and not once has anyone claimed I paid late, except when I actually accidentally did. And in my particular case, the interest rate is usually of no consequence because I pay every bill at the end of the month and therefore never pay any interest. And as Passion points out, pay bills online and there's no "late" pile. Sounds apocraphyl to me anyway.
They do this because it is cheaper and easier to lobby the crooked Republicans in Congress to let them exploit the consumer instead of letting the Dems impose meaningful regulation. One simple solution is to mail letters to everyone to establish a contact so any request for credit wil result in notification at the address of the person with the SS number. But that would hurt their busines since credit card companies do not want the delay to verify a use before issuing a credit card.
7
government takeover of equifax perhaps? clearly the market failed here.
5
Great idea, if it weren't for Trump and GOP control of congress. Folks need to start voting for their own interests, not those of Equifax & friends.
7
Acquiring this data would be a dream-come-true of Chris Kobach's "Election Integrity Commission." Wonder if there was offshore assistance?
3
Equifax is paying for credit freezes at Transition and Experian too.
2
Wow, this sounds good, but try freezing your credit report with all three. Equifax was the easiest. TransUnion was a hassle because you had to create an account. But once done, it worked. Experian?? Forget it. It wouldn't allow me to freeze my file or my husbands (it required me to send all my into via the mail). Then it offered a site where you can upload your information (welcome to 1995). Good luck on that, the site doesn't work. These places are bastions of bureaucracy and poor security to boot. And we are relying on them for our credit scores? God help us all.
7
I was able to freeze both my own file and my husband's at Experian, online. Maybe some of the information you entered was incorrect? The site does work.
Thanks for the response. I'll try again tomorrow. I double checked my information several times, but I'll give it another shot.
I was able to freeze my credit with both Equifax and Experian online for free today. However, Transunion is still requiring a sign up for an online account with a legal caveat that made me nervous. I wonder if in coming days they too will be pressured into offering this service for free like the others? Not signing up for an account with a reporting service that will charge me fees, etc. How disgusting. Need to do this by mail with Transunion.
2
TransUnion was free, too (live in NY)
I was able to freeze my credit at Transunion right now--free and no strings attached.
1
I think I was able to do this via Transunion, HOWEVER they still operated differently than the other 2 bureaus. With Equifax and Experian I was issued an unlock code/password; with Transunion it still appears I signed up with an online account. I am not sure which rights I gave away doing this...
1
We need Elizabeth Warren and a stronger Consumer Financial Protection Bureau. If you understand the meaning of "143 million consumers' records stolen," and the fees that Equifax wants to charge to fix their errors, why is this not clear to you?
26
For everyone who has the outraged feeling that they never gave their personal information to Equifax, etc., yes, we all did. Every time you get credit for anything: car loan, mortgage, credit card, etc., you are given sheets of paper to sign and it's all there in the fine print. Who every reads it? Who every objects? And if you do refuse to sign, say goodby to that loan.
2
FWIW, it cost my wife and I $50 to put a freeze on for both of us at all 3 reporting agencies. Why we had to spend money instead of just being able to execure a freeze is beyond No web site worked, had to call and parse the labyrinth of each agency's particulars.
The most egregious failure was at Equifax itself, where the PIN we received was the date plus a sequentially dated #. People freezing their report at Equifax today all have 090917 for the first 6 digits of the PIN, so a mere 4 numbers for criminals to break. I hope the CFPB takes them to the woodshed.
The most egregious failure was at Equifax itself, where the PIN we received was the date plus a sequentially dated #. People freezing their report at Equifax today all have 090917 for the first 6 digits of the PIN, so a mere 4 numbers for criminals to break. I hope the CFPB takes them to the woodshed.
21
Just put one top Equifax executive in jail for 24 hours. Everything will be fixed fast.
13
I was able to freeze my credit without charge at Equifax and TransUnion. Wonder why some people were charged??
3
@ae - Every state has different regulations on what the credit bureaus can charge for various freeze services. Some states mandate no fee for anyone, others if you're 65 or over, etc.
1
They've update their site and the impact checker. Mr. Lieber, do you think their tool can be trusted now?
This was very useful information! Thank you for running it, with the links.
Equifax must have waived their fee temporarily for the credit freeze, to avoid further embarrassment and criticism. I was not charged for the request. I ran into a glitch at TransUnion, where I was informed on the final page that my request could not be completed. But when I logged in again to my account (they require that you establish one), my profile information said my credit file was locked.
One shortcoming of this system is that I had no trouble locking my husband's credit accounts, as well as my own! I think that opens the door to mischief! What if an aggrieved spouse or partner wants to cause trouble for the one who "done them wrong"?
Equifax must have waived their fee temporarily for the credit freeze, to avoid further embarrassment and criticism. I was not charged for the request. I ran into a glitch at TransUnion, where I was informed on the final page that my request could not be completed. But when I logged in again to my account (they require that you establish one), my profile information said my credit file was locked.
One shortcoming of this system is that I had no trouble locking my husband's credit accounts, as well as my own! I think that opens the door to mischief! What if an aggrieved spouse or partner wants to cause trouble for the one who "done them wrong"?
5
Transunions lock is not an actual freeze. It is a feature available only be signing up for one of their credit monitoring services. It can be unlocked by anyone who logs into your account. They do offer a true freeze but make it hard to implement because they'd much rather have you as a customer.
I see the outrage in the comments section, but is there going to be any satisfactory action or are people just going to sit on their hands and move on as soon as the next subject of outrage comes through the news?
3
On Equifax's website, It says if you want to see if your acct. has been breached, you have to waive any participation in a class action suit.
6
This is ridiculous. I tried to freeze my credit reports at Experian and TransUnion, and they want $25 a month and $20 a month, respectively, to do that. The real thieves in this story are the credit reporting companies.
7
I think you may have also signed up for credit monitoring. In Arkansas it should only cost you $5.00 per agency to place a freeze according to info here:
https://www.experian.com/blogs/ask-experian/credit-education/report-basi...
https://www.experian.com/blogs/ask-experian/credit-education/report-basi...
2
As a lovely bonus to this sad story, the Equifax website says it cannot provide it's free online credit report (9/9/17 @ 2:35 PST), but you have to mail in a form with a physical copy of your Social Security Number.
Someone should string these guys up.
Someone should string these guys up.
10
I have a new defense shield for protection against being....let's say "violated" by corporate America. The slicker the ad campaign, the faster I run away. Corporations that exist in cyberspace, meaning they have no service, product, or benefit to sell, amass obscene profits, and spend endless $$$ on ads in which they appeal to the dumbest of the dumbed-down and know no one is going to look, think, or question too closely. Looking at you DNA collection centers, reverse mortgage hawkers, insurance companies of every stripe...
5
So it seems that the "what to do now" is nothing. The barn has burned down and the horse is long gone. This sort of article is not helping!
8
Be aware that if you accept Experian’s offer you’ll give up the right to pursue legal redress in court and are instead bound by their arbitration agreement.
http://www.huffingtonpost.com/entry/equifax-breach-2017_us_59b2dae8e4b0b...
http://www.huffingtonpost.com/entry/equifax-breach-2017_us_59b2dae8e4b0b...
6
Eventually there will be a multi-jurisdictional case that consolidates all of the federal class action claims against Equifax. Until that happens, I am filing a class action in Alabama. I urge people to take immediate steps to either join an already filed case or file one themselves in their respective state.
I have placed freezes on my report with all three agencies. Meanwhile, I now understand why I have started receiving so many spam phone calls and emails that suddenly appeared out of nowhere to my private email address that is NEVER shared and my private cell phone that is NEVER shared.
I look forward to holding Equifax accountable for what they have done and also look forward to new federal legislation that requires any and all credit reporting agencies to be monitored and regulated so as to avoid any future management decisions that result in harming millions upon millions of Americans.
I have placed freezes on my report with all three agencies. Meanwhile, I now understand why I have started receiving so many spam phone calls and emails that suddenly appeared out of nowhere to my private email address that is NEVER shared and my private cell phone that is NEVER shared.
I look forward to holding Equifax accountable for what they have done and also look forward to new federal legislation that requires any and all credit reporting agencies to be monitored and regulated so as to avoid any future management decisions that result in harming millions upon millions of Americans.
14
Contact the IRS and request a IP PIN identification number. You can do that if you have been breached and it's free. The IP PIN changes every year and the only way you are notified is by mail. No one can submit a tax return in your name without the IP PIN. It's easy and it's free!
https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protectio...
Note: You currently can’t opt-out once you get an IP PIN. You must use your IP PIN to confirm your identity on all federal tax returns you file this year and in future tax years.
https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protectio...
Note: You currently can’t opt-out once you get an IP PIN. You must use your IP PIN to confirm your identity on all federal tax returns you file this year and in future tax years.
1
It looks like that's only available to people who've been invited to get one? Weird. Should be available to all!
1
Don't scount on any U.S. government helping out in terms of this breach. (Our elections have been comprised. How's that working out for us?) And, increasingly under this administration, the tenor is getting more and more pro-business. That means consumers will be increasingly out of luck.
3
Great we are all up the creek without a paddle.
1
I wonder if Equifax will comply with California law and send me a written notice of the data breach. Details as to the nature of the breach and what information was exposed are supposed to be included.
2
Thanks so much for sharing the information on how to create freezes! 143 million records is epic and highly increases the odds for identity theft. I already disliked credit reporting, now even more so.
Experian security freeze page isn't working. Advice?
Thank you for this article. I followed Mr. Lieber's suggestions and have placed a freeze with all four agencies.
I assume that there are a great many law firms filing class action law suits or at least I hope so. I hope that the executives of this company will ahve a nice time authorizing expenses for discovery and also enjoy answering the lengthy set of interrogatories supplied by plaintiffs counsel.
1
I've contacted our state AG, Governor, and Congressional reps asking what they're going to do to advocate for new laws regulating and/or outlawing this kind of credit racket. I have faith that at least Sandy Levin will address it. Hope others yell loudly at their elected reps to get this business highly regulated if not changed dramatically.
3
It is outrageous that credit reporting companies who collect and compile private information without permission of the individual and then when something goes wrong they have little or no responsibility. The credit reporting agencies clearly need stringent regulation which is unlikely to happen with Republicans in charge. We should hope that a number of class action lawsuits are successful enough to destroy Equifax. That would be enough to focus those remaining to provide adequate security. We can also hope the corporate officers who sold stock ahead of a public announcement do time in jail. If Martha Stewart was made an example of for a minor breach surely these guys should do serious time.
6
Maybe some of the advice listed here works for NYT reporters. For the average consumer, there are busy signals, links that do not work, and telephone operators who do not know anything helpful.
If you enter your information on the Equifax website, it tells you to come back at a later date. They have more people answering the phone than they did before, but the operator will just tell you to go to the website. If you continue to ask questions, the operator will simply terminate the call.
I managed to put a temporary freeze in place through Transunion -- they're supposed to transmit it to the other credit report companies. I then received an email thanking me for enrolling in their credit monitoring service, which I did not do. Biggest scam ever.
If you enter your information on the Equifax website, it tells you to come back at a later date. They have more people answering the phone than they did before, but the operator will just tell you to go to the website. If you continue to ask questions, the operator will simply terminate the call.
I managed to put a temporary freeze in place through Transunion -- they're supposed to transmit it to the other credit report companies. I then received an email thanking me for enrolling in their credit monitoring service, which I did not do. Biggest scam ever.
4
The CEO of Equifax should have been fired yesterday. The senior management of the company should be criminally indicted, and the company should be fined soe many billions that will be driven out of business.
A company like Equifax has a primary duty to protect the information of the millions of people on whom it maintains records, and it failed abysmally. There's little to do about that now, but those responsible should be prosecuted to the full extent of the law.
A company like Equifax has a primary duty to protect the information of the millions of people on whom it maintains records, and it failed abysmally. There's little to do about that now, but those responsible should be prosecuted to the full extent of the law.
9
Why on earth would I trust Equifax to monitor my credit when they couldn't keep it safe from hackers? Their offer of a free year of protection is worth exactly what you are paying for it.
I am looking at Experian and Transunion plans that will last at least 5 years. If I have to pay, I will ask Equifax to reimburse me. If they don't pay, I will sue them in small claims court.
I am looking at Experian and Transunion plans that will last at least 5 years. If I have to pay, I will ask Equifax to reimburse me. If they don't pay, I will sue them in small claims court.
4
I just saw a TV show explaining how Bitcoin is impossible to hack. That is why it keeps going up in value. In 2010 it was worth 39 cents. It is now worth $4,272.
If bitcoin can remain hack-free why can't the dollar?
If bitcoin can remain hack-free why can't the dollar?
The dollar wasn't hacked. A credit reporting agency was.
If the "Make America Great Again" movement could really take us back to the mid-20th century, as it aims to do, we wouldn't have to worry about things like this. The snag, as with everything else, is that this is the 21st century and we've got to deal with it. I'm not holding my breath.
2
Let's talk about a law and order approach.
'd really like to see the same thing here that I'd like to see with each new event of someone's online banking or credit card getting stolen. What I'd like to see is aggressive policing and prosecution. It's, literally in the case of credit card theft, bank robbery.
Most of us understand by now the importance of cyber security, password protection, etc. But why do we keep blaming the victims of these crimes instead of mobilizing to deter the crimes more effectively and punish them ever?
'd really like to see the same thing here that I'd like to see with each new event of someone's online banking or credit card getting stolen. What I'd like to see is aggressive policing and prosecution. It's, literally in the case of credit card theft, bank robbery.
Most of us understand by now the importance of cyber security, password protection, etc. But why do we keep blaming the victims of these crimes instead of mobilizing to deter the crimes more effectively and punish them ever?
2
Keep in mind that if you do place a freeze on your credit and need to unfreeze for, say, a heloc or new car loan, you can ask the creditor to consult specific agencies.
This is very handy since it means you may only need to temporarily lift the freeze at one agency. It's also a good reason to try to work with companies that are at least somewhat local and establish a relationship with them. And then there's Wells Fargo...
This is very handy since it means you may only need to temporarily lift the freeze at one agency. It's also a good reason to try to work with companies that are at least somewhat local and establish a relationship with them. And then there's Wells Fargo...
2
Thanks for all the info.
I will not pay Equifax to protect me when the clearly don't know how to do that.
Where do we sign for the class-action suit against Equifax?
I will not pay Equifax to protect me when the clearly don't know how to do that.
Where do we sign for the class-action suit against Equifax?
4
Of course, you'll have to supply your social security number, date of birth, mother's maiden name, and your first born, in order to enter into the class.
Any idea what would put people at risk with Equinox? Applying for credit recently? I don't get it.
Among other requirements, Equifax should be required to purchase extended credit monitoring services for the affected people from Experian and TransUnion. This will provide additional protection to those affected and will help prevent Equifax from benefiting from its total failure.
2
Props to Experian for making the process super simple. No props to TransUnion for requiring a long sign up process first.
2
I don't often act with such alacrity, but I took Mr. Lieber's specific advice today. Equifax on-line freeze was relatively easy to complete, though they did charge $10.00 each for 2 scores, for me and for my partner. Experian required more information--with a second rank of identity questions, one of which was so obscure that my session timed out while I researched the answer! Then, I was locked out for on-line completion, and received a pretty bossy set of instructions for regular mail or additional document provision on-line. Furthermore, as of this afternoon Experian has overcharged us for the one security freeze we were successful in securing on-line. TransUnion flipped the script in an odd way, by not charging us at all for the first freeze, but they did charge $10.00 for the second. So, mission accomplished, mostly, with an aftertaste of aggravation!
Equifax should be required to refund the fees and charges of every customer whose personal data was released into the wild. Google provides free services in exchange for the personal data of customers. Equifax provides none, and moreover evidently economizes on security activities.
Without refunds to customers, legislation should be enacted to impose regulatory constraints on companies (and government agencies) entrusted with the personal data of American citizens. Failure to comply should bring a prison term, just as a theft of financial or real assets does.
Russian and Chinese hackers love reckless operators like Equifax, both for commercial gain and for national security reasons.
Banks are regulated, and they only hold one's cash. Equifax holds one's identity, and a breach of trust can carry life-changing consequences.
Without refunds to customers, legislation should be enacted to impose regulatory constraints on companies (and government agencies) entrusted with the personal data of American citizens. Failure to comply should bring a prison term, just as a theft of financial or real assets does.
Russian and Chinese hackers love reckless operators like Equifax, both for commercial gain and for national security reasons.
Banks are regulated, and they only hold one's cash. Equifax holds one's identity, and a breach of trust can carry life-changing consequences.
4
I checked mine and the message was that I am not affected by the breach so not everyone is getting the same msg. But the site for free credit reports would not work.
1
Excellent information. I too am angry with how Equifax has horribly mismanaged this breach. I agree, everyone Equifax should provide free life-time credit monitoring for all credit bureaus (Experian and TransUnion). Great point by Mr. Lieber, this will be an ongoing problem for everyone - Equifax needs own this problem and provide real solutions; not a band-aid.
2
What exactly, is a "credit freeze"? The term seems to imply that I would be cancelling my own ability to obtain credit, as the only way for me to make sure that nefarious characters would not be able to steal my identity and use my credit.
1
It means that no one can consult your credit history without express consent from you*. This means that if you need to secure a loan or increase your limit on a credit card, you would need to unfreeze your account using a previously provided pin and password.
* or someone impersonating you with access to heaps of personal data collected through a leak like this and access to your pin.
* or someone impersonating you with access to heaps of personal data collected through a leak like this and access to your pin.
2
"..you can enter a random name and number into the site and it will tell you the same thing."
Except that's not true. I entered my name and SS as requested on Friday morning and was told "Based on the information provided, we believe that your personal information was not impacted by this incident." So it's not random.
Except that's not true. I entered my name and SS as requested on Friday morning and was told "Based on the information provided, we believe that your personal information was not impacted by this incident." So it's not random.
Amazingly, Equifax is still charging to freeze your credit with them! The three major credit reporting companies will rake in $1.5 Billion dollars if only one-third of the potentially affected people follow suggestions and put credit freezes on their accounts at these three companies. Yep. At $10 to freeze an account at each of the three, and 150 million may be affected, that's 50 million people spending $30. If everyone does it, yowza...multiply that $1.5 B by 3. No real incentive to improve security, eh?
2
Thank you Carter (who started this ball rolllng by deregulating the airlines, who are now covering themselves with glory by fare-gouging storm victims), Reagan (who never met a deregulation he didn't like), Bush (who camestraight out of the Reagan playbook on deregulation and also started putting corporate foxes in charge of what regulatory agencies that survived the slaughter), and Trump, who never met a corporate tool he didn't like as a candidate for a regulatory agency head. We The People really appreciate the laissez-faire, market-woshipping environment these guys have provided us. First it gave us Worldcom, then Enron, then the Crash of 2008, and now the Equifax debacle. When are We The People going to re-realize that regulation of essential services (such as Equifax) is necesssary for the protection of the Body Politic? Now, because of no regulation, Equifax has lost our information to the pirates of the internet, and God only knows what that's going to cost us. And is Equifax going to make good on one penny of that out of their vast profits? Don't hold your breath.
2
How about a new law that requires your permission to keep any credit information in these services. That way you could not get any credit or additional credit. Sounds fine to me.
29
I too am unhappy about what happened. I would request people to do the following,
1. Write a letter to the congressman and senators of your constituency complaining about the event and requesting them to do the following:
--- Hold Public Hearings to review the current law and come up with fixes.
---- Enquire if executives broke any law (profiting by selling shares)
2. Complain the same concern to the Attorney General.
3. Complain the same to the Bureaus of Consumer Financial Services
4. Complain the same to the SEC against Equifax
Any others I am not able to think of
1. Write a letter to the congressman and senators of your constituency complaining about the event and requesting them to do the following:
--- Hold Public Hearings to review the current law and come up with fixes.
---- Enquire if executives broke any law (profiting by selling shares)
2. Complain the same concern to the Attorney General.
3. Complain the same to the Bureaus of Consumer Financial Services
4. Complain the same to the SEC against Equifax
Any others I am not able to think of
17
I hope Charles Schumer will go after these credit reporting agencies.
17
that's right, hope that the democrats fix your problems. great.
Do you really think that any Republicans will fix it?
Was your data compromised? Mine too, three months ago. I think the most important thing you can do right now is to file an identity theft report with the FTC. (https://www.identitytheft.gov/) and save a copy. When presented to a credit reporting agency, this report allows you to keep a credit fraud alert for SEVEN years instead of ninety days. It also can be used when filing a credit freeze.
I pay credit monitoring through Experian already and am keeping it. They said that with the FTC identity theft report, the $10 fee for the fraud alert and credit freeze is waived.
Additionally, the FTC.gov identity theft website is wonderful! Use it. It really helped guide me through the nightmare of having my credit information compromised.
Bear in mind that Equifax knew about the data breach three and a half months ago in mid-May and did not tell the public until now. My credit info was compromised over Memorial Day weekend. Your info is already out there. It may already have been used to open new accounts, buy boats or siphon money from your bank accounts.
I pay credit monitoring through Experian already and am keeping it. They said that with the FTC identity theft report, the $10 fee for the fraud alert and credit freeze is waived.
Additionally, the FTC.gov identity theft website is wonderful! Use it. It really helped guide me through the nightmare of having my credit information compromised.
Bear in mind that Equifax knew about the data breach three and a half months ago in mid-May and did not tell the public until now. My credit info was compromised over Memorial Day weekend. Your info is already out there. It may already have been used to open new accounts, buy boats or siphon money from your bank accounts.
43
It's not clear in your post -- do you know for certain that your identity was stolen? Do you have evidence? If you go to the FTC site and attempt that you have knowledge it was stolen, and that's not true, you have made a fraudulent statement. I would not advise people to to that preemptively.
1
First, I went to the link provided by Equifax to check to see if my data was compromised. The answer was that it probably was. I made a screen print of it for my records.
Yes, in my case I had additional proof. Fraudulent charges were made on two different credit accounts in May.
The FTC identity theft website is prepared for the victims of the Equifax data breach. This link takes you to the page.
https://www.identitytheft.gov/Assistant
Yes, in my case I had additional proof. Fraudulent charges were made on two different credit accounts in May.
The FTC identity theft website is prepared for the victims of the Equifax data breach. This link takes you to the page.
https://www.identitytheft.gov/Assistant
I thank Ron Lieber and all the commenters for their advice. I was able to put a security (credit) freeze for Equifax, Experian, Transunion and, easiest of all, Innovis online and without any charge since they're not allowed to charge us here in New York State.
Now onto whether there has been any misuse of my information in the past FOUR+ months that the criminals at Equifax sat on the data breach!!
Now onto whether there has been any misuse of my information in the past FOUR+ months that the criminals at Equifax sat on the data breach!!
11
Vantage score, Credit score, FICO score, ....so many scores! It is a big scam for companies to scam the vulnerable population and make money.
FICO is made up of
Payment history (35% of the FICO score)
Debt/amounts owed (30%)
Age of credit history (15%)
New credit/inquiries (10%)
Mix of accounts/types of credit (10%)
Why should New credit inquiries affect my scores. It is an Inquiry !!
All the need to look at is payment history and outstanding debt vs income. But why keep it simple when one can scam people and make money!
1 company hacked. Execs made money day after the hack - Insider Trading? How long till the other 2 are hacked?
Have frozen my credit over 2 years ago...now hackers may have it all.
My spending, my debt, my money, my information....and 3 companies are controlling it without my knowledge. Shouldn't there an option for me to say "No I do not want you to store it!"
Let there be a large Class Action suit against Equifax...they need to be put out of business. Let the Execs go to jail and take away the money they made selling their shares and distribute it to those whose information was stolen. Until it hurts the bottom line, nothing will change and we will all continue to be scammed by these firms.
FICO is made up of
Payment history (35% of the FICO score)
Debt/amounts owed (30%)
Age of credit history (15%)
New credit/inquiries (10%)
Mix of accounts/types of credit (10%)
Why should New credit inquiries affect my scores. It is an Inquiry !!
All the need to look at is payment history and outstanding debt vs income. But why keep it simple when one can scam people and make money!
1 company hacked. Execs made money day after the hack - Insider Trading? How long till the other 2 are hacked?
Have frozen my credit over 2 years ago...now hackers may have it all.
My spending, my debt, my money, my information....and 3 companies are controlling it without my knowledge. Shouldn't there an option for me to say "No I do not want you to store it!"
Let there be a large Class Action suit against Equifax...they need to be put out of business. Let the Execs go to jail and take away the money they made selling their shares and distribute it to those whose information was stolen. Until it hurts the bottom line, nothing will change and we will all continue to be scammed by these firms.
49
When I went to sign up for the "free" credit monitoring and it said I had to go back in 4 days to finish the process, I then realized this could just be a scam on Equifax's part. Why not? A republican Congress and President surely will not stand in their way. No laws to protect the consumer (and less everyday thanks to a republican Congress and President). Then I heard about the Execs of Equifax selling their stock. Lets face it. The consumer is a pawn for the CEOs and politicians to fleece. Want to end hacking of private data? How about a $10,000 settlement going to each person who has their data stolen. So my personal and financial data has been lost by the VA, Anthem Health Insurance, Equifax, Target and .... Pathetic.
22
Also change your account passwords.
2
I wasn't charged anything by Equifax or Experian.
Depends on which state you live in Debby. I was charged $10 for a credit freeze by each agency - so $30 per adult in our home. So $60 gone just telling these fools not to open any credit cards or lines without my specifically requesting it. Why in heaven's name do they even open a credit card without calling the person and verifying the request? To save themselves the time and money of making one flipping phone call? Pathetic and the worst part it, nothing will change.
2
that's b/c you are in NY. In many/most other states the charge is $5/freeze at each company. Really ticked me off. When is someone going to be jailed?
2
How odd, Experian charged me $10, no charge from Equifax. What on earth is going on with these entities? Some random algorithm? Most efficient method of pillaging ever invented.
1
I'm so grateful someone has accurate & useful info, I should have known cant depend on Equifax to even create a straight-forward site specifically for this crisis. I've always had problems with them, never with Transunion or Esperian. Their main site for the most part is geared towards selling their subscriptions. You cant even contact them unless you have an order number. This place should be shut down!
8
Yup. Even setting up a security freeze went as smooth as silk with the other two - after forking over $10 for each request- but the Equifax site must have been designed by Gremlins.
1
So they take the data without asking, compile it without consulting and then when its hacked it is the affected person's responsibility to ask for a security freeze which they then must pay for. And to get the support service which should be automatic they want you to let go of your right to sue and pay for it after 1 year. What a deal. What a country. We have such great values.
25
Thanks for the links for the credit freeze, but it looks like the reporting agencies are doing whatever they can to make it hard to actually get one. Both Experian's and TransUnion's online apply process returns "we are unable to honor your request based on information you entered" even though 100% correct information was supplied. Experian says you must physically mail a letter with proof of identity; TransUnion gives you a phone number to call but then (after you call) tells you to call back during regular business hours.
My guess is that this has become SOP after your article was published and they started getting lots of freeze requests. They probably think that most people will simply give up when their online application process denies the request and more hurdles are put up.
Interestingly, EquiFax's online application worked fine.
My guess is that this has become SOP after your article was published and they started getting lots of freeze requests. They probably think that most people will simply give up when their online application process denies the request and more hurdles are put up.
Interestingly, EquiFax's online application worked fine.
6
Welp. I tried to check to see if my information was compromised, and the "check potential impact" links stuck me in a loop where the recaptcha doesn't work.
Equifax is awful.
Equifax is awful.
13
This is just to give you some perspective on how guarding one's personal information has changed over the decades. In the 1970s I was a summer employee at a department store, for three years in a row. We signed in and out on a log sheet, which sat on a desk in the changing room. It was fully visible to all employees and any nosey customer who made a little effort. The sign-in consisted of a full SSN and a signature. That was entered every day, and I doubt that the log sheets were shredded.
2
If these personal data traders had to pay a penalty to us for every time they got our information wrong and a fine at least as much as was stolen plus 25% penalty each time an identity was stolen there would be no identity theft.
It is only possible because they make money off of it.
It is only possible because they make money off of it.
12
I agree. The executives have nothing to lose and, with insider trading, more than everything to gain. You can be sure that none of the executive insider traders will suffer anything more than their quick profits.
Some smart AG should hold them in Rikers for a few weeks.
Some smart AG should hold them in Rikers for a few weeks.
2
Ok, who do I sue for letting my data be hacked and leaving me open to criminals.
Equifax? What should I sue for? Criminal negligence? Criminal Fraud? They did claim that our credit information was safe. Assault with intent to let criminals attack and ruin our lives.
I want people fired. I want CEO's to go to prison for years and lose all their money. I want Equifax to have to pay everyone who is affected and has had their credit used by a criminal what was charged or credit opened plus a $100,000 penalty for each time it was done. This is fair for what will be a huge amount of work and the destruction of their lives and families with loss of home and income due to false debt.
Equifax? What should I sue for? Criminal negligence? Criminal Fraud? They did claim that our credit information was safe. Assault with intent to let criminals attack and ruin our lives.
I want people fired. I want CEO's to go to prison for years and lose all their money. I want Equifax to have to pay everyone who is affected and has had their credit used by a criminal what was charged or credit opened plus a $100,000 penalty for each time it was done. This is fair for what will be a huge amount of work and the destruction of their lives and families with loss of home and income due to false debt.
24
Is this a crime with victims but no criminals?
Due to the gargantuan ineptitude and negligence of Equifax's top executives, millions of Democrats and Republicans had their credit files stolen. Other than a dip in the price of their stock, what meaningful discussion of action has taken place to financially penalize Equifax? Instead Equifax is going to make additional monies, along with selling shares based on inside information, by making the victims of their sloppiness into actual paying customers like Mr. Lieber and millions of others. This is criminal.
Who will stand up for all of us, Republicans, Democrats, Independents and Libertarians and say this has gone too far? Will we finally get some bipartisanship work done in Congress to benefit the people instead of the corporations for a change?
What do these executives have to do to be considered criminals? Shoot someone on 5th Ave.?
Due to the gargantuan ineptitude and negligence of Equifax's top executives, millions of Democrats and Republicans had their credit files stolen. Other than a dip in the price of their stock, what meaningful discussion of action has taken place to financially penalize Equifax? Instead Equifax is going to make additional monies, along with selling shares based on inside information, by making the victims of their sloppiness into actual paying customers like Mr. Lieber and millions of others. This is criminal.
Who will stand up for all of us, Republicans, Democrats, Independents and Libertarians and say this has gone too far? Will we finally get some bipartisanship work done in Congress to benefit the people instead of the corporations for a change?
What do these executives have to do to be considered criminals? Shoot someone on 5th Ave.?
10
Ron Lieber, not cool. I tried a credit freeze on my Mac. When it got to the screen that you said NEVER to lose, the Mac could not view the pdf file. So now, I may have a credit freeze-- or not. I do NOT have a code to lift it. You needed to warn us about this. NOT COOL!
1
I used a Mac Book Pro and my daughter used her Mac Book Pro and had no problems. I used Safari, while she used Chrome. Chrome appeared to be a bit better/faster.
Wouldn't be surprised if these websites were overwhelmed right now.
Innovis snail mails the PIN to people who sign up, unlike the other 3 who give it to you when you do it right there online.
Wouldn't be surprised if these websites were overwhelmed right now.
Innovis snail mails the PIN to people who sign up, unlike the other 3 who give it to you when you do it right there online.
sorry it happened to you, but fyi no prob putting on any of the credit freezes from my mac just now
1
Thanks for the responses. I appreciate that some people had no problems, and I am glad for them. Is there a way to avoid this potential major problem for me in the very near future?
Warning! I went to annual credit reports and was able to access my first 2 credit reports, but for Equifax a notice that "Online Delivery Unavailable." I went to their website and my computer shut down with the warning that it was a phishing site. I was able to save my data due to this automatic defense shut down. Is it possible they have been hacked again and it is dangerous even to access their website now? I don't know, but I won't try again.
4
First and foremost - thank you for keeping on top of all this! Great article Ron Lieber. Just froze my accounts everywhere that was suggested. Now to get the rest of my family to do so.
Equinox did not ask me for any money to freeze my account. Perhaps they've read the comments here and thought better about charging people?
Looking forward to more updates from you Mr. Lieber. Again, thank you.
Equinox did not ask me for any money to freeze my account. Perhaps they've read the comments here and thought better about charging people?
Looking forward to more updates from you Mr. Lieber. Again, thank you.
1
Equifax is going to get slammed with class actions suits, and deservedly so. Many of the commenters in this thread have expressed helplessness against the big three credit companies. The good thing about all of this is that this hacking might call all three billion-dollar companies to task for their substandard practices in a very public way. We should not let up on them Also, where is the consumer protection aspect to all of this? Time for an overhaul!
12
Time for national ID cards like most other developed countries. And the only purpose of the card is to replace bulky passports; else issue passports at birth and increase/remove the date of expiration. The SSA was never equipped to manage the identities of the entire national population, the IRS just piggy-backed off the SSA, and financial institutions and other major industries just hopped on board with the IRS.
Since the SSN isn't very secretive and is used for identification in all sorts of industries it's naturally very vulnerable. It might be prudent for the SSA to consider replacing the SSN. Maybe around the time when we pass a comprehensive SS overhaul, which will happen in the near future... hopefully.
Since the SSN isn't very secretive and is used for identification in all sorts of industries it's naturally very vulnerable. It might be prudent for the SSA to consider replacing the SSN. Maybe around the time when we pass a comprehensive SS overhaul, which will happen in the near future... hopefully.
2
Your Brave New World?
Why do American citizens even put up with having credit card agencies that have every bit of private information on everyone, and these agencies are thriving businesses. Who was fooled by whom when these agencies were established? Yet there is an outcry should the government make it compulsory for every citizen to carry an Identity Document with a photo.
In which other country do these agencies exist?
In which other country do these agencies exist?
5
It was obvious seen this would happen sooner or later and if Congress had been on the ball, instead of spending their time figuring how to get re-elected, a fix would already be in place or at least in the works. Now it's too late: Congress is more interested in getting rid of financial regulations than creating new ones or spending money on solutions. We're toast and hopefully Equifax is too, though I suspect the current government (I use the term loosely) will let them get away with extortion.
2
This is what people get when they vote for "smaller government".
Gutting regulatory agencies by cutting their budgets, and trying to shut down the new Consumer Protection Bureau plays right into the hands of huge crooked corporations.
Gutting regulatory agencies by cutting their budgets, and trying to shut down the new Consumer Protection Bureau plays right into the hands of huge crooked corporations.
What is at stake here? Once your personal information is leaked and finds its way onto a hacker's computer you are compromised for life. It will be spread across the internet and duplicated in perpetuity.
I never authorized any consumer reporting agencies to collect my financial information, package it and sell it. I am not involved in the process so cannot vouch for its accuracy. Since this information is so important to the financial industry and to companies selling products that require financing, they need to step in and correct this problem.
Unfortunately, credit information is now used for more than a person's ability to repay a loan. Insurance company actuaries and company HR departments have decided to use this information to determine risk in setting insurance rates and making hiring decisions.
Since there is no accountability for these credit reporting agencies, and the information is being used for more important decisions beyond creditworthiness, legal action against the credit agencies, insurance companies and companies using this information to reject applicants
may be the only course.
Circumstances of individual victims of the initial leak and subsequent missed employment opportunities and higher higher insurance rates will vary greatly, going the class action route will be problematic.
Credit reporting agencies are a product of the 20th century failing to change in the 21st.
I never authorized any consumer reporting agencies to collect my financial information, package it and sell it. I am not involved in the process so cannot vouch for its accuracy. Since this information is so important to the financial industry and to companies selling products that require financing, they need to step in and correct this problem.
Unfortunately, credit information is now used for more than a person's ability to repay a loan. Insurance company actuaries and company HR departments have decided to use this information to determine risk in setting insurance rates and making hiring decisions.
Since there is no accountability for these credit reporting agencies, and the information is being used for more important decisions beyond creditworthiness, legal action against the credit agencies, insurance companies and companies using this information to reject applicants
may be the only course.
Circumstances of individual victims of the initial leak and subsequent missed employment opportunities and higher higher insurance rates will vary greatly, going the class action route will be problematic.
Credit reporting agencies are a product of the 20th century failing to change in the 21st.
10
An organization that I have nothing to do with, collects personal information about me for resale to other companies and then fails to adequately protect that information thus exposing me to potential theft and fraud indefinitely.
They find out about the "problem" more than a month ago but are only now informing the public, but not before several senior executives including the CFO successfully sold millions in stock before word hit the street.
Now in order to fully protect myself from this organizations careless actions, I and millions more must pay for freezing our accounts FOREVER. How is it that they are not finically liable for the ramifications of their actions or inactions? How is it that there appears to be zero in the way of penalties other than offering free credit monitoring for a year, after which they will charge for the service thus making millions more off their incompetence.
Only when there are severe financial penalties and fines will they take data protection seriously.
They find out about the "problem" more than a month ago but are only now informing the public, but not before several senior executives including the CFO successfully sold millions in stock before word hit the street.
Now in order to fully protect myself from this organizations careless actions, I and millions more must pay for freezing our accounts FOREVER. How is it that they are not finically liable for the ramifications of their actions or inactions? How is it that there appears to be zero in the way of penalties other than offering free credit monitoring for a year, after which they will charge for the service thus making millions more off their incompetence.
Only when there are severe financial penalties and fines will they take data protection seriously.
6
We've all "learned" about "freedom" in America but few understand what that is interpreted to mean by the "right wing capitalist". Their interpretation of "freedom" is "the right to a hand in every pocket" which they also believe is to be protected and enforced by the law. I'll bet you thought it to mean something totally different but you weren't aware of how "money" changes the meaning of everything especially if you're not one those controlling it. "Consumer protection"? That's just a "liberal" regulation impediment to the "freedom" of the free flow of cash out of your pocket into theirs. I hope this clears up any confusion or misunderstanding anyone may have had.
4
They are doing virtually nothing. NOTHING.
It is the equivalent of a vehicle recall in which you drive to the dealer and they give you a wrench and say 'go crazy.'
They need to make this as easy as driving to your car dealership. They need to compensate anyone for any losses.
They provide a service to banks etc.
The credit agencies should be far more stringently regulated and required to reimburse people not just for any losses but for time and inconvenience'
It is the equivalent of a vehicle recall in which you drive to the dealer and they give you a wrench and say 'go crazy.'
They need to make this as easy as driving to your car dealership. They need to compensate anyone for any losses.
They provide a service to banks etc.
The credit agencies should be far more stringently regulated and required to reimburse people not just for any losses but for time and inconvenience'
4
Even if a hacker gains access to a company's data, there should be no way they can gain access to the ENTIRE database. Authorized users make inquiries on specific individuals. There should be NO WAY any authorized user (or hacker) is allowed to access everything. Companies should also be monitoring any attempt to make massive fetches. Really. Target. Yahoo. And now a credit database? It's time to make companies that store personal information personally responsible for it being stolen.
3
We shouldn't have to request freezes. Locked accounts should be the norm, as should a requirement that these companies contact us whenever there's any communication about us. That these outfits have access to our personal information is outrageous to begin with. That they lack sufficient cyber-sophistication and/or motivation to thwart hacks adds insult to injury.
7
So folks,
creditkarma.com will give you free credit reports for TransUnion and Equifax.
credit.com, fro a short term, will give your free credit reports fro Experian.
And then there is this: https://www.annualcreditreport.com
creditkarma.com will give you free credit reports for TransUnion and Equifax.
credit.com, fro a short term, will give your free credit reports fro Experian.
And then there is this: https://www.annualcreditreport.com
2
It is the federal government's fault that they allow entities, to use one's Social Security Number as some kind of ID.
This breach puts millions of Americans Social Security benefits and accounts in danger. Also, any account or ID which uses your Social Security Number, and all not by your choice. Example: Drivers License, Voter Registration, Medicare, Medicaid, Armed Forces IDs, medical records, taxing agencies, etc.
The way Equifax has handled this is criminal. More criminal, when you consider that several top level executives sold their Equifax stock, before announcing the breach. A breach they sat on fro over two months.
Caught in the middle are people like myself who will pay the price fro gross incompetence. Consider, no consumer gave permission for these companies to collect, store and sell their data. I already pay fro ProtectMyID, thanks to the T-Mobile and Experian breach.
Considering revenue was lost by free credit reporting, these companies could be allowing breached to sell services like ProtectrMyID. Pay, what amounts to graft, to prevent people fro stealing your ID.
Fraud happens even to those protected. Two fraud transactions on my credit car a month ago. Card closed immediately and new one re-issued. I'm still waiting for the bank to give me credit.
Washington is not going to fix this, because of powerful lobbies. So, a fact of life, pay these incompetent crooks to monitor your personal data.
This breach puts millions of Americans Social Security benefits and accounts in danger. Also, any account or ID which uses your Social Security Number, and all not by your choice. Example: Drivers License, Voter Registration, Medicare, Medicaid, Armed Forces IDs, medical records, taxing agencies, etc.
The way Equifax has handled this is criminal. More criminal, when you consider that several top level executives sold their Equifax stock, before announcing the breach. A breach they sat on fro over two months.
Caught in the middle are people like myself who will pay the price fro gross incompetence. Consider, no consumer gave permission for these companies to collect, store and sell their data. I already pay fro ProtectMyID, thanks to the T-Mobile and Experian breach.
Considering revenue was lost by free credit reporting, these companies could be allowing breached to sell services like ProtectrMyID. Pay, what amounts to graft, to prevent people fro stealing your ID.
Fraud happens even to those protected. Two fraud transactions on my credit car a month ago. Card closed immediately and new one re-issued. I'm still waiting for the bank to give me credit.
Washington is not going to fix this, because of powerful lobbies. So, a fact of life, pay these incompetent crooks to monitor your personal data.
7
I just tried to freeze my credit report at Equifax.
Guess what: THEY WANT A $10 FEE TO DO IT!
Is anyone else interested in pursuing a class action lawsuit against them?
These parasites need to be put out of business.
All of them!!!!!!!!!!!!!
Guess what: THEY WANT A $10 FEE TO DO IT!
Is anyone else interested in pursuing a class action lawsuit against them?
These parasites need to be put out of business.
All of them!!!!!!!!!!!!!
108
I was not asked for my credit card at Equifax. You might want to run that request through again. They may have waived the fee since you tried it.
Sounds good to me especially in view of the fact they didn't report this breech for two months and what about company members selling off their stock before the breech was reported. Where are they now, in hurricane territory robbing any assets that weren't damaged? Go back to day one of the existence of this company and tell me how they were able to collect information without someone applying for credit ratings. What were their rights?
1
This is a long standing practice. All 3 of the big companies charge to freeze accounts. Even if you lift it temporarily ..... they charge $10 to do that too
1
"And then there’s this: A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. "
Wait, you're saying if we have security freezes the hackers likely also got our non-replaceable pins for unfreezing?
I hope not because our bank only uses Equifax, hopefully they'll change to another agency.
Wait, you're saying if we have security freezes the hackers likely also got our non-replaceable pins for unfreezing?
I hope not because our bank only uses Equifax, hopefully they'll change to another agency.
7
I understand company execs sold millions of dollars in shares acting on insider information. Didn't Martha Stewart go to jail for that?
86
I read about that, too. I think they may be protected because they did not fully cash out on their positions. They retained enough stock to claim that these were normal transactions. That's what their claiming, anyway. I think they are liars.
1
@Tom:
No. She went to prison for making false statements to federal investigators.
Ironically, had she simply admitted that she had indeed traded securities guided by insider information it would have been far less problematic and damaging to her in the long-run than knowingly lying to federal agents. Why she chose to lie instead puzzles me, because the insider trading penalties were relatively trivial for someone with her wealth. It proves the wisdom of that ancient observation: "it's not the crime, but the coverup" that ruins you.
No. She went to prison for making false statements to federal investigators.
Ironically, had she simply admitted that she had indeed traded securities guided by insider information it would have been far less problematic and damaging to her in the long-run than knowingly lying to federal agents. Why she chose to lie instead puzzles me, because the insider trading penalties were relatively trivial for someone with her wealth. It proves the wisdom of that ancient observation: "it's not the crime, but the coverup" that ruins you.
Though the amoral, unethical, hateful Martha Stewart, a former board member of the New York Stock Exchange, clearly violated insider trading laws which she also pretended not to be aware of (really? sitting on the board of the NYSE and don't know what insider trading is??), she actually went to jail for lying to SEC agents. Sounds to me that they to the easy path to conviction as their was little doubt she was guilty, but it was far simpler to get her on the obstruction of justice type charges than to have to build a case with audit trail that involved her broker and ex boyfriend (which her daughter also 'dated' at one point) who feed her the inside information.
The execs at Equifax did sell a significant about of company stock before this story broke and though they pretend to not have known about it I doubt that will stand up to scrutiny. Hopefully they will be convicted and spend time in jail, but we are living in a time where ethics, morals, and just plain human decency is spit on by the president of the united states. Chances are they will get pardoned by the orange orangutan.
The execs at Equifax did sell a significant about of company stock before this story broke and though they pretend to not have known about it I doubt that will stand up to scrutiny. Hopefully they will be convicted and spend time in jail, but we are living in a time where ethics, morals, and just plain human decency is spit on by the president of the united states. Chances are they will get pardoned by the orange orangutan.
1
Equifax needs to be liable for any and all consumer losses related to this breach, which is obviously more than enough to put them completely out of business, to which I reply, "Good!"
33
Be careful about accepting their free monitoring offer. I've heard their terms might make it so that you can't benefit from a class action later.
20
From Robert Reich: Oh, but there's one catch: to access the site we have to sign away our right to take the company to court for any wrongdoing. Buried in the fine print is a provision that forces consumers into mandatory closed-door arbitration, and bars class action suits.
The arbitration process gives corporations the upper-hand in legal disputes by bypassing normal courts. These hidden provisions have been slipped into all sorts of contracts, from credit card forms to employment agreements.
The arbitration process gives corporations the upper-hand in legal disputes by bypassing normal courts. These hidden provisions have been slipped into all sorts of contracts, from credit card forms to employment agreements.
1
Today's Washington Post reports that, if you sign up for their free year of credit monitoring, you sign away your right to sue Equifax for any damages. (It's hidden in the fine print). Personally, I'd keep the right to sue. With luck, a massive class action suit will wipe the company off the face of the earth and we can begin again.
78
It's not waiving all rights for redress, but the credit file freezes are the most effective way to protect yourself anyway.
NPR reported this morning that the clause that removes your right to sue Equifax has now been removed.
They are pushing the year's monitoring for a reason. With monitoring you'd be informed of if/when your ID was stolen, ok fine, but it's stolen, then comes the long road to trying to reverse that. Their 'tool' to check if customers have been affected is a fraud, you can enter any number/word (they ask for the last 6 of SS #) and you'll see the same message output! I am assuming my ID & info has been stolen & WILL be used by criminals. The only practical option is to do a freeze.
1
I spent nearly three hours this morning trying to obtain my credit reports and put freezes on my accounts.
Equifax's systems were "down for maintenance" and couldn't provide my credit report, but ironically Equifax was also the only one that let me put a freeze in place - quickly and for free.
I was able to get my credit reports from Experian and TransUnion, but neither one would let me put a freeze on my account. Experian wants all sorts of documentation, including a copy of my driver's license and my SSN, sent to them through the USPS - as if that's not another fabulous opportunity for identity theft. TransUnion claims I already have an account with them, which I do not and therefore can't verify online, and I gave up trying to talk to customer service after 45 minutes on hold. For the immediate future I guess I'll have to rely on the Equifax freeze being enough.
Also, I resent being referred to as a "customer". These entities gather all sorts of very personal, private, sensitive information on us that we never gave them permission to collect, then require us to pay to keep them from distributing that information. You know what that is? Blackmail. We're not your customers, we're your victims.
In any event, now that these credit bureaus are under a glaring spotlight I can only hope that this epic fiasco eventually results in strict regulation and oversight. That would be a barn door/horse situation though, sadly.
Equifax's systems were "down for maintenance" and couldn't provide my credit report, but ironically Equifax was also the only one that let me put a freeze in place - quickly and for free.
I was able to get my credit reports from Experian and TransUnion, but neither one would let me put a freeze on my account. Experian wants all sorts of documentation, including a copy of my driver's license and my SSN, sent to them through the USPS - as if that's not another fabulous opportunity for identity theft. TransUnion claims I already have an account with them, which I do not and therefore can't verify online, and I gave up trying to talk to customer service after 45 minutes on hold. For the immediate future I guess I'll have to rely on the Equifax freeze being enough.
Also, I resent being referred to as a "customer". These entities gather all sorts of very personal, private, sensitive information on us that we never gave them permission to collect, then require us to pay to keep them from distributing that information. You know what that is? Blackmail. We're not your customers, we're your victims.
In any event, now that these credit bureaus are under a glaring spotlight I can only hope that this epic fiasco eventually results in strict regulation and oversight. That would be a barn door/horse situation though, sadly.
95
I can only hope that this epic fiasco eventually results in strict regulation and oversight.
Don't hold your breath. They're busy trying to destroy the Consumer Protection Bureau and sundry protections as we speak.
Don't hold your breath. They're busy trying to destroy the Consumer Protection Bureau and sundry protections as we speak.
2
I was shocked at the Experian requirements on the phone as well. When I went to their website, I could place a freeze without any of that documentation and paid a $10 fee online (despicable for sure). Why on earth they wouldn't allow this on their phone system is incomprehensible. I share your hope that effective regulation follows and yes, the timing would leave much to be desired.
I always found it somewhat amazing that private companies have all my information and can so easily affect my life. Add to this the fact that they are as unreachable as the white staticky phones in Kafka's The Castle—except without the angels singing in the background.
How is it this state of affairs became legal?
How is it this state of affairs became legal?
34
Naples, you made a very astute point which needs to be emphasized, so that it doesn't just breeze right past people. The point is implicit in your comparison of large corporations and the aloof governmental bureaucracy in Kafka's "The Castle."
The point which must be emphasized is that "Big Government" isn't the only threat, nor even the greatest threat, faced by ordinary people in maintaining some illusion of control over their lives. Alright, my cynicism is showing, as I used the word "illusion" because I do not believe anyone has control over his or her destiny -- nor do I believe in "Free Will" in the metaphysical sense, although I am content to live with the appearances of Free Will. Philosophical digressions aside, my point is that the Corporate economic structure is more dangerous than Government, because the Corporate economic structure owns Government lock, stock and barrel. Yet, the Corporate economic structure can be viewed as a necessary evolution in terms of how the economic problems of allocation, production and distribution are managed in a nation of 350 million people, and in a world of seven billion people.
There are two intractable problems. First, the problem that the non-democratic Corporate structure has fatally compromised governmental institutions which are at least THEORETICALLY democratic. The second and more serious problem is that most people are neither intellectually nor educationally qualified to think clearly about anything whatsoever.
The point which must be emphasized is that "Big Government" isn't the only threat, nor even the greatest threat, faced by ordinary people in maintaining some illusion of control over their lives. Alright, my cynicism is showing, as I used the word "illusion" because I do not believe anyone has control over his or her destiny -- nor do I believe in "Free Will" in the metaphysical sense, although I am content to live with the appearances of Free Will. Philosophical digressions aside, my point is that the Corporate economic structure is more dangerous than Government, because the Corporate economic structure owns Government lock, stock and barrel. Yet, the Corporate economic structure can be viewed as a necessary evolution in terms of how the economic problems of allocation, production and distribution are managed in a nation of 350 million people, and in a world of seven billion people.
There are two intractable problems. First, the problem that the non-democratic Corporate structure has fatally compromised governmental institutions which are at least THEORETICALLY democratic. The second and more serious problem is that most people are neither intellectually nor educationally qualified to think clearly about anything whatsoever.
2
Cynical indeed, but credible nonetheless, Out West.
Corporate tyranny is less easily addressed or redressed.
There need to be some serious lawsuits. And even then, their tentacles reach into the courts now. Don't they.
Corporate tyranny is less easily addressed or redressed.
There need to be some serious lawsuits. And even then, their tentacles reach into the courts now. Don't they.
1
The way credit reporting should work is for the credit report companies to contact the person whose credit is requested by a third party and get their permission to release it.
32
You know those credit card offers you always get? These firms sell your data to anyone who pays for it. They also charge fees to anyone to look at your credit report. And, now a new business, allow breaches so they can sell services to protect their identity. And, when fraud, or a mistake happens with one's credit report, the consumer must file mounds of paperwork to fix it, If it is even fixed at all.
2
Spot on. No-brainer, right? Except that's too much like work, and these companies exist only in cyberspace, alongside all our personal info, so their "work" is basically pushing this or that button occasionally, although they probably have an algorithm for that. Again, too much like work.
1
If you put a credit alert (instead of a freeze) on your account, they supposedly contact you if someone tries anything. Problem is, it's only good for 90 days; you have to deep redoing it! But it's free.
Someone or some entity might steal our identities after this breach? They have already been stolen, by Equifax!
34
Adding to the anger is the news that during the months-long lull of this breach up to the news release this week, employees bought out Equifax stock. They're getting rich off of their incompetence. Then Equifax still wants to fleece us with more of their "protection". Okay Congress... time to get off your behinds and go after these crooks and... Ah, nevermind... we're screwed!
29
I've had my accounts frozen for the past couple of years. Had to pay $10 to each agency to do it but what hell thats better than getting hacked
12
Experian is asking for $25/month for a freeze! Where did you go to get the $10 fee?
5
No! This deserves a class action lawsuit.
There must be NO FEE to freeze what does not belong to them. All of these fees should be recovered. Let's sue these parasites for the last penny and then fleece their CEOs and shareholders
Either way, they need to be put out of business!!!!!
There must be NO FEE to freeze what does not belong to them. All of these fees should be recovered. Let's sue these parasites for the last penny and then fleece their CEOs and shareholders
Either way, they need to be put out of business!!!!!
34
Except "And then there’s this: A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. That’s what happened here, and we will now spend years seeing what happens next."
1
And not one High Level Executive will go to jail for this! If anyone it will be a mail room clerk who forgot to activate the overnight switch on the IT system before he left for the weekend- Or it will be blamed on a temp employee earning $12.00 an hour. This is worse than the Russians hacking and interfering with our election. They screwed up and now we have to pay $16.95 a month for piece of mind? If God didn't want us sheared- he would have never made us sheep. BAAAAAAAAAA!
10
I am confused as hell...and annoyed as everyone else! Why should we have to pay these credit monitoring agencies for "freezing" our credit reports as suggested, as one of the protection techniques? The executives at Equifax knew about this breach in July and only chose to make this public yesterday. And, they sold their shares before announcing it publicly!!! This is a conspiracy for which I hope they are found criminally guilty and sentenced to jail in addition to forfeiting their gains. And, now Equifax and other two monitoring companies are getting rich from people having to sign up for their "paid" service to protect your credit information. What the hell???!!!!
79
The famed mythical "Capitalist Marketplace" where all things bad are corrected and basic morality requires that Equifax do these things.
First of all since not a single one of us ever consented to the credit agencies collecting and selling our data to include the false data that is placed on our record by bad actors and people seeking to harm us which they then force us to be responsible for, the onus is on them to fix the situation here including informing us if we have been compromised. They should have to send letters to every person whom has been compromised with an explicit yea or nay as to whether or not they were compromised as well as to any whom they suspect may have been compromised but cannot confirm. There should be no ambiguity of any kind in those letters.
Next they MUST provide credit monitoring and protection for free for life for every person whose data was at risk to include automatic credit freezes by all three credit agencies. Any cost for that freeze to be covered by Equifax. They have been making $Billions off of our information real and fake for decades without our consent they can use that money to pay the bills they have incurred here.
It is a simple fact that 143M (if that is the real number) people are not going to change their names, SS numbers or date of birth thus anyone who has been compromised is compromised for life. That is the length of the obligation this company has to those people.
First of all since not a single one of us ever consented to the credit agencies collecting and selling our data to include the false data that is placed on our record by bad actors and people seeking to harm us which they then force us to be responsible for, the onus is on them to fix the situation here including informing us if we have been compromised. They should have to send letters to every person whom has been compromised with an explicit yea or nay as to whether or not they were compromised as well as to any whom they suspect may have been compromised but cannot confirm. There should be no ambiguity of any kind in those letters.
Next they MUST provide credit monitoring and protection for free for life for every person whose data was at risk to include automatic credit freezes by all three credit agencies. Any cost for that freeze to be covered by Equifax. They have been making $Billions off of our information real and fake for decades without our consent they can use that money to pay the bills they have incurred here.
It is a simple fact that 143M (if that is the real number) people are not going to change their names, SS numbers or date of birth thus anyone who has been compromised is compromised for life. That is the length of the obligation this company has to those people.
38
On the recommendation of this author, I instituted a credit freeze at Transunion, Equifax and Innovis in a matter of a couple minutes. Equifax, on the other hand, makes it IMPOSSIBLE to institute a credit freeze. Dead links. Ring no answer phone lines. Inability to "upload" documents to prove your identity (WHY do I need to provide multiple forms of identification to block my data when the buyers of that data don't????). The only option to block my data promptly is to pay $25/month for their "credit lock" service, which is outright extortion. Absolutely outrageous. Equifax, shame on you.
29
I think you mean Experian as the firm that made it impossible to institute a credit freeze, not Equifax. Nothing but dead webpages, no pick-ups on phone. Yet, they have a link on their home page - "Concerned about the Equifax® data breach? Find out how Experian can help" - that provides some information, but all the links bring you to more dead pages!
6
Ooops, my mistake. I was so upset, I got the companies confused. it was EXPERIAN that extorts $25/month for CreditLock.
8
They each want $25 per month to freeze my credit? The Ghost of Don Fanucci is smiling. #extortion
4
This happened for the exact same deceitful and devious reason that Wells Fargo used private information to make more money illegally!
11
And the way they make such faux-profits is through dumping 'Negative Externality Costs' (virtual taxes) on us and what used to be our government --- with the aid of this Empire's 'extra-legal' sector.
4
Experian and TransUnion turned off their online security freeze application. You have to do it by mail. You can still do it online with Equifax.
3
I was able to do it just now on both TransUnion and Equifax. Experian is a non-starter via phone and website.
4
We should not have to. Our "credit" should be unhackable no freeze required. It should not be possible for anyone but us to use it. That is a level of tech and accounting knowledge that has existed since long before these criminals started up these extortion rackets. The only reason it is possible is because they make money off the criminals who steal our identity.
1
I had the same experience - Experian makes it very difficult to put a security freeze in place. This is a protection racket - weren't there laws against this? I feel like we're dealing with La Cosa Nostra
1
I also understand that Equifax senior executives knew of the breach for some time before the news was made public, allowing them to sell off some of their company shares before the stock price tanked. Is this true? If so, hopefully, they will be prosecuted for that as well.
27
Equifax should be penalized out of existence over this event. The government did it w/Arthur-Andersen as a warning to the other accounting firms, and it should do it here.
1 year free credit monitoring? How about 10 years?
1 year free credit monitoring? How about 10 years?
25
Having tried for the last hour-plus to place freezes on my credit reports with all three companies -- only Experian allowed me to do so -- I'm convinced that it's time for our federal government to move in and outlaw companies like these, once and for all.
Protecting all citizens' safety is properly the function of GOVERNMENT, not of the so-called "private sector."
Protecting all citizens' safety is properly the function of GOVERNMENT, not of the so-called "private sector."
24
I don’t think the Government can protect us from these cyber attacks, as the Government itself has been subject to massive ID theft. I was one of the people whose SS number and personal data were stolen in a 2015 cyber attack on the Office of Personnel Management (US Federal Government) that affected 22.1 million people. I entered their security clearance database when I served in Peace Corps. The Federal Government immediately notified everyone who was affected and provided 3 years of free ID and credit monitoring so we are covered until the end of 2018. By accepting the free monitoring service, I had to agree to a class action waiver. As former FBI Director James Comey said, “It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government.” Whether you were part of the 2015 OPM cyber theft or the current Equifax theft, there are no guarantees for our data security. As Mr. Lieber concludes in this article “we will now spend years seeing what happens next.”
1
I just tried to freeze my Experian credit report. They won't let me do it online and are asking me to send a treasure trove of documents through the mail (my identity). They only let me put a fraud alert on the account for 3 months, too.
I feel powerless.
I feel powerless.
14
Let me get this straight: In the near future, businesses will check with Equifax for credit reports on American citizens, and Equifax will tell those businesses that there is a "problem" with some customers' credit profiles -- without disclosing that the "problem" was the result of identity theft due to a security breach at . . . Equifax? What a racket.
20
As Chairman and Chief Executive Officer at EQUIFAX INC, Richard F. Smith made $11,937,463 in total compensation. Of this total $1,450,000 was received as a salary, $3,045,000 was received as a bonus, $0 was received in stock options, $7,323,095 was awarded as stock and $119,368 came from other types of compensation. This information is according to proxy statements filed for the 2016 fiscal year.
23
...so now it's our collective job to make that stock worthless!
5
Good advice from Mr. Lieber, except neither Experian or TransUnion's were working to enact a freeze online. Tried three times for both. So much for financial protection from those two.
5
Here's what needs to happen: Congress needs to stop taking bribes from this industry. Equifax needs to take complete responsibility for resolving all the problems. Anyone adversely affected by this breach should not have to lift a finger. Equifax should write blank checks for any and all harm it has caused. I think that about covers it.
24
I suspect some members of Congress are in the same boat as the rest of us - wondering if their personal information has been compromised.
Still, some will refuse to embrace the idea that government oversight is a good idea.
Probably the ones who haven't figured out that when they gut EPA clean air regulations, they and their loved ones have to breathe the same dirty air as he rest of us.
It's true. You can't fix stupid.
Still, some will refuse to embrace the idea that government oversight is a good idea.
Probably the ones who haven't figured out that when they gut EPA clean air regulations, they and their loved ones have to breathe the same dirty air as he rest of us.
It's true. You can't fix stupid.
16
Time to use biometric ID, eyes, finger prints!
4
Unfortunately, even our biometrics can now be faked electronically.
Was able to put credit freeze in place on both Equifax and TransUnion. No charge on Equifax this morning. TransUnion had $5 charge. Filled in all information asked for at Experian, then they denied my on line credit freeze request. Tried twice, denied twice. In tiny, nearly unreadable font they offer to accept my request in hard copy submission (yup, paper) which must include multiple documents including copies of bills, etc. I'm 77 years old and this is a big hurdle. Shame on Experian.
17
Beyond the myriad of problems this presents for consumers, the most disgusting thing about this is that Equifax's bigwigs sat on the information to dump their stock before this information was made public.
24
Spectacular lying, stealing and illegal actions.
This company should be shut down and its management placed in jail.
But the Republicans will DO NOTHING. Probably give them a tax break and congratulations on their 'success'.
This company should be shut down and its management placed in jail.
But the Republicans will DO NOTHING. Probably give them a tax break and congratulations on their 'success'.
28
The republicans created then in the reagan years. If the go out of business who is going to pay to protect their victims for the rest of their lives?
2
Going forward Equifax and the other credit reporting services should have to pay you for the information that they garner about you. Why should they be making money off you for free?
15
There has been a catastrophic levee breach!!!
It's time to send in the National Guard, the Navy Seals and the Green Berets.
Perhaps...in an effort to in some way justify their tax exempt status...Harvard, MIT and Stanford business and computer science / engineering departments should send in a "Manhattan Project" group of experts to straighten this out.
"Market forces" and the "the courts" just won't cut it and this incident is sure to cause a world of hurt for years to come.
Hurricanes, wild fires, earthquakes and now THIS. It has been quite a September. I guess Robert E Lee has been able to go back to sleep for now.
It's time to send in the National Guard, the Navy Seals and the Green Berets.
Perhaps...in an effort to in some way justify their tax exempt status...Harvard, MIT and Stanford business and computer science / engineering departments should send in a "Manhattan Project" group of experts to straighten this out.
"Market forces" and the "the courts" just won't cut it and this incident is sure to cause a world of hurt for years to come.
Hurricanes, wild fires, earthquakes and now THIS. It has been quite a September. I guess Robert E Lee has been able to go back to sleep for now.
6
This is a real opportunity for Trump. Everyone hates the big 3 (and little 2-3?) credit agencies. Mr Trump, get on twitter and blast away and watch your ratings soar!
4
Maybe it's time we lessened our dependence on computers.
4
Shakespeare needs an update: "Who steals my purse steals trash . . . But he that filches from me my data . . . Makes me poor indeed.”
But what makes that data mine? Who owns it? If I cannot control the data that comprises my identity, do I even have personal sovereignty? These data are valuable, they control if I can do business, borrow money, even pay my bills. But they are clearly not mine.
Moreover, the custodians of these data have not asked my permission to use them. They have not even asked my permission to have them. They probably harvested them at three steps removed from me—from my bank, my employer, or my dry cleaner for all I know.
We have checks on the use of our data for health care with formal steps to ask for and receive our explicit permission to use that data on our behalf. Why not for our identities? Where are the vaunted champions of personal liberty now? Why are they not outraged at this state of affairs?
Oh, sorry, according to OpenSecrets.org, Equifax Inc. Political Action Committee gave $100,000 to federal candidates in 2016. Sounds like a good deal for them.
But what makes that data mine? Who owns it? If I cannot control the data that comprises my identity, do I even have personal sovereignty? These data are valuable, they control if I can do business, borrow money, even pay my bills. But they are clearly not mine.
Moreover, the custodians of these data have not asked my permission to use them. They have not even asked my permission to have them. They probably harvested them at three steps removed from me—from my bank, my employer, or my dry cleaner for all I know.
We have checks on the use of our data for health care with formal steps to ask for and receive our explicit permission to use that data on our behalf. Why not for our identities? Where are the vaunted champions of personal liberty now? Why are they not outraged at this state of affairs?
Oh, sorry, according to OpenSecrets.org, Equifax Inc. Political Action Committee gave $100,000 to federal candidates in 2016. Sounds like a good deal for them.
16
Perhaps some lawyers can think up a class action...
3
If you sign up for the protection, the small print makes you agree to arbitration only, so yeah, Equifax has already figured that one out.
3
It seems our chronically lying President is not alone in his propensity for obfuscation. Welcome to America. This is why I find it so disingenuously hypocritical to just want to single out and dump on Trump as is so fashionable lately. He's nothing more than the mirror we look into. We can all say what we want to say about ourselves personally but collectively we are what we are. Equifax, Wells Fargo, et. al. Did not just manifest themselves out of thin air. Something built them. Now everybody look at someone else and see who you're looking at.
4
Look on the bright side, the execs made a killing on the stock before making the announcement. You do realize this will do nothing but get worse especially now that we have a president that wants to deregulate everything that has to do with money.
8
Solution: make the HIPAA laws apply to financial institutions.
--We doctors get a ( im not kiddong ) $10,000 fine per error. If my office staff by mistake dumps 10 pieces of paper with patient names in the parking lot on the wzy to the dumpster thats a $100,000 fine. If doctors and hospitals are forced to comply with draconian privacy laws ( and we succeed) then why not the other industries that have informatin.
--We doctors get a ( im not kiddong ) $10,000 fine per error. If my office staff by mistake dumps 10 pieces of paper with patient names in the parking lot on the wzy to the dumpster thats a $100,000 fine. If doctors and hospitals are forced to comply with draconian privacy laws ( and we succeed) then why not the other industries that have informatin.
38
Yes and Equifax influences millions of credit decisions forcing millions to pay usurious interest in loans making millions for creepy finance companies who put people in subprime loans for houses, cars. Equifax has the power to decide who gets students loans because the government decides a student's credit worthiness based on Equifax reports. Millions of employers use Equifax to decide if a potential employee is a "moral" human being because of Equifax. It turns out the ceo and his buddy are a bunch of crooks selling stock ahead of a hews release of a security breach. Who knew they were all a bunch of crooks.
4
I have yet to hear who might have stolen all this info. It seem after the latest stories about false Facebook ids, on-line bots spewing hate, Wikileaks, and possible voter suppression it's possible the real purpose of this theft is not financial, but political. What would the Putin Trump government like to do with all that info?
4
Why are they allowed to collect our social security numbers without our permission? How is that legal? Who is selling it to them?
17
Why do I face risk from their mistakes? Why is my responsibility to spend my time and money to repair what they have done?
Equifax should bear all the liability for the consequences. Ands among those consequences should be paying all fees for anyone wanting credit freezes anywhere.
For that matter why should any of these companies have the right to charge anyone for a credit freeze?
And why can there not be a one-stop credit-freeze registry ... rather like the do-not-call registry?
Equifax should bear all the liability for the consequences. Ands among those consequences should be paying all fees for anyone wanting credit freezes anywhere.
For that matter why should any of these companies have the right to charge anyone for a credit freeze?
And why can there not be a one-stop credit-freeze registry ... rather like the do-not-call registry?
13
Experian's freeze process is fraught with problems and ultimately errored out after entering all the required information then referring me to a phone number. I don't have the mental fortitude to go through a voice mail tree, then ultimately a frustrating customer experience, on my day off. I'll wait until I'm in work mode where dealing with incompetence is the norm.
4
Maybe we need to rethink the whole credit-card identity process. How about going with fingerprints instead of numbers? The credit card will have say a 1-inch by 1-inc block that is blacked out. My fingerprint will be electronically embedded in that blacked out area. (Credit card applications will contain a spot where we place our fingerprint, which is then copied onto the card when it's issued.) When I swipe the card, I'll also have to press my finger against a little electronic pad, which will compare what's on the card to the print being pressed on the pad.
108
Then the boyfriend wont be able to jump out the car, grab your card and fill the tank for you.
Merchants will have to add a nickel for the extra hardware.
Some merchants with windows 7 will have to decline your business because they wont be compatible with the new technology.
Driving on the PA Turnpike will be murder not knowing when and where you can gas up.
Merchants will have to add a nickel for the extra hardware.
Some merchants with windows 7 will have to decline your business because they wont be compatible with the new technology.
Driving on the PA Turnpike will be murder not knowing when and where you can gas up.
3
Agree that we need to rethink what 'identity' means in the 21st Century. Once we digitize something whether it be a social security number or a fingerprint, it is out there in some external database waiting to be hacked. The problem with digitizing physical attributes is that if these digital representations are compromised, we can't grow another finger or retina.
110
Once digitized fingerprints become the norm, hackers will figure out how to abuse that form of ID as well. The fingerprint on the credit card? They can create copies of your credit card with someone else's fingerprint on it. A digitized image of a fingerprint in a database? It is a digital photo. It can be photoshopped or replaced entirely. It just requires hackers to up their game.
I do not want credit report companies or my creditors having copies of my fingerprints. I just do not trust them them with this vital information. Likewise retinal scans.
I do not want credit report companies or my creditors having copies of my fingerprints. I just do not trust them them with this vital information. Likewise retinal scans.
4
Between the discovery of the breach and the disclosure to the public, Equifax execs dumped stock. Equifax execs compensation packages should be clawed back and put into escrow and their only reason for existence beyond today should be to repair the damage done. No more business as usual.
10
Also, while you're at it, go to all the online information databases and request your information be made private. They are required by law to give you this option though they may make you jump through a few hoops to get it done. But it's well worth it. Put your full legal name in quotes into google (you may need to add your city and state if your name is common) and see how many databases offer access to your address history. I do this on a yearly basis but if there's been no activity that triggers a report to local civic databases like a home purchased in your name or a divorce, then once removed, your information should stay off these databases until new civic activity triggers a reappearance.
It's ridiculous and slightly immoral that anyone can not only look up your name and address but also view your entire history of addresses as well as who your relatives are. This is not only ripe for identity theft but a fantastic tool for stalkers and predators! Outrageous!
It's ridiculous and slightly immoral that anyone can not only look up your name and address but also view your entire history of addresses as well as who your relatives are. This is not only ripe for identity theft but a fantastic tool for stalkers and predators! Outrageous!
7
Just now I went to the Equifax site to see if my data was secure or not. I went to the linked page from the article.
For last name I typed, "Trump".
For SS# digits I typed, "123456".
It's all nonsense of course.
Well, to make a long story short, Mr. Trump whose SS# ends in 123456 need not worry. His data is secure. Isn't that reassuring?
For last name I typed, "Trump".
For SS# digits I typed, "123456".
It's all nonsense of course.
Well, to make a long story short, Mr. Trump whose SS# ends in 123456 need not worry. His data is secure. Isn't that reassuring?
5
It's also outrageous that our Courts report cases directly to the credit reporting agencies. Who authorized that, our racketeers in Congress?
I don't know whether to be thankful or not, but I received 3 years of free monitoring and a fraud alert on my files in 2015, compliments of the Federal Gov't. That was a result of having my OPM file stolen, including my security clearance background info, in a massive hack while OPM was under the 'management' of an Obama appointee whose ONLY qualification for the position was being his National Political Director for his re-election campaign.
I have yet to be notified under that coverage that my Equifax file was hacked, but somehow that doesn't comfort me - it's already been stolen right under the nose of the Federal Govt. I've read that Equifax actually doesn't know whose files were stolen, so that probably explains lack of notification and ambiguous responses to inquiry.
Our whole political and financial system is corrupt. Neither wing of the Money Party in Congress nor anyone in the White House is going to help fix this situation because their primary interest is in the protection of the Cult of Capitalism.
I don't know whether to be thankful or not, but I received 3 years of free monitoring and a fraud alert on my files in 2015, compliments of the Federal Gov't. That was a result of having my OPM file stolen, including my security clearance background info, in a massive hack while OPM was under the 'management' of an Obama appointee whose ONLY qualification for the position was being his National Political Director for his re-election campaign.
I have yet to be notified under that coverage that my Equifax file was hacked, but somehow that doesn't comfort me - it's already been stolen right under the nose of the Federal Govt. I've read that Equifax actually doesn't know whose files were stolen, so that probably explains lack of notification and ambiguous responses to inquiry.
Our whole political and financial system is corrupt. Neither wing of the Money Party in Congress nor anyone in the White House is going to help fix this situation because their primary interest is in the protection of the Cult of Capitalism.
5
Thanks for this important article. Unfortunately, as of now (Saturday afternoon), only Experian is allowing me to set up a "freeze." The other two companies, whether contacted online or by telephone, are currently non-functional in this regard.
Great "service," huh?
Great "service," huh?
2
What should one expect from an economic system predicated on the idea that each individual should seek his/her own selfish interests? Couple this with the faith that somehow a mysterious hidden hand in the market will produce something other than selfishness for everyone, and our system is almost guaranteed to produce negligence. We reap what was sown.
5
This has been reversed. Elizabeth Warren started a twitter war and Equifax backed down from the arbitration clause.
5
Could someone please find a way to contact Equifax and tell them that the automatically generated PINs that they are currently handing out when you request a freeze are very insecure. Equifax is making a bad situation worse. I have tried, but have not found a way to contact them yet. I have not found a way to change the PIN. I have not found a way to supply my own pin.
1
I was told that I was NOT affected after entering information. FWIW.
So I am supposed to use an "online" form with my social security number to request a freeze? Really, I am being asked to trust any of the big three with their online security. Just try calling TransUnion @1 (855) 681-3196 and use prompt #2 to be routed to a person you get a recording that your call cannot be answered. If these firms really take this incident seriously, all three would be working around the clock to address customer issues in real-time and on the phone. Equifax's CEO and CTO should resign and perhaps the company should be liquidated after a settlement.
8
Equifax is illegally charging a fee of $10 to process a credit freeze I need due to THEIR NEGLIGENCE. It is illegal in my state to charge a fee for this service for seniors - over 65. Are they so incompetent that they can not figure my age? Or just insanely greedy? Both Experian and Transunion processed my credit freeze at no charge - which complies with the law in my state. Only Equifax - the cause of the problem - insists on charging me, in violation of the law.
7
Dear Congressperson:
I'm writing about the recent loss of personal credit information for 140 million Americans caused by the hacking of Equifax’s database. If you are like most people I know, you should share our sense of helpless anger at this company's negligence. I believe that organizations need to have financial & legal incentive to guard personal information. With this in mind I propose the following:
* Significant, proportional penalties for not reporting loss of information to affected consumers as soon as it is discovered. Equifax delayed its reporting by a month, compounding its bad behavior
* Similar penalties for the loss of such information itself. By significant & proportional, I mean that penalties must be meaningful relative to budget & quantity of information
* Replacing SSN & DOB with more secure means of identification. This is 2017 and we are Americans. We have the ingenuity & courage to do accomplish this
* Uniform best practices must be mandated for those guarding our information. These must be budgeted & rolled out across Federal and State institutions quickly, and periodically tested. Multifactor authentication must be made standard and offered as default to anyone with a mobile phone.
I am the cofounder of a small company, acutely mindful of burdens that regulations impose. Yet I feel such measures are hardly onerous. I hope you will take this message seriously and work to make an improved version of these suggestions a reality.
I'm writing about the recent loss of personal credit information for 140 million Americans caused by the hacking of Equifax’s database. If you are like most people I know, you should share our sense of helpless anger at this company's negligence. I believe that organizations need to have financial & legal incentive to guard personal information. With this in mind I propose the following:
* Significant, proportional penalties for not reporting loss of information to affected consumers as soon as it is discovered. Equifax delayed its reporting by a month, compounding its bad behavior
* Similar penalties for the loss of such information itself. By significant & proportional, I mean that penalties must be meaningful relative to budget & quantity of information
* Replacing SSN & DOB with more secure means of identification. This is 2017 and we are Americans. We have the ingenuity & courage to do accomplish this
* Uniform best practices must be mandated for those guarding our information. These must be budgeted & rolled out across Federal and State institutions quickly, and periodically tested. Multifactor authentication must be made standard and offered as default to anyone with a mobile phone.
I am the cofounder of a small company, acutely mindful of burdens that regulations impose. Yet I feel such measures are hardly onerous. I hope you will take this message seriously and work to make an improved version of these suggestions a reality.
8
The Equifax sign-up process for the "free fraud monitoring" is contorted and byzantine, seemingly purposefully making it painful and less likely that folks will actually complete the sign-up process. First, where they discuss and offer for "free" their TrustedID Premier monitoring product, there are no links to that product! You need to hunt around to find where to sign up. Once you find it, you cant sign up immediately--they give you an "enrollment date" some days following, at which time they say you can then "complete the enrollment process". But, they warn, you will get no reminder, so "dont forget to enroll" then. Wow. They hardly seem chastened by their derelictions.
1
The problem we get when there is corporate malfeasance and incompetence. They can't readily be held responsible for their actions. The principals can't be held responsible either. Ideally the police would shut down the business until the court cases are settled. If criminal actions are done by the company the assets are sold, injured parties are made whole and anythign left goes to share holders.
Equifax has been cheating customers with fake credit scores for years and id going to be fined. Way too little. They need to be shut down. Same as the other big criminal organization Wells Fargo.
Equifax has been cheating customers with fake credit scores for years and id going to be fined. Way too little. They need to be shut down. Same as the other big criminal organization Wells Fargo.
4
As someone who was part of the long-ago Anthem data breach I can say that one year is a joke. Day 366, someone tried to open a PayPal credit account under my name.
My data is still for sale on the black market.
The only protection is a total credit freeze. Then even YOU need to jump through hoops if you want to finance a new car, etc. Fine with me. I'll jump through any hoop I need to to avoid receiving new ATM cards for accounts I didn't open.
My data is still for sale on the black market.
The only protection is a total credit freeze. Then even YOU need to jump through hoops if you want to finance a new car, etc. Fine with me. I'll jump through any hoop I need to to avoid receiving new ATM cards for accounts I didn't open.
5
Now watch the credit bureaus and banks factor this breach into their assessment of the credit worthiness of those affected...
4
Yesterday, upon visiting Equifax to request credit monitoring, I received a pop-up advising me to visit a site next week to continue enrollment!
Now I will not because I will waive my rights. Besides,I have the same service provided free of charge from AAA road service. My best insurance is to freeze all my credit reports. Perhaps Congress or the credit reporting agencies will act now to provide service free.
Now I will not because I will waive my rights. Besides,I have the same service provided free of charge from AAA road service. My best insurance is to freeze all my credit reports. Perhaps Congress or the credit reporting agencies will act now to provide service free.
1
This breach never should have been allowed to take place. Now that is has federal government should get involved immediately. The social security administration and the Treasury Department should step in and create a special task force now. Congress should appropriate funds for this effort. We spend billions of dollars to prevent "terrorism," but the chance that citizens might become easy life-long victims of pirates that is apparently okay? Equifax apologized to "consumers." That's all we are to them--units of consumption whose money, savings, security is up for grabs. Is this democracy at work or the worst kind of laissez faire?
3
Equifax should be forced by law to extend FREE credit freezes for anyone who wants one. It is outrageous to see they are charging $10 for every freeze, and another $10 every time you want to lift it. That's $40 for a family of 4. Lets say 50 million people want one. Hmm... $500 million in sales overnight. This alone tells you what kind of morally bankrupt company this is.
822
Maybe they should have to pay the customers $10 for every freeze.... It's their own carelessness that caused the problem in the first place, so they're the ones who should be paying -- NOT their victims.
5
There's an overarching scam to the business that I'd like to raise. I've had 15-20 significant loans over 40 years (mortgages, car, student etc)- never missed a payment. Yet: if I'm late on a $26 cable bill my "score" drops 40 points. If I refi a mortgage, it drops because I've too much outstanding balance on the (NEW) loan; if I buy appliances for a remodel on my credit card (which I have always paid off each month) score drops for using too much credit; score dropped because I DIDN'T have a car loan.
BOTTOM LINE- anything THEY do to decrease the score, allows the banks to charge more interest for a loan. Now... the banks being the largest customers for the credit reporting companies.... CONSPIRACY THEORY? At a time when the bank would charge us an extra .5% to refi a mortgage IF my wife (and the cable bill) were on the loan and give me the better rate if I applied WITHOUT her income, the car company would give the same wife with the poor credit score a loan to sell a car, no problem.
NOW, the credit companies want to make their scores a job application criteria (with not data that it matters))
Too bad we don don't have a Consumer Protection Agency with teeth.....
BOTTOM LINE- anything THEY do to decrease the score, allows the banks to charge more interest for a loan. Now... the banks being the largest customers for the credit reporting companies.... CONSPIRACY THEORY? At a time when the bank would charge us an extra .5% to refi a mortgage IF my wife (and the cable bill) were on the loan and give me the better rate if I applied WITHOUT her income, the car company would give the same wife with the poor credit score a loan to sell a car, no problem.
NOW, the credit companies want to make their scores a job application criteria (with not data that it matters))
Too bad we don don't have a Consumer Protection Agency with teeth.....
1
Someone this morning (moments to this article) said that Equifax wasn't charging for freezes, so I called and put one on, I was not asked for any dollars. It may be different on line.
I understand that with the free one-year offer to monitor, Equifax also makes you agree (in small print) not to sue them.
4
Yes, it's been established they require arbitration and you give up your rights to sue. AG's of NY and PA have demanded they remove this.
2
We need our government to protect people again, instead of protecting business and profits at our expense. I can only hope we are on the far side of a pendulum swing that will soon switch directions abruptly.... There is historical precedence but I'm not optimistic.
7
Arthur Anderson was driven out or business for a far less serious infraction (suffered from that one, as well, thank you) We can do without Equifax, and it's time for the government to step-in on our behalf.
3
3 of Equifax's top execs sold 1.8 million dollars of their stock in August before disclosure of the June breach to the general public in Sept.
The company's ethos is obviously skewed to making money out of the breach.
This imperiousness is a result of a regulatory scheme that lets them act with impunity.
It's called an unregulated monopoly.
The company's ethos is obviously skewed to making money out of the breach.
This imperiousness is a result of a regulatory scheme that lets them act with impunity.
It's called an unregulated monopoly.
13
If you freeze your accounts, you will not get alerts. I froze my account a year ago after a dispute. You will receive no credit offers. That is the point of the freeze-no release of information, period. Don't expect competence from Equifax, I have had to deal with them. The less you interact with them the happier you will be.
5
The only responsible thing for Equifax, which has been making money on the backs of the public for no money, is to shut down and not re-open until this is fixed and recompense has been made to victims.
7
WARNING: If you request a credit freeze from the Experian company, and you live in a state where Experian is allowed to charge you for the request, then Experian will charge your credit card immediately, whether or not the request ultimately succeeds. In my case, Experian apparently has some faulty data on previous credit transactions (e.g. a Home Equity Loan application in 2017, and a street address where I have never lived), so the freeze request did not go through. Nonetheless, the company deducted the fee attempt.
8
I froze Experian, TransUnion and Equifax yesterday. None asked for a credit card or $ up front. Not sure how they might to charge me.
It's regulated by state laws. Different states have laws preventing credit agencies from charging for things, or regulating what prices they can charge.
Just checked on Equifax and indeed my data may have been affected. And then I was offered a 90 day monitoring service. 90 days. Not a year. 90 days. Didn't this breach take place over 90 days ago? So what does 90 days do for me? Give me a break. This is so frustrating. And yes, I was also affected by the Yahoo breach and Target breach. (And I'm sure others that I'm not even aware of.)
2
You shouldn't trust Equifax with any of this. If you want to pay for a monitoring service there are others out there. Don't give Equifax a dime. The fact that some of their execs sold stock prior to their announcement says a great deal about how the company operates
10
Well, Equifax continues to provide a disservice to consumers. My attempt to establish a credit freeze has resulted in my inability to unfreeze the account after their website failed to produce a pdf with my pin. My attempts to call their 24/7 phone number resulted in a message saying they are only available weekdays during business hours. So much for tripling their call-in staff assertion. I hope someone throws the book at them. Otherwise, another corporate America ripoff goes unpunished.
4
I am writing to my credit union and other financial institutions to ask them to stop supplying info to Equifax. I know this is a probably a waste of time, but they deserve to go out of business and this is the only way I can think of contributing to that end.
4
I gave them the 6 SS#'s and my last name, and was told my c.c. info had NOT been compromised, so I didn't go any further. So I guess not everyone has had the same problems as Mr. Lieber.
Where in the modern industrial societies, do these types of security breaches NOT occur?
Maybe we should be following their lead?
Just saying.
Maybe we should be following their lead?
Just saying.
Credit freeze does not protect. Was able to lift credit freeze without number, but with the information breach has made available. These three companies need to add additional layers of protection.
1
... And don't forget that a persuasive explanation for the delay in notification is that a number of senior executives dumped their shares before the markets could react. But then again insider trading is the Wall Street norm.
4
These companies collected our sensitive information, failed to protect the information, and now require us to pay for protection services. Outrageous! I will make the changes required to protect my information. Because of their oversight (greed), I will incur costs. I intend to bill Equifax, Experian and TransUnion to cover my time/costs. If millions of people do the same, we can make a statement.
4
Why is it always months after the break that they inform us? It always seems the danger might be past by the time we know anything.
2
I have tried repeatedly today to use Eperian's and Transunion's web sites to request a credit freeze. Both companies are making this unnecessarily complicated. Oddly, Experian's site processed the freeze right away. A plague on all their houses.
4
I froze all 3 yesterday online from my iPhone. Was quick and easy. Try calling their 800 #'s. Was all done through voice prompts.
1
Thanks.
In the meantime, spending all your cash and going into debt are reasonable alternatives—if you can pay later—as long as banks offer almost zero interest on savings and inflation continues to multiply prices for items like food, shelter and clothing. Otherwise, money on hand constantly diminishes in value.
I'm surprised that liberal financial reporters write so seldom on this subject. Isn't saving money part of the American Dream, and not being able to part of the reason why young couples cannot afford to buy a small house? And then there is the subject of retirement and fixed income with no savings to soften the hard edges...
I'm surprised that liberal financial reporters write so seldom on this subject. Isn't saving money part of the American Dream, and not being able to part of the reason why young couples cannot afford to buy a small house? And then there is the subject of retirement and fixed income with no savings to soften the hard edges...
1
AFAIK credit freezes are free for NY residents ($5 to unfreeze), yet at least one of the big three bureaus was asking for $10 from me to freeze my credit file. There needs to be some clarification about how much it should and shouldn't cost.
5
Someone posted the NYS law/regulation earlier -- here's the link to it:
https://www.dos.ny.gov/consumerprotection/pdf/Security%20Freeze031116.pdf
https://www.dos.ny.gov/consumerprotection/pdf/Security%20Freeze031116.pdf
Luckily, I live a frugal, low-credit, cash-based lifestyle with only an occasional (decadal, really) purchase that may require an active, stellar score. My last big purchase that required financing, a new car, was long ago paid off and the car is still driving well. I rent, so need there either for a high score beyond the basic check that I pay my bills. AT&T was happy to finance my new top-of-the-line iPhone based on my long history with them which along with my MacBook Pro bought for cash on Craigslist, are all the big ticket items I need, in addition to the car.
Thieves won't have any use for my little utilized credit history. I check in annually with the three companies just to confirm my credit score is indeed ignored and languishing until I decide to beef it up, for what I don't know. I have one low-limit credit card for car rentals and the like but use my visa-logoed debit card to make all my purchases. The small retirement accounts I have are independent of each other and paper based. I call up a real person and visit the branch when needed. No online management or credit lines that trigger reporting to Big Data companies. After my divorce, I swore off the credit-based lifestyle and haven't missed it. My life is rich and full without the headache.
If you aren't in need of the big financing a home purchase or business requires, why get tangled up with these loan sharks? If you adjust your lifestyle and focus, you can live with minimal credit and maximum freedom.
Thieves won't have any use for my little utilized credit history. I check in annually with the three companies just to confirm my credit score is indeed ignored and languishing until I decide to beef it up, for what I don't know. I have one low-limit credit card for car rentals and the like but use my visa-logoed debit card to make all my purchases. The small retirement accounts I have are independent of each other and paper based. I call up a real person and visit the branch when needed. No online management or credit lines that trigger reporting to Big Data companies. After my divorce, I swore off the credit-based lifestyle and haven't missed it. My life is rich and full without the headache.
If you aren't in need of the big financing a home purchase or business requires, why get tangled up with these loan sharks? If you adjust your lifestyle and focus, you can live with minimal credit and maximum freedom.
3
Don't be so naive. It isn't your credit history that thieves use. They use your birthdate and SS number to open new accounts. And even though you think your retirement accounts are paper-based, because you have never used online management, the thieves can use the identifying data from Equifax to open an online account for you.
3
I'm getting lost in all the changes... Do we still have an SEC and Justice departments in our country? Is there a reason that isn't obvious as to why they haven't jumped onto those Equifax managers that sold stock ahead of the announcement? A reason that the firm waited so long to report the breach? A reason to enforce protections onto these firms that have our data without our agreement?
I know I'm getting old and not paying close enough attention... But still, where is the government's response?
I know I'm getting old and not paying close enough attention... But still, where is the government's response?
6
They are working for the wealthiest - the International Mafia - The Top 1% Global Financial Elite Robber Baron/Radical religion Good Old Boys Cabal, Mr. Thomas. They want to get rid of every agency that might have protected 99% of us. Back to the good old 5th/15th centuries of supposed kings and peons. Pick one thing you value most about OUR government and fight like hell to save it because everything is under attack from inside and out. They want to kill OUR dream.
NO. This must not stand in America. Not now. Not ever again.
NO. This must not stand in America. Not now. Not ever again.
3
Thanks for the info, but courtesy of Home Depot, Target, Walmart, credit card companies, and any number of banks and other financial institutions who have been hacked over the years, this is old hat by now. We should be closely monitoring our credit history and accounts as a normal part of managing our finances. Indeed, as was recently reported regarding 1.4 million fake accounts created by Well Fargo, it is not just the hackers we need to fear.
2
I appreciate the author's advice, albeit daunting. I'd be shocked out of my seat if even 0.01% of readers of the article actually take all these steps and then follow up every four months for ongoing credit reporting. There's something deeply wrong with this system that effects virtually every adult American, and I know just the Congress and Executive to do nothing about it. Surely, it won't be corrected by the companies themselves.
2
I worked in IT for decades starting with mainframes. I was beyond offended when I was asked by virtually every company for my SS. That was supposed to have been changed years ago but our government got too cheap to enforce safety measures.
Portals to everywhere are hackable. I finally put my foot down and said I'm not using them. We've both been hacked and I went after one email hacker (I managed to find him and nailed him). We already have a fraud alert and a freeze on our credit.
Everyone, use the annual credit report and space them out. They're different, so review them carefully. I've already had issues with Equifax and am not surprised this happen and it may well cycle to other reporting companies. Remember, even with LifeLock, etc., someone collects your info and may use it.
Portals to everywhere are hackable. I finally put my foot down and said I'm not using them. We've both been hacked and I went after one email hacker (I managed to find him and nailed him). We already have a fraud alert and a freeze on our credit.
Everyone, use the annual credit report and space them out. They're different, so review them carefully. I've already had issues with Equifax and am not surprised this happen and it may well cycle to other reporting companies. Remember, even with LifeLock, etc., someone collects your info and may use it.
149
I have had a fraud alert on TransUnion (and the other two) since 2002 when I experienced I.D. fraud by thieves purchasing cell phones from major cell phone companies (including T-Mobile, Worldcom, and others at the time) using my Social Security number and a fraudulent address (the cell phone carriers were not verifying I.D. or Social Security numbers back then).
In 2002 I.D. theft was not as developed nor as common so I called Social Security and they referred me to the three credit reporting companies. At that time customer service agents were onshore in the U.S. TransUnion was very helpful.
Not after about 2008--very difficult to find ANY rep as the customer service phone wait times are horrendous and the customer service reps are OFF SHORE! Managing U.S. citizens' highly important credit information! I was shocked and astonished at the time and ever since when changing personal information like phone number or mailing address on credit report.
Furthermore, these offshore agents do NOT understand English well enough to understand a customer request. They put additional freezes on customer accounts when the customer request is a simple phone number change!
I reported this to the FTC in 2016 and received some standard form letter by email.
The U.S. has NOT been protecting its citizens in the most basic ways for the past two decades (including poor protection from catastrophic storms and gouging for housing, education and healthcare).
Wake up!
In 2002 I.D. theft was not as developed nor as common so I called Social Security and they referred me to the three credit reporting companies. At that time customer service agents were onshore in the U.S. TransUnion was very helpful.
Not after about 2008--very difficult to find ANY rep as the customer service phone wait times are horrendous and the customer service reps are OFF SHORE! Managing U.S. citizens' highly important credit information! I was shocked and astonished at the time and ever since when changing personal information like phone number or mailing address on credit report.
Furthermore, these offshore agents do NOT understand English well enough to understand a customer request. They put additional freezes on customer accounts when the customer request is a simple phone number change!
I reported this to the FTC in 2016 and received some standard form letter by email.
The U.S. has NOT been protecting its citizens in the most basic ways for the past two decades (including poor protection from catastrophic storms and gouging for housing, education and healthcare).
Wake up!
1
I have seen job applications at stores and fast food restaurants that ask for the SSN and DOB along with address, etc. And these applications are usually handed over to any ol' person behind the counter. That's not very secure at all.
I was casually looking at paperwork left on a counter in my examining room during a recent doctor's visit. My SSN was right there on it. I asked them why and they said they've always had it there but they couldn't see a reason why they needed it now that insurance companies don't use it for ID purposes anymore. So, they deleted that option.
Part of the responsibility for security does rest with us and, to borrow a phrase, "if we see something, say something." There's no reason why we must provide SSN, telephone numbers, DOB, and other important pieces of information to most of the people or entities that ask. Ask them why they need it and ask them to remove it if they don't need it.
I was casually looking at paperwork left on a counter in my examining room during a recent doctor's visit. My SSN was right there on it. I asked them why and they said they've always had it there but they couldn't see a reason why they needed it now that insurance companies don't use it for ID purposes anymore. So, they deleted that option.
Part of the responsibility for security does rest with us and, to borrow a phrase, "if we see something, say something." There's no reason why we must provide SSN, telephone numbers, DOB, and other important pieces of information to most of the people or entities that ask. Ask them why they need it and ask them to remove it if they don't need it.
I guess the Republicans were successful in "drowning the government in the bathtub", after all.
Contact your senators and congressional reps and demand they explan why a corporation is allowed so much information with so little regulation. And no consequences to the corporation, which is hoping to sell you protection against them.
It's called extortion.
It's called extortion.
688
The GOP and so-called POTUS don't want any regulation that might impede big business achieving maximum profits. When are we rising up?
1
When will the government stop using SS numbers for Medicare cards. One needs to keep them on one's person, where they can be stolen and used to get into all sorts of information. So many companies ask me for the last for digits of my SS number as proof of identification, it has become a sad joke.
Passwords are another vulnerability. Each company and agency requires a password and suggest a unique password. How many unique passwords can an individual remember before writing them dow in an accessible place?
It's time for the government to divert some money from unnecessary military military equipment and invest it in cybersecurity. That is where the danger to citizens and country exists.
Passwords are another vulnerability. Each company and agency requires a password and suggest a unique password. How many unique passwords can an individual remember before writing them dow in an accessible place?
It's time for the government to divert some money from unnecessary military military equipment and invest it in cybersecurity. That is where the danger to citizens and country exists.
258
I laugh sometimes about how absurd it is for a normal, modern mortal in this society to try and manage the increasingly untenable number and complexity of online passwords. And I have a tech background reaching back to the 80's!
I'm not confident that we have the political will to solve this problem... it's far too, er, SOCIALIST. Cue alarm bells and clutching of pearls (or pearl-handled sidearms).
A life that doesn't rely so heavily on personal security is becoming more and more appealing—maybe even a survival imperative. Honestly, this system is going to fail in some major way; maybe it just did.
I'm not confident that we have the political will to solve this problem... it's far too, er, SOCIALIST. Cue alarm bells and clutching of pearls (or pearl-handled sidearms).
A life that doesn't rely so heavily on personal security is becoming more and more appealing—maybe even a survival imperative. Honestly, this system is going to fail in some major way; maybe it just did.
1
Medicare cards should have a different ID from Social Security numbers starting in April of 2018.
See: https://www.cms.gov/Medicare/New-Medicare-Card/index.html
See: https://www.cms.gov/Medicare/New-Medicare-Card/index.html
2
There was an ad on television just a day ago with the usual older adults all happy because they will be issued new medicare cards without their SSI on them. So it is finally coming....I guess better late then never.
3
Equifax should "credit freeze" every single person on their lists. This means that nobody can get credit in your name/SSN without the agency contacting you personally. If you want credit, you can authorize it. If the hackers want it, they're not you and are out of luck.
When I read this article this morning I'd been planning to do the credit freeze things for all three credit agencies, but comments here suggest that doing so isn't working (presumably due to lots of people trying to do it). "Private industry is always more efficient than government, so everything should be privatized." Yeah, right.
When I read this article this morning I'd been planning to do the credit freeze things for all three credit agencies, but comments here suggest that doing so isn't working (presumably due to lots of people trying to do it). "Private industry is always more efficient than government, so everything should be privatized." Yeah, right.
20
Equifax should be put out of business for failure to protect our data, as Farhad Manjoo states so clearly. There are a number of fixes which are needed:
--Equifax is also a data broker, buying and selling our data, which should never be allowed
--Many states (led by California) have breach notification requirements, so we shouldn't have to ask Equifax (and give them more data) to find out. The fact that they haven't notified people should mean the assessment of huge financial penalties for that failure.
--Unfortunately, identity theft is hard to prove with regard to source of data, and can happen well in the future, so Equifax gets to skate on that one unless Congress or the states can come up with a solution
--Lieber is far too accommodating. Of course there should be free credit monitoring for life, and free freezes at all the agencies. CFPB and FTC need to resolve their jurisdictional differences and provide some relief for consumers, as fast as possible.
--State Ag's should be on the warpath to protect their citizens if Jeff Sessions is not. The least we should win is a vastly improved monitoring and freeze system, as well as far better data protection
--Oh yeah, those executives should a. lose their jobs, and b. face criminal charges for--unbelievable!--selling stock after they found out about the breach. How about a $10 fine for each compromised consumer? Not to mention doing time.
--Equifax is also a data broker, buying and selling our data, which should never be allowed
--Many states (led by California) have breach notification requirements, so we shouldn't have to ask Equifax (and give them more data) to find out. The fact that they haven't notified people should mean the assessment of huge financial penalties for that failure.
--Unfortunately, identity theft is hard to prove with regard to source of data, and can happen well in the future, so Equifax gets to skate on that one unless Congress or the states can come up with a solution
--Lieber is far too accommodating. Of course there should be free credit monitoring for life, and free freezes at all the agencies. CFPB and FTC need to resolve their jurisdictional differences and provide some relief for consumers, as fast as possible.
--State Ag's should be on the warpath to protect their citizens if Jeff Sessions is not. The least we should win is a vastly improved monitoring and freeze system, as well as far better data protection
--Oh yeah, those executives should a. lose their jobs, and b. face criminal charges for--unbelievable!--selling stock after they found out about the breach. How about a $10 fine for each compromised consumer? Not to mention doing time.
130
I was able to get copies of all three credit reports by calling
https://www.annualcreditreport.com/index.action
phone number: #877.322.8228. It was pretty straightforward. I did this after I tried to order them online but at a certain point the web site indicated that it was unable to continue to process my request. As others mentioned, most likely due to people responding to this article and the Equifax issue. You can also order your three credit reports from https://www.annualcreditreport.com/index.action by mail.
https://www.annualcreditreport.com/index.action
phone number: #877.322.8228. It was pretty straightforward. I did this after I tried to order them online but at a certain point the web site indicated that it was unable to continue to process my request. As others mentioned, most likely due to people responding to this article and the Equifax issue. You can also order your three credit reports from https://www.annualcreditreport.com/index.action by mail.
2
I am sure it will be a comfort to all to know that the Social Security Administration uses Equifax as its source for identity verification.
"Identity Services ProviderX
The U.S. Social Security Administration uses an external data source, or what we refer to as an “Identity Services Provider,” to help us verify the identity of our online customers and to prevent fraudulent access to our customers’ sensitive personal information. Equifax is the Identity Services Provider that provides identity verification services to the Social Security Administration. For more information, please visit www.Equifax.com, (Disclaimer)."
"Identity Services ProviderX
The U.S. Social Security Administration uses an external data source, or what we refer to as an “Identity Services Provider,” to help us verify the identity of our online customers and to prevent fraudulent access to our customers’ sensitive personal information. Equifax is the Identity Services Provider that provides identity verification services to the Social Security Administration. For more information, please visit www.Equifax.com, (Disclaimer)."
62
Time to delete them form ALL government references.
1
wonderful.
3
Thank you for this crucial piece of information. This should be a NYT Pick!
So, this is far worse than we imagined. Our own government has given the foxes the keys to the henhouse - actually, to every henhouse throughout the nation - and actually pays for the privilege with our tax dollars.
This entire credit data collection and reporting system and industry is corrupt and criminal.
So, this is far worse than we imagined. Our own government has given the foxes the keys to the henhouse - actually, to every henhouse throughout the nation - and actually pays for the privilege with our tax dollars.
This entire credit data collection and reporting system and industry is corrupt and criminal.
2
Do not sign up online for their supposed "free" monitoring service. I read an article in Bloomberg News this morning that says when you sign up for that you also agree that you will not sue them for the breach.
It is time for a HUGE Class Action lawsuit - generated by WE THE PEOPLE, not money-grubbing lawyers - to put them out of business. It's no wonder the Con Don and his Robber Baron brethren want to get rid of the Consumer Financial Protection Bureau. Senator Elizabeth Warren and President Obama put in place to protect 99% OF US from thieves like these. If your credit has been compromised go to the CFPB and file a formal complaint. Here is a link to the website:
https://www.consumerfinance.gov/
Meantime, WRITE A LETTER - using OUR United States Postal Service - to each credit reporting agency telling them to freeze your credit and to put the letter into your credit file as future proof. They are required, by law, to do it.
It is time for WE THE PEOPLE to stop letting the Robber Barons steal OUR lives. The time for action is NOW!
https://en.wikipedia.org/wiki/Consumer_Financial_Protection_Bureau
It is time for a HUGE Class Action lawsuit - generated by WE THE PEOPLE, not money-grubbing lawyers - to put them out of business. It's no wonder the Con Don and his Robber Baron brethren want to get rid of the Consumer Financial Protection Bureau. Senator Elizabeth Warren and President Obama put in place to protect 99% OF US from thieves like these. If your credit has been compromised go to the CFPB and file a formal complaint. Here is a link to the website:
https://www.consumerfinance.gov/
Meantime, WRITE A LETTER - using OUR United States Postal Service - to each credit reporting agency telling them to freeze your credit and to put the letter into your credit file as future proof. They are required, by law, to do it.
It is time for WE THE PEOPLE to stop letting the Robber Barons steal OUR lives. The time for action is NOW!
https://en.wikipedia.org/wiki/Consumer_Financial_Protection_Bureau
203
Better idea. Join or create a Class Action against them for current and potential damages.
3
FYI This waiver of rights has been removed.
njglea,
Do you have a source for the principle that credit reporting agencies are required by law to freeze credit in response to a letter requesting a freeze and that they must put the letter in your credit file? I'd like to cite the source of this obligation in my letters. I'm also curious about any steps I'd be required to take to prove my identity in the letter. Experian refused my online request for a freeze and said they needed a copy of a government issued ID card and a utility bill, bank statement, or insurance statement. Obviously, I'm not eager to send them anything.
Thanks!
Thanks!
Do you have a source for the principle that credit reporting agencies are required by law to freeze credit in response to a letter requesting a freeze and that they must put the letter in your credit file? I'd like to cite the source of this obligation in my letters. I'm also curious about any steps I'd be required to take to prove my identity in the letter. Experian refused my online request for a freeze and said they needed a copy of a government issued ID card and a utility bill, bank statement, or insurance statement. Obviously, I'm not eager to send them anything.
Thanks!
Thanks!
1
Of course, our pathetic President wants to ease all corporate regulations and dismantle the Consumer Protection Agency. I will never understand why he got a single vote.
92
People are beyond stupid. I had an argument with a family member (she's smart) who didn't see a difference between HRC and the moron dictator.
I wanted to slug her. So much for a really good education and there's no doubt she came to her senses by now.
I wanted to slug her. So much for a really good education and there's no doubt she came to her senses by now.
1
We need identifies whose key attributes, such as social security numbers and credit account numbers, possibly even names, are variable on encrypted bases. The only practical reason they'e fixed is for the convenience of government, in the tracing of earnings earned and taxes owed and to keep track of citizens for purposes of potentially criminal behavior pattern recognition; and to allow companies like Equifax to make money at manageable cost. We're going to need to figure out ways to keep an acceptably ordered society without granting such convenience to government.
Or we're going to need to tolerate the regular emptying of our bank accounts and the criminal exploitation of our credit lines, not to mention blackmail to keep private information private -- until it becomes more valuable to sell it than to blackmail us to keep it private
The difficulty in doing all this to protect ourselves is simply further evidence of the dangers of letting centralized government become so dependent on keeping its fingers in our lives and so powerful.
Or we're going to need to tolerate the regular emptying of our bank accounts and the criminal exploitation of our credit lines, not to mention blackmail to keep private information private -- until it becomes more valuable to sell it than to blackmail us to keep it private
The difficulty in doing all this to protect ourselves is simply further evidence of the dangers of letting centralized government become so dependent on keeping its fingers in our lives and so powerful.
7
Uh, no. It's not central government here. The only "practical reason" is government convenience? Proof source, please.
Equifax is a private company, in a largely unregulated industry. According to Ayn Rand (and Alan Greenspan), no company would ever allow this to happen because it would destroy their reputation i.ee., the would "self-govern." At least Greenie came clean (after Lehmann) that his whole philosophy was nonsensical. Again, the fiction that is Libertarianism/Randism/anti-regulation is proven to be hogwash.
And yet, it's adherents multiply.
Equifax is a private company, in a largely unregulated industry. According to Ayn Rand (and Alan Greenspan), no company would ever allow this to happen because it would destroy their reputation i.ee., the would "self-govern." At least Greenie came clean (after Lehmann) that his whole philosophy was nonsensical. Again, the fiction that is Libertarianism/Randism/anti-regulation is proven to be hogwash.
And yet, it's adherents multiply.
2
Not centralized government, but capitalistic corporations whose only goal is profit and not the common weal, like Equifax. You would prefer your personal information be handled by Equifax than the Federal government? Do not let your judgment be blinded by your politics.
2
The government is run by the corporations. The problem is not that we have a centralized government, a federal government. We need a centralized government to have the military. We can't have 50 armies or navies or air forces.
The problem is that the government is too weak to stand up to huge multinational corporations. They have taken over.
The problem is that the government is too weak to stand up to huge multinational corporations. They have taken over.
Changing the account numbers for all your credit cards might not be a bad idea. Opening new email accounts with different addresses (not just adding extra "throw-away" addresses to an existing account) would also help. Open the new email accounts first, then change the address you gave to various businesses that you deal with -- lastly, delete the old email accounts entirely.
I do not claim to be an expert, but these ideas have occurred to me. Did I miss something?
I do not claim to be an expert, but these ideas have occurred to me. Did I miss something?
3
Wouldn't deleting old email accounts make it possible for others to create them and reopen them?
I have a couple of cards and rarely use one. Bank of America (hopefully I can type that here) tells us every time they see a suspicious charge on our card. I wanted to leave them but the reality is they really are great tracking our spending and are great about quick notifications.
1
I'm not sure it's possible to delete old email accounts -- all you can do is abandon them and set up new ones.
1
Does anyone other than myself find this entire scharade about now having to actually PAY Equifax a not so cheap 'fee' for freezing their credit report a bit suspicious? I'm sorry, but something stinks to high heaven here. I refuse to pay this creepy outfit one red dime for their supposed 'security' malfeasance.
Something just isn't adding up. They wait first four months, then six weeks to notify the public about this 'breach'. Plenty of time to coordinate a plan to help their customers. Methinks, highly suspects this corporation is using this 'breach' as an excuse to extort millions for their own benefit. If it truly was a 143 mil breach. Where are the regulators?
Something just isn't adding up. They wait first four months, then six weeks to notify the public about this 'breach'. Plenty of time to coordinate a plan to help their customers. Methinks, highly suspects this corporation is using this 'breach' as an excuse to extort millions for their own benefit. If it truly was a 143 mil breach. Where are the regulators?
68
Follow-up: Innovis was able to freeze my credit without even clicking a check mark in the on line box that I am a victim of identity theft. I checked the "no" box, and voila, done. They will send me a verification letter by mail. We USED to be able to ask that these agencies freeze our credit information going forward without a problem, and, without paying a FEE. These data agencies garner enough revenue as it is through their coporate marketing relationships. Where is the outrage at this substandard behavior from Equifax.
4
when I went on line to freeze my credit report on thurs with Equifax, I was able to do so without a fee; good but they have done major damage to all of us & should be put out of business with their leaders prosecuted.
1
Experian has proved completely useless. Their link to "Concerned about the Equifax data breach? Find out how Experian can help." leads to a dead page. Attempts to create a security freeze on their site require submission of a police report. How is this useful in the slightest? I have to wait until I am robbed and before I can report the burglars camping out on my doorstep?
19
Whew...
thank goodness I have mediocre credit and maxed out credit cards.
thank goodness I have mediocre credit and maxed out credit cards.
27
Don't worry. For 16.95 you can download someone else's credit and apply for credit cards in their name :
That doesn't mean that the hackers can't use your data to open new accounts...
2
This is outrageous! How did these private agencies come to have so much power over our financial lives?
oh, wait, I know...because our financial system is based on fraud..Bernie Sanders is right.
oh, wait, I know...because our financial system is based on fraud..Bernie Sanders is right.
48
So I go to the site to request my free credit report. Not surprised that I have to give them the info that was stolen. And did you notice that the site is sponsored by Equifax?
6
If you do this, make sure there's an https:// in front of the addr. I'm not bothering. I'll run a report in a few months.
1
Unless the laws have changed, , if anyone uses my credit cards without my knowledge, the banks, not me, are responsible for the fraud. The same applies to my bank accounts. This is thanks to the Democrats who years ago legislated responsibility for fraudulent transactions on the lenders, not the victims.
72
Let's hope the current administration doesn't change that.
That may be true but it is you who will have to pay to clear things up & make them take responsibility.
1
That doesn't protect you from anyone taking out NEW credit cards using your identity.
1
SS loss solution is for IRS to open the issuance of Individual Tax Identification Number. IRS issues these to people who can't have SSN. But the law authorizing issuance of ITIN should prevent use as an ID outside of tax payment without the individuals authorization.
2
This situation is pathetic as republicans push to repeal legislation allowing consumers to take action when their information is stolen. Wouldnt a populist president speak out about this? Wouldnt that populist president work to ensure companies cant posess enough of ordinary citizens private information to ruin them financially? And now equifax expects ME to take action to safeguard my financial security by giving them more of my personal information and limiting my legal recourse. Absolutely pathetic. What has this country become of not a safe haven for the greedy capitolist corporations. We need a real populist president to actually do something for americans. The ordinary citizens just trying to put food on the table and a roof over their childrens heads deserve better.
25
The voters elected a faux populist President, so don't expect too much.
I tried twice to place a freeze on my Equifax credit report, both times failed. The site said I needed to snail mail them a letter with my personal information a check. Meanwhile, I was able to place a freeze @ Experian quite easily. Still had to pay for it, which was galling, but at least it's done. TransUnion took more work (had to create an account with them AND pay them!), but at least it's (supposedly) done. I never asked nor permitted these companies to have any of my private financial information. Now I have to pay them to keep it hidden from creditors! Borders on extortion.
57
I haven't had to pay for a freeze when I can produce physical evidence to the police. That info is sent to the credit scam company and I don't pay for reports. Unfortunately, it means we've hacked a few times and it's getting worse.
It doesn't "border" on extortion -- it IS extortion.
1
Experian: a very big scam by an offshore company with access to too much valuable information. A textbook example of the ill effects on users, of corporate cost paring for the benefit of a very few corporate shareholders.
13
I have not changed anything yet. It seems that Equifax is not competant enough to help their clients. I am not a client, just someone who may have their information stolen. I do not want to sign up for their "free" credit monitoring because it seems you give up all your rights when you do so. Aggravated!
8
"Why monitor a problem if you don't fix it?" So states the LifeLock ad. Similarly, one free year of credit monitoring is absolutely, totally worthless to everyone but Equifax, who are using this as a PR stunt to stave off - for the time being - their all but certain death at the hands of a class action lawsuit.
This might not have ever happened had I a choice in having my financial information being shared with and by any of these companies, and yet now I am being asked to pay for the failure of one of them.
This, imo, will require the Feds to step in and issue everyone new SS numbers, at the very least. I don't see a solution to this nightmare without starting there first.
Given the Russian meddling in our election system, should we not also be asking whether or not Moscow is behind this also, as a part of their cyberwar attack on our country?
This might not have ever happened had I a choice in having my financial information being shared with and by any of these companies, and yet now I am being asked to pay for the failure of one of them.
This, imo, will require the Feds to step in and issue everyone new SS numbers, at the very least. I don't see a solution to this nightmare without starting there first.
Given the Russian meddling in our election system, should we not also be asking whether or not Moscow is behind this also, as a part of their cyberwar attack on our country?
33
Well and good, but answer me this: If a crook applies for credit in your name and you didn't do it, isn't it fairly easy to set things right? It's happened to me, twice, and getting it rectified was simple.
Where are the real-life stories of folks truly, horribly. permanently harmed by identity theft through no fault of their own? I have not come across a single one. The banks and credit card companies eat these losses, not consumers. That's never made clear in these alarmist scare stories.
Where are the real-life stories of folks truly, horribly. permanently harmed by identity theft through no fault of their own? I have not come across a single one. The banks and credit card companies eat these losses, not consumers. That's never made clear in these alarmist scare stories.
2
August West writes, "The banks and credit card companies eat these losses, not consumers." Really?
The vendors where you use your credit cards pay a few percent for that. Those who don't pay off their entire balance each month pay more than a few percent.
The vendors where you use your credit cards pay a few percent for that. Those who don't pay off their entire balance each month pay more than a few percent.
3
While most people do not suffer significant out-of-pocket costs, as of 2014 14% of ID theft victims had losses, some of which had losses of greater than $1,000.
https://www.bjs.gov/content/pub/pdf/vit14.pdf
https://www.bjs.gov/content/pub/pdf/vit14.pdf
1
Consumers union also mentioned that "Equifax responded by sending consumers to a website where, by signing up for credit monitoring services, they could waive their legal rights to ever take Equifax to court, for any problem.'
I think its about time for Equifax to lose its corporate charter and all of its assets. This would be a nice warning to our parasitic financial industry.
I think its about time for Equifax to lose its corporate charter and all of its assets. This would be a nice warning to our parasitic financial industry.
47
Public hangings of the top brass at Equifax sounds pretty good right now...
All three credit bureaus should be stringently regulated by the federal government!! Right up there with banks and airlines. The bureaus possess more personal and important information about every person on earth, than any company or any other "entity" should be able to own and control--and control it they do. Aside from the obvious collusion between them and banks and every other retail or commercial entity, they treat "customers" with disdain and arrogance, as if THEY owned our information, personalities, spending habits, etc. Lock them down, regulate immediately. Equifax is the worst of the worst, which is all three of them. They do NOT serve the public interest, they serve the bank's interests. So what else is new?
16
Just tried to enter an on-line freeze at Trans Union...."unable to complete request." No idea why and when I called I went through the whole set up process and same result. PLUS their offices are closed until Monday morning. Nice!
3
145MM, out of 330MM Americans. And roughly 50% of American's have credit card, so that's almost all of American's with credit card.
Equifax needs to be shut and all cash from there needs to go to every American whose data was not protected by Equifax. It's their job, they collected and put in one place and choose to save money to protect, but have paid handsomely with their rich CEOs.
I will be suing Equifax, if anything happens to my credit. In fact, I can sue them now w/o as it is their job to protect my personal data.
Equifax needs to be shut and all cash from there needs to go to every American whose data was not protected by Equifax. It's their job, they collected and put in one place and choose to save money to protect, but have paid handsomely with their rich CEOs.
I will be suing Equifax, if anything happens to my credit. In fact, I can sue them now w/o as it is their job to protect my personal data.
8
Whew
thank goodness I have mediocre credit and maxed out credit cards.
our system based on fraud doesn't reward the good actors...and the rich will have concierge banking service to protect them.
way to go GOP and Wall Street! Another way to make the rich richer and the rest...good luck!
thank goodness I have mediocre credit and maxed out credit cards.
our system based on fraud doesn't reward the good actors...and the rich will have concierge banking service to protect them.
way to go GOP and Wall Street! Another way to make the rich richer and the rest...good luck!
7
We can only help that every elected official was included in this breach and that every one of them experiences the chaos of fouled credit, stolen identity and sleepless nights. Hope folks. Because if it doesn't affect them directly, we'll never get to the end of this.
13
It has been very helpful to have a credit monitoring service. Some are better than others and I've used up to three services at one time. There is one bank that has proven especially inept at credit protection while another bank has been superb.
The last episode was 4 weeks ago, the bank pounced on the crooks and covered 100% of the loss. Unfortunately this meant the shutdown of my (only) credit card just before going on a trip. And a few days later when FEMA tried to use my debit card to pay my (mandatory) flood insurance, the transaction was rejected as fraudulent. It is not a good time to have your flood insurance cancelled, which almost happened.
May I suggest a review of your accounts to confirm $0 fraud liability and subscribe to a good monitoring service. Each time someone attempts to open a credit account or makes an inquiry you are immediately notified. It's much better than being in the dark about what's going on at the credit reporting agencies.
Fingers crossed
The last episode was 4 weeks ago, the bank pounced on the crooks and covered 100% of the loss. Unfortunately this meant the shutdown of my (only) credit card just before going on a trip. And a few days later when FEMA tried to use my debit card to pay my (mandatory) flood insurance, the transaction was rejected as fraudulent. It is not a good time to have your flood insurance cancelled, which almost happened.
May I suggest a review of your accounts to confirm $0 fraud liability and subscribe to a good monitoring service. Each time someone attempts to open a credit account or makes an inquiry you are immediately notified. It's much better than being in the dark about what's going on at the credit reporting agencies.
Fingers crossed
4
Isn't it about time for 2factor authentication to be applied to credit checks.
I would require a text message confirmation for any credit access. For this to work the message would identify the requestor.
Sure some people don't have cellphones (but I don't know any). That's not a reason to impede progress for the rest of us
I would require a text message confirmation for any credit access. For this to work the message would identify the requestor.
Sure some people don't have cellphones (but I don't know any). That's not a reason to impede progress for the rest of us
16
It is time the credit companies start using bio metrics ( voice, facial recognition) to supplement identity verification.This technology is already available.
Why does the congress not pass a bill to make this mandatory ?
Why does the congress not pass a bill to make this mandatory ?
2
Because the last thing these companies need is access to my body.
2
Congress should pass this? Surely you are not serious.
When i call my financial institution they compare my voice with the one on file to validate any transactions i make.
In the same way, before a credit is taken in my name, can the same validation not be done?
It involves the credit companies to spend and upgrade their infrastructure which they are not going to do unless it is a law , to provide fail safe guarantees against identity theft...
In the same way, before a credit is taken in my name, can the same validation not be done?
It involves the credit companies to spend and upgrade their infrastructure which they are not going to do unless it is a law , to provide fail safe guarantees against identity theft...
Experian would not complete my freeze online, (and charged a fee in CA).
3
Yes and they used the excuse that the data I had entered could not be used (although I had already used it to successfully download the credit report).
To protect our income tax filings the federal and state governments should offer a PIN which must be submitted with your filing. Our social security numbers are no longer secure.
5
But what am I to do? I guess it all goes back to paper. To writing paper checks for paper bills with no information posted on the internet, just a paper transaction between me and the company or government office I am doing business with.
To really go back to the old days, make sure to have name address, social security number and drivers license number printed on the check.
If joint account, make sure husband info is also on check.
When you give the check to the merchant, it is
1. looked at by the cashier
2. looked at the end of the day by the bookkeeper for deposit
3. looked at by bank teller receiving deposit.
4. looked at by someone from merchant correspondent bank
5. looked at by someone from purchaser correspondent bank
6. looked at by someone at customer bank to authorize payment.
Of course, the checks do have to be printed.
1. Someone at bank will printing information
2. The printer will have someone look at and approve order
3. Someone at data entry will input info
4. Factory worker will look at the info to make sure it is properly formatted and printed.
4. After printing, auditor will review to make sure work was properly done.
Have to trust the shredding company.
Until Trump gets his agenda through, the IRS will want those checks kept in case of audit.
Those were the good old days.
To really go back to the old days, make sure to have name address, social security number and drivers license number printed on the check.
If joint account, make sure husband info is also on check.
When you give the check to the merchant, it is
1. looked at by the cashier
2. looked at the end of the day by the bookkeeper for deposit
3. looked at by bank teller receiving deposit.
4. looked at by someone from merchant correspondent bank
5. looked at by someone from purchaser correspondent bank
6. looked at by someone at customer bank to authorize payment.
Of course, the checks do have to be printed.
1. Someone at bank will printing information
2. The printer will have someone look at and approve order
3. Someone at data entry will input info
4. Factory worker will look at the info to make sure it is properly formatted and printed.
4. After printing, auditor will review to make sure work was properly done.
Have to trust the shredding company.
Until Trump gets his agenda through, the IRS will want those checks kept in case of audit.
Those were the good old days.
2
Tried requesting credit reports from each of the three online and all report "technical problems"
7
Ron,
Your colleague Farhad Manjoo wrote yesterday, "[T]he credit-reporting service that Equifax is offering customers affected by this breach requires people to waive their legal rights to sign up."
Knowing that, would you still recommend enrolling in the Equifax monitoring program? Do you know what rights I would be waiving by doing so? I'm not so keep on giving Equifax a pass on its transgression, and how useful is the monitoring service, anyway?
Your colleague Farhad Manjoo wrote yesterday, "[T]he credit-reporting service that Equifax is offering customers affected by this breach requires people to waive their legal rights to sign up."
Knowing that, would you still recommend enrolling in the Equifax monitoring program? Do you know what rights I would be waiving by doing so? I'm not so keep on giving Equifax a pass on its transgression, and how useful is the monitoring service, anyway?
25
If you go to the Equifax website about this incident, https://www.equifaxsecurity2017.com , you'll see that they are not applying their arbitration waiver to this incident.
2
And we should trust them because...???
2
Apparently, when you agree to Equifax's one year of free credit monitoring, you automatically agree to relinquish the right to sue, including as part of a class action suit. Check the fine print.
27
This is being challenged by multiple states attorneys general. I believe they will be successful. Keep trying!
1
My considered opinion is that companies such as Equifax should be illegal. We need a serious Privacy Act which would put the entire Snooping, Phishing, and Profiling Industry, which includes companies such as Equifax, out of business.
2
I just placed freezes with all 4 credit report companies, and I wasn't charged a fee by any of them
10
Perhaps someone else has written of this experience, but I did three of the four and likewise wasn't charged anything, but Experian wanted to charge $10. I say "wanted" because after I gave them my credit card number, I got a message that based on what I had entered they couldn't complete the transaction. No explanation (I tried more than once and was especially careful not to have typos) and no one to talk to to try to figure it out. I was on hold for about 45 minutes and gave up. So until I have time to work on this again, I'm left to wonder if my account with them is compromised or if they were just so swamped that they couldn't handle all of us.
6
I was charged $10 each for both my husband and me for a total of $60.
1
It apparently depends on which state you're in. $5 fee for MA, no fee for CA, etc.
2
Why no mention of the fact that if you sign up for the"free" monitoring, you may be giving up the right to sue or use arbitration? https://trustedidpremier.com/static/terms
11
I tried Experian and they offered $4.99 first month and $24.99 after that per month for a freeze. What a rip off! Clearly taking advantage of us. TransUnion couldn't process my request so I don't know if they have feeds. Equifax did make it easy to freeze but of course this is the least they can do.
10
It's never going to change. At least until our lawmakers grow spines and start writing laws that result in corporate executives--actual, live human beings--going to jail for this degree of criminal negligence. (Which, of course, means it's never going to change.)
33
Equifax compromised the financial data of millions of consumers. We're all advised to request credit reports, so I went online to do that.
After navigating a captcha screen with characters so unreadable (couldn't tell if they were caps, letters or numbers) and having to get an oral captcha, I requested my report from Equifax.
And whaddaya know, their "system is down--please try again later." They didn't even do me the courtesy to boot me along to the next credit agency to request my report from them.
Not to mention that their solution to this miserable mess is to give you free credit insurance (which they provide) for a year, after which they'll start charging you for a problem they created.
I frankly hope this company is put out of business by this--after it pays every consumer whose info was compromised in this debacle something to make up for the personal time we've had to spend cleaning up their mess. We don't ask for these people to collect our data. We have to PAY to stop them from selling it to the people who litter our mailboxes with credit offers. They either don't correct errors in your report or take forever to do it--I once refinanced a mortgage, and the previous lender never issued the required release of lien. Despite that fact that I have faxed AND mailed and now send scanned copies of the mortgage payoff letter, that lien STILL pops up in my report when I have to renew my home equity line of credit.
After navigating a captcha screen with characters so unreadable (couldn't tell if they were caps, letters or numbers) and having to get an oral captcha, I requested my report from Equifax.
And whaddaya know, their "system is down--please try again later." They didn't even do me the courtesy to boot me along to the next credit agency to request my report from them.
Not to mention that their solution to this miserable mess is to give you free credit insurance (which they provide) for a year, after which they'll start charging you for a problem they created.
I frankly hope this company is put out of business by this--after it pays every consumer whose info was compromised in this debacle something to make up for the personal time we've had to spend cleaning up their mess. We don't ask for these people to collect our data. We have to PAY to stop them from selling it to the people who litter our mailboxes with credit offers. They either don't correct errors in your report or take forever to do it--I once refinanced a mortgage, and the previous lender never issued the required release of lien. Despite that fact that I have faxed AND mailed and now send scanned copies of the mortgage payoff letter, that lien STILL pops up in my report when I have to renew my home equity line of credit.
27
Are these companies not accountable to anyone. There's HIPAA, banking regulations, etc. Everything one has to follow rules. Why not these guys? What about Congress or the Senate. Maybe it's time to go to new SSN, possibly add another ouctet to the SSN.
17
This is the same lame response I got to the OPM breach of federal employee data.
If this rich and smart country can't figure out a way to secure data, then we're all getting shafted by giant global corporations who pay off Congress to keep us unsafe.
Cybersecurity costs money. It's time corporations paid it, either on their own or by heavy taxes to offset the risks to hapless citizens.
If this rich and smart country can't figure out a way to secure data, then we're all getting shafted by giant global corporations who pay off Congress to keep us unsafe.
Cybersecurity costs money. It's time corporations paid it, either on their own or by heavy taxes to offset the risks to hapless citizens.
32
"This is the same lame response I got to the OPM breach of federal employee data."
You mean our titans of corporate America, who deride anything done by the federal gov't as substandard and who praise themselves for their creativity and productivity honed by keen competition in the market, simply copied a lame response from the (gasp) gov't that they claim poses the greatest threat to their altruistic activities?
indeed, Occupy, security costs money, and it's apparent that the finance folk, just like their airline cousins, don't want to pay for it. This is just another manifestation of "privatize profit, socialize risk"--all the while clucking about one's superior sense of "personal responsibility."
You mean our titans of corporate America, who deride anything done by the federal gov't as substandard and who praise themselves for their creativity and productivity honed by keen competition in the market, simply copied a lame response from the (gasp) gov't that they claim poses the greatest threat to their altruistic activities?
indeed, Occupy, security costs money, and it's apparent that the finance folk, just like their airline cousins, don't want to pay for it. This is just another manifestation of "privatize profit, socialize risk"--all the while clucking about one's superior sense of "personal responsibility."
3
Turnabout is fair play. If Equifax can score us based on our level of responsible behavior; we should, likewise, be able to score them.
25
Can you give grades in negative numbers?
1
Meanwhile, the Republicans in Congress are trying to stop the Consumer Protection Agency from protecting consumers from these rapacious credit agencies. They actually want to roll back protections that were due to go into effect next year. I'll never vote for another Republican in Congress.
305
@Jay: I'll go you one better: I'll never vote for another Republican for anything. It just encourages them, and they need to know they way they're running this country is unacceptable.
3
Why did you EVER do so? Too bad you can’t see how destructive their data-free ideology is until if affects your wallet.
2
@Janet Camp: Let me clarify: I am very old and have lived through times where NOT every Republican was what Republicans are today. (And though I'm not THAT old, you may want to remember that Abraham Lincoln was a Republican!)
That said, the GOP these days is simply the party of no morality at all.
And you need to keep your own mind open, b/c closed minds are the hallmark of modern-day Republicans.
That said, the GOP these days is simply the party of no morality at all.
And you need to keep your own mind open, b/c closed minds are the hallmark of modern-day Republicans.
2
Thank you for this report. The websites to Equifax, Experian, and TransUnion are not working properly- probably from the enthusiasm generated by this report and the helpful links. In all seriousness, thank you. I hope everyone follows through.
11
Why do we need *three* credit-rating agencies? Just asking....
20
Competition. Monopolies are not in our best interest.
3
For me this is a gimmick. Many years ago my electric company alleged the same, so supposedly I received a one year subscription to Equifax identity protection program, with the inconvenience that the same was never removed, for which has been impossible for me me to access some creditors. Nonetheless, Equifax has kept offering the so called "protection" plan for $19.95, or so. Government must investigate because customers are slaves of this credit companies.
11
An outrageous example of gross incompetence and negligence. If this doesn't wake up the 'deniers' of the need for regulation, I don't know what will. In the meantime, the simplest solution is for the federal government to mandate to ALL credit reporting businesses that they must offer free lifetime credit protection and credit reporting freeze services; this should just be part of the business model.
As it stand now, us chickens have to literally pay the foxes to keep the hen house safe. It's blackmail.
As it stand now, us chickens have to literally pay the foxes to keep the hen house safe. It's blackmail.
84
This is now ridiculous. Now I've paid $30 ($10 to each of the organizations) to freeze my credit. That is, I've paid them, and given them my info all over again when I registered, to do what they should have done before- protect my data. I'm sick of this and feel helpless to control them, my data, hackers, the internet safety protocols, or my finances. I've done everything advised, have not delayed in updating my computer security features, etc. and this still happens. It's unforgivable, and yet I'm stuck, a tiny shrimp in someone's net. I hate this whole system.
302
Equifax freeze is now free. Ask for refund, if you can figure out how
I hear you!! I've done everything possible to protect myself online: password manager, robust security, two-step verification, everything. And some company that I didn't even purchase a service from literally dumps my private data into the laps of hackers. It makes me sick. Signed, a tiny shrimp just like you.
Why doesn't Equifax put a freeze on all accounts? For that matter, why didn't they do it immediately upon learning about the data loss? No reason anyone should pay them for this, they are at fault.
501
@wylee: Your suggestion that Equifax should have put a freeze on all accounts is FAR too logical, that's why Equifax didn't do it. It would have required them to THINK, and also to care about their "customers" (meaning all of us whose data Equifax has illegally gathered & which is happily re-sells).
Equifax is determined to make $$$ on this fiasco, and will continue raking it in, certainly unimpeded by anyone in the Trump administration.
If there is any justice left in this country, Equifax needs to go bankrupt and its head honchos should all be in prison.
Equifax is determined to make $$$ on this fiasco, and will continue raking it in, certainly unimpeded by anyone in the Trump administration.
If there is any justice left in this country, Equifax needs to go bankrupt and its head honchos should all be in prison.
3
Because as long as they have a freeze on all accounts, they have nothing to sell to businesses that ask for credit information on us. Kind of like a grocery store with no groceries.
1
Of the three major reporting agencies, why is EQUIFAX NOT accepting online freezes!
I tried freezing both my and my spouses account, got through the payment process, and then it returned a message saying I'd need to send a letter through the mail.
The others worked just fine.
I tried freezing both my and my spouses account, got through the payment process, and then it returned a message saying I'd need to send a letter through the mail.
The others worked just fine.
11
Had 3 of these companies give me credit card reports almost 3 years ago. Since these companies cannot tell me for sure if my info has been hacked, why should I go their sites, log on and MAKE SURE they have my Social Security number. I think I will take my chances for now.
13
What the thieves will go after is filing claims for the Earned Income Credit on phony tax returns. They have all the information including the required verification. This will delay refunds to the needy, cost us all money, and allow Republicans to again wail about the fraud in the program that causes the poor to cheat the real hardworking Americans.
28
It is clear that we are losing the ability to protect online content as sites like antivirus companies, the CIA and NSA have been hacked. The foundations of our new economies, societies and governments are being built on sand, but like lemmings we ignore the threat and in masse head for the cliff while chimping on our phones. Different governments have been involved in the problem, and the threat will require international cooperation to identify, purse and bring the hackers to justice. One of the reasons for addressing the threat as a high priority is that it has the ability to become one of the most insidious forms terrorism, where anyone can make their grudge felt.
Any data being gathered needs to be encrypted, and we need to hold companies and government agencies who fail to do so accountable.
Any data being gathered needs to be encrypted, and we need to hold companies and government agencies who fail to do so accountable.
19
Let's see. Gross negligence, Insider trading and who knows what else. It would be nice to see those responsible for this actually wind up in in the dock for it. assuming I'm on the list, it's not because I chose to trust them with my personal information. I was coerced. And yet, it appears, again, that those responsible for a financial calamity will end up profiting from their malfeasance while the rest of us will pay for it, again. Can I count on Equifax to compensate for the time I'll have to spend sorting my small portion of this mess out? Didn't think so.
The company should be out of business, its stock selling executives in jail, and every employee above the level of file clerk, blackisted to a decade.
The company should be out of business, its stock selling executives in jail, and every employee above the level of file clerk, blackisted to a decade.
40
This is now the story of our lobbyist-dominated times. Government and companies that are supposed to be protecting us from natural and manmade disasters are released from responsibility in exchange for campaign dollars. Credit, flood control, wind damage, air pollution, climate change--let's face it, we're largely on our own as far as anything the Federal government touches, at least for the next few years. This is the Citizens United system working perfectly for the people who designed and paid for it.
In the face of this reality, we need to work with our neighbors on locally-based protections and services. Sign up for Nextdoor.com, get to know nearby food producers through farmers' markets, find a well-trained physician in your neighborhood, get solar panels on your roof. This isn't the system that you or we probably wished for or worked toward, but given the nation's collective dysfunction, what choice do we have?
In the face of this reality, we need to work with our neighbors on locally-based protections and services. Sign up for Nextdoor.com, get to know nearby food producers through farmers' markets, find a well-trained physician in your neighborhood, get solar panels on your roof. This isn't the system that you or we probably wished for or worked toward, but given the nation's collective dysfunction, what choice do we have?
9
I too used to rely on checking my free credit report every 4-5 months, but a few years ago following an embarrassing lapse in personal judgment (okay, I fell for a phishing scheme) I signed up for credit monitoring. That came in handy this August when someone applied for a credit card using my name, social security number, and date of birth and I was notified in time to call the bank and have it denied. The slight silver lining in this is that I have now asked the credit agencies for a seven year fraud alert. I did wonder where someone got my info (Target? Another breach?) but now I suspect it came straight from Equifax. For what it's worth, IRS Form 14039 can be filled out to alert them to identity theft. Thank you for writing about this, and good luck to us all.
10
The Equifax checking site did report that I (and my family members) were unlikely to have been affected by the breach. Then I followed your link to freeze my report and was taken to the Equifax page that asks for all my personal details. While I'd like to freeze those reports, it seems really, really stupid to voluntarily put all that data into a system that has just been hacked.
My son works in computer security (conversations with him impact my sleep) and helps students of Comp Sec by breaking into systems they protect (and professionally he breaks into his company's servers to find their flaws) and one of the techniques is to leave a small piece of code buried deep that can be woken at a later time to restore a nefarious connection. What I am saying is that it is completely possible that Equifax's systems are still compromised but no one knows it.
The proverbial rock and hard-place.
My son works in computer security (conversations with him impact my sleep) and helps students of Comp Sec by breaking into systems they protect (and professionally he breaks into his company's servers to find their flaws) and one of the techniques is to leave a small piece of code buried deep that can be woken at a later time to restore a nefarious connection. What I am saying is that it is completely possible that Equifax's systems are still compromised but no one knows it.
The proverbial rock and hard-place.
18
This is a crime of the greatest magnitude -- just about every American who works, owns a home or has a credit card or car loan has been irreparably harmed. This may be the single largest attack on the US financial system with more significant repercussions than the mortgage crisis. If they admit to 143 million people hacked, you can be sure the number is greater. And like BofA, the cover-up will prove to be even more harmful than the malfeasance. Management should face a congressional committee and then criminal charges -- dereliction of duty to customers and shareholders not to mention outright lawlessness.
23
Also take care to register your children's SS and credit freeze for them. They may not have any bank accounts or credit now, but that could make them more vulnerable, since they don't regularly check bank or account balances. Someone could use their SS and other identity to create an entire person, and they might not find out until HS or college age arrives and they begin to open accounts.
200
Yep, happened to me! Went to take out a loan after college to find out that SEVERAL identities had been created using my social security number. One comfort I can take in all of this is that when I applied for a credit report from Equifax a few years ago, they told me I died in 2008 (I didn't), and have yet to update my info. Thieves are welcome to that fake identity!
1
Brooklyn, Can you explain what it means to "register your children's social security" numbers and how one goes about doing this? Thanks.
1
I am sorry. Why'd I have to do all these when clearly it is Equifax's problem to fix. And I have not authorize Experian & TransUnion to release my info, especially to fraudsters for that matter.
If they don't do due diligence, they don't deserve to be a business entity, let alone such a strategic one.
This is the time to push back and demand them and our government to do the right thing, considering people are powerless to do it. And your suggestion is a cop out at best and maybe even an enabler
If they don't do due diligence, they don't deserve to be a business entity, let alone such a strategic one.
This is the time to push back and demand them and our government to do the right thing, considering people are powerless to do it. And your suggestion is a cop out at best and maybe even an enabler
64
Not a single consumer in the Equifax database has signed an arbitration agreement. Therefore, everyone who has been harmed is free to sue in their local courts. If you suffer any sort of financial damage because of their negligence, you can spend the $15 and file at your local small claims court. They're easy enough to serve, and once they've been served, they have to send an attorney to contest the case. If it looks like you have any sort of claim, they will probably offer to settle.
Just remember, you have to have an actual financial loss for such a case to succeed. But many people will probably have to spend a lot of money cleaning up identity theft problems. Carefully document all your expenses, and include them in your filings.
Just remember, you have to have an actual financial loss for such a case to succeed. But many people will probably have to spend a lot of money cleaning up identity theft problems. Carefully document all your expenses, and include them in your filings.
34
If you sign up for the one year free credit monitoring, you automatically agree not to sue Equifax. It's in the fine print.
9
There is an arbitration agreement attached to the online form, Jonathon. Do not use it.
3
Your last paragraph pointing out the potential vulnerability even if you freeze your credit file covers my situation.
As a previous victim of identify theft, I've had a security freeze in place with all three reporting agencies for years. Yesterday I went to the web site Equifax set up to inform you if your data has been stolen and learned that my data, as well as my husband's, has been affected.
Now I'm wondering if the passcode I use to freeze and open my file at Equifax, which I happen to have done for 10 days in July (!), has been stolen as well.
Equifax needs to pay a heavy price for putting half the country at risk due to its sloppiness. I hope this will be a nonpartisan issue.
As a previous victim of identify theft, I've had a security freeze in place with all three reporting agencies for years. Yesterday I went to the web site Equifax set up to inform you if your data has been stolen and learned that my data, as well as my husband's, has been affected.
Now I'm wondering if the passcode I use to freeze and open my file at Equifax, which I happen to have done for 10 days in July (!), has been stolen as well.
Equifax needs to pay a heavy price for putting half the country at risk due to its sloppiness. I hope this will be a nonpartisan issue.
262
I think they have put far more than half the country at risk. The number of citizens over 21 was about $220,000,000 as of the last census. 143,000,000 is about 65% of that figure. Plus, many households have only one person establishing a credit history, and some have none. I agree with others that the heavy price paid by Equifax should be extinction.
2
Not a single Fight Club reference? This is the end of capitalism, ladies and gentlemen, as all our assets (plus some new loans) are converted to bitcoin by hackers. This could also be the end of free society, as we will now need a registered database of fingerprints and retina scans to prove we are who we say we are. (which will also be hacked)
The one potential upside? The rich have more to lose than the rest of us.
The one potential upside? The rich have more to lose than the rest of us.
17
So Equifax's website told me I might have been hacked, and offered to enroll me in. . . what? I have have no idea. In any event, I have to wait until Wednesday, 9-13 to "finish the enrollment process." Say what? The thieves have nearly an additional week to do their dirty work stealing my identity? That's not helpful.
27
So I called the phone number they provided, and after 10 minutes on hold, got to talk to a woamn who told me I had to wait to enroll "because so many people are trying to access the website, even people from Canada it might take a while to enroll."
Then she also told me Equifax's website "IS TELLING EVRYONE their data might have been compromised" and "you won't know for sure until you get 'the letter' from Equifax that will take an additional 7-14 days to arrive."
So now it looks like it could be nearly 3 weeks until I know, and they have to rely on the good old USPS to deliver the news. Wow.
Then she also told me Equifax's website "IS TELLING EVRYONE their data might have been compromised" and "you won't know for sure until you get 'the letter' from Equifax that will take an additional 7-14 days to arrive."
So now it looks like it could be nearly 3 weeks until I know, and they have to rely on the good old USPS to deliver the news. Wow.
7
These thefts could be prevented, throughout the financial and credit industry. in 5 minutes: 100% forfeiture of executive pay and board member compensation for the preceding 5 years for every breach of security, as well liens on future earnings, should that forfeited compensation not cover the losses, with consumers to be compensated at the hourly rate of the CEO, for every minute devoted to the matter.
239
If you have credit of any kind, including a mortgage or a car loan, not just a credit card, you did agree to have your information shared and stored with the 3 credit agencies.The only way around it is just to use cash.
8
The credit freeze should be reliable and I have had them in place for a few years. However, the prospect of criminals using our Social Security numbers to fraudulently file returns with the IRS seems un-preventable. This is even more worrisome than the credit bureau risks because we all know how impossible it is to deal with the IRS regarding ANY problem. WHAT CAN BE DONE to prevent IRS fraud with stolen identities? What can be done to prevent it?
The IRS should immediately begin alerting taxpayers of ANY mailing address changes, the way many financial institutions do, with written mail confirmation to both old & new address. The IRS should then commit to sending written confirmation to all taxpayers for EVERY filed return and refund requested/processed. That will offer us some protection and peace-of-mind. AND Equifax should be ordered to reimburse the IRS for the cost - not taxpayers!
The IRS should immediately begin alerting taxpayers of ANY mailing address changes, the way many financial institutions do, with written mail confirmation to both old & new address. The IRS should then commit to sending written confirmation to all taxpayers for EVERY filed return and refund requested/processed. That will offer us some protection and peace-of-mind. AND Equifax should be ordered to reimburse the IRS for the cost - not taxpayers!
224
Not just a change of mailing address, but a change of banks where you have your refund automatically deposited should be very carefully screened.
5
We need to change the reliance on existing Soc Sec numbers, and either extend them to a longer number, including characters, or ?
The suggestion made by Roger H make eminent sense.
The suggestion made by Roger H make eminent sense.
2
I believe IRS employees would likely want to institute the protections you suggest. However, the GOP-controlled congress has slashed the agency's funding and specifically cut funding to improve its IT infrastructure so it cannot effectively respond to these known threats. I've already had my personal information stolen through the Anthem debacle, and had false tax returns filed in my name. It all just sucks so badly; clearly, the banksters and robber barons are in control and screwing us at every turn.
2
Why are we not insisting that our most important information be kept offline, not only by companies but by the government? So what it's convenient for businesses to keep information online? As the poet W. S. Merwin has pointed out, we are crazy to make convenience our god.
https://merwinconservancy.org/2017/04/convenience-by-ws-merwin/
https://merwinconservancy.org/2017/04/convenience-by-ws-merwin/
9
Thank you for that poem.
2
If there is any justice in the world, then every Republican politician will have had their personal credit information hacked. Let THEM suffer through the frustration and misery of identity theft the rest of us have to endure.
25
OK. My husband has been paranoid for years about making purchases or paying bills on the internet, and now, again, after another headline shaking report of stolen data from companies that assure us our transactions that they induce us to make, and make profit on, are safe, crows about his being right.
But what am I to do? I guess it all goes back to paper. To writing paper checks for paper bills with no information posted on the internet, just a paper transaction between me and the company or government office I am doing business with.
Of course that will ruin online sales - it's so much easier to decide not to buy if you have to write a check and address an envelope and put on a stamp, and put it in the mail, than to click on a few buttons on your keyboard.
So I guess that the biggest challenge for all those obnoxious, obscenely overpaid and sexist techies out there, is to come up with a truly hacher free system that will keep the internet sales business alive.
But then of course, there will be other equally talented hackers that have nothing to do but gain th status that comes from breaking your unbreakable software.
Paper. It's been good for communication for thousands of years. What's old is new again, bright boys. Show me how I'm safer to rely on your nest software program, than the people you make fun of at the Post Office.
But what am I to do? I guess it all goes back to paper. To writing paper checks for paper bills with no information posted on the internet, just a paper transaction between me and the company or government office I am doing business with.
Of course that will ruin online sales - it's so much easier to decide not to buy if you have to write a check and address an envelope and put on a stamp, and put it in the mail, than to click on a few buttons on your keyboard.
So I guess that the biggest challenge for all those obnoxious, obscenely overpaid and sexist techies out there, is to come up with a truly hacher free system that will keep the internet sales business alive.
But then of course, there will be other equally talented hackers that have nothing to do but gain th status that comes from breaking your unbreakable software.
Paper. It's been good for communication for thousands of years. What's old is new again, bright boys. Show me how I'm safer to rely on your nest software program, than the people you make fun of at the Post Office.
8
This has NOTHING to do with paying bills on the internet.
And internet SSL Certificate (which is used in most web transactions with money, and many without money ... such as reading the NYTimes) is far, far safer than a nine digit social security number.
And internet SSL Certificate (which is used in most web transactions with money, and many without money ... such as reading the NYTimes) is far, far safer than a nine digit social security number.
5
Great article, Ron. Thank you! You state that if you have a relationship with a business (e.g. your bank), that the credit reports are not frozen to them, correct? So couldn't a person with your info just apply for a loan through your bank and be good to go? It seems like the freeze idea has a loophole in it big enough to drive a truck through. What am I missing here?
6
They should all close up shop for good. As others have stated, who needs this service that we did not sign up for anyway? Well that won't happen I know. Have frozen one and working through the maze to do the others with fingers crossed.
6
Just give it up folks. My data has been stolen and I have been given one year free monitoring by Equifax so many times that I just automatically assume everybody has my SSN, mother's maiden name, first pet, car, school, where I met my spouse etc. When my credit card shows up with things I didn't buy, the card company eats the cost. If someone takes out a payday loan with my stolen info, they are going to have to eat the cost too,
24
Equifax is by far the worst of the three credit reporting agencies. Just try to get a credit report from each and see which one is different from the others! They don't send the report to you until you repeat your order several times, and then if you are able to get it, it is full of errors, and finally, to cap it off, it is very difficult to correct errors because they are impossible to reach via their website systems or on the phone, or even in person, as I can attest because I went to their physical offices once after much frustration before being turned away. This company needs to die. I have no idea how it stays in business, other than by sheer momentum of a semi-monopoly.
31
Maybe this is a wake up call that it's time to move away from using social security numbers as our surrogate national ID system and the default identifier for everything. The social security number system was originally intended to be only used for filing our taxes and administering social security. It was not intended to be used for tracking our health, school records, etc. etc etc. With fears of big brother and infringements on personal liberties, the US has long grappled with the ethics and legalities around a national ID system. For all it's problems, the SS# has evolved to fill that function. It's time to stop using SS# and create a new, well protected high security ID system, which we can all chose to opt into.
928
Just like our failing infrastructure, education system, EPA we do not have the money to do anything but war and subsidizing fossil fuels, big agr et al.
6
Good point I definitely agree. The DoD has switched from using the SSN to a unique DoD ID but it is very difficult as many people still ask for your SSN on just about every form. Even the health care system (TRICARE) has tried using the DoD ID but in some cases, the SSN is still required. It will require total buy in and maybe even a mandate from the government. The DoD has dropped SSN from ID cards and forms since June 2011 and the process is still not complete, I still have to supply my SSN in many instances.
1
A buddy of mine who's still in the military told me that at boot camp they made him stencil his Social Security number on his duffel bag. So when he went home on leave, everyone in his car on the train could steal his SSN. A relative on Medicare says that Medicare's ID number is her SSN plus an A, and she's supposed to carry her Medicare card with her at all times, so if someone steals her wallet he's got her SSN.
Nice for the efficiency of the agencies; ordinary people are literally out of luck.
Nice for the efficiency of the agencies; ordinary people are literally out of luck.
1
Once again stockholders are placed ahead of consumers. The website is a joke and provides absolutely no useful information. Went on it today, put info in, gave some future date (why?), clearly states that they will not remind you again (because they don't care), and then enrolls you in a teaser program that is built on fear of what might happen. When is the credit process going to require two-tier authentication before a company can extend us credit? I have to be present, physically or transactionally, in order to request it, make it a little more complicated and protect consumers instead of monitoring AFTER THE FACT to boost stock holder earnings.
15
Equifax waited months before disclosing. Months. According to the article they wanted all the details including extent and numbers involved before sharing with the public.
The decision to delay disclosure was understandable from a management perspective, but not theirs to make.
Lets analogize that you hire someone to live in your house while you are away for the summer. They contact you at the end of the summer informing you that your house was burglarized weeks ago but they didn't want to call you until they knew exactly what was stolen, and how much damage was done.
I gather most would be upset to not be notified immediately; including the Equifax executives making those decisions.
The decision to delay disclosure was understandable from a management perspective, but not theirs to make.
Lets analogize that you hire someone to live in your house while you are away for the summer. They contact you at the end of the summer informing you that your house was burglarized weeks ago but they didn't want to call you until they knew exactly what was stolen, and how much damage was done.
I gather most would be upset to not be notified immediately; including the Equifax executives making those decisions.
36
For those considering signing up on Equifax's website for monitoring, you will sign away your right to take legal action against them for any possible damages.
The user agreement calls for binding arbitration (likely by an arbiter of Equifax's choice) and doesn't allow other legal remedies (lawsuit or class action participation).
The user agreement calls for binding arbitration (likely by an arbiter of Equifax's choice) and doesn't allow other legal remedies (lawsuit or class action participation).
12
I was able to place a security freeze on my credit report with Equifax on the phone at no charge. If you use the website and sign up for the monitoring, consumers are waiving any jury trial rights against Equifax for any damages as a result of the security breach and resulting identity theft. Experian and Transunion will not offer a security freeze through the telephone or through the website. Consumers must request one in writing, proving yet again the burden of protecting our personally identifiable information is on the consumer notwithstanding the credit reporting agencies' gross incompetentcy.
11
Equifax's offer of 1 year's credit report monitoring is completely inadequate. In fact, New York has a "Security Freeze" law that requires the credit reporting agencies to put a permanent freeze on an account, at the customer's request, at no cost: https://www.dos.ny.gov/consumerprotection/pdf/Security%20Freeze031116.pdf. All states should require this kind of protection and given the breach Equfax should be offering it free for all of it's accounts.
26
Thank you, thank you, thank you! I am even more incensed at the idea of having to pay these con artists to put a freeze on! You're right, this should be in place in all states but, then again, these companies should not exist at all.
1
Like others who commented, I just spent 30 minutes trying to get a credit freeze online for the big three and each ended in failure. I don't think they're overwhelmed--the servers responded to each page submission quickly--but at the final step, I received a message that stated they couldn't complete the process. So, incompetence or connivance?
8
In a time when people are going back to vinyl, cutting the cord and leaving cable behind, are we next going to drop our precious credit cards and return to... cash and checks? Because how else can we divorce ourselves from the Big Three Credit Bureaus, who have a monopoly on our data storage?
5
You must be too young to remember check fraud. Mail theft. Where there's a will there's a way. Credit agencies concentrate personal info on to databases that most don't understand, and security is given low priority. Ideal for hackers who do understand and can subvert lax security to bring us where we are now. The methods are new, the motives are timeless.
3
I get your SS number, date of birth, some other details. Then I can go about trying to convince companies that I am you with the objective of changing your password. Or your telephone company that you bought a new cell phone so that I can receive your text messages thus getting OTP passcodes. Having stolen your mobile telephone connection I may be able to change your bank account password, then drain your bank. Or broker. really, you think Experian can protect you? Credit lock? Ha.
10
It does not appear that TransUnion provides security freeze options. I could only find fraud alert options on their site. I was able to freeze my credit access with Equifax and Experian and was not charged to do so.
1
Fees for freezing/unfreezing your account varies by state regulations. FYI in some states you can freeze your accounts free if you're 65+ years, but still have to pay to unfreeze specifically or permanently.
1
The remedy is simple. The company's assets need to be sold. The resulting funds need to be placed in escrow to compensate customers whose stolen information will be used to destroy their financial reputation. Some of the funds might. Some of the funds might need to be used to compensate the government as it looks like new social security numbers will need to be reissued to all Americans. The credit industry's apocalypse has occurred.
1171
We can only hope that the credit industry has indeed entered an apocalypse and will collapse. Also that 'customers' get some sort of compensation.
3
I don't think selling the company would bring in enough money to compensate everybody who's been impacted. The government should just seize the company and send the top fifty executives to jail.... although I kind of like how - a few hundred years ago -- offenders were placed in public stocks and left there, so folks walking by could throw rocks and rotting food at them...
1
Unfortunately, Congress has made it particularly difficult to hold credit reporting agencies responsible for any breach of their own legal agreements with consumers. They lobby our politicians and dole out money to the ones that are friendly to their industry, and those same politicians will do nothing to hold the bad actors responsible for their actions. The article is, unfortunately, correct - Equifax and the other credit reporting agencies will use this breach as a new money making opportunity, and while Congress does nothing, we consumers won't be able to do a thing to prevent it.
What *should* happen is for Equifax to lose any ability to gather and store personal information on consumers. They should be required to purge their data (in fact, I'd argue that we never gave them permission to gather that information in the first place - *particularly* not Social Security numbers!). Yes, that would put them out of business, and I'm very much OK with that.
What *should* happen is for Equifax to lose any ability to gather and store personal information on consumers. They should be required to purge their data (in fact, I'd argue that we never gave them permission to gather that information in the first place - *particularly* not Social Security numbers!). Yes, that would put them out of business, and I'm very much OK with that.
2
Time for the "do nothing" congress to regulate, fine and prosecute .. never happen since they are in the pocket of the lobbyists and Equinfax
8
What we all need to hope for is that a critical members of House members/Senators (or their family members) have had THEIR information compromised....then of course we'll see 'swift and decisive action' to protect the 'public' interest lol...
18
Be sure to read the fine print of the Equifax offer......Consumer Union is advising people that when you sign up for the Equifax protection program, you sign away rights to sue Equifax.
12
So, hey, is this a great country or what ? Man, I love capitalism and its attended means of of asset allocation and protection .
12
As I see it there are two forces that created this situation. On the consumer side - convenience. We can do so much using online services/devices, and from the comfort of our homes. Then there's the business side - huge savings from greatly reduced staff. I'm old enough to remember having to go to the DMV for every aspect of car ownership. Online renewal etc. has changed that, and many other aspects of daily personal business.
2
@Linda R -- can you give more information about how consumers had influence on this? I wasn't aware that consumers had any ability to do anything about stopping our information from being sent to Equifax or the other credit agencies as they are private businesses that, for some ridiculous reason, are not under any type of governmental -- or consumer -- oversight.
I put my info into Equifax and was provided the message that I may be impacted and I could provide a code to them after Sept 13 for more information. Then, out of curiosity, I entered my late husband's information (he died over three years ago) and received the same message. Then entered a random name and number and received the same message again. There is seriously something wrong with credit reporting companies.
192
It's not "reporting"; it's a sales pitch disguised as "reporting." What Equifax wants is for you to do two things: given them a valid credit or debit card that they can start automatic deductions from after you fail to notify them after your first "free" year that you want to cancel the service; to sign a waiver against any legal action for damages as a condition of this "free" service. It's beyond slimy. It is false advertising. Equifax should be forced out of business
26
I originally tried this when the breach was first announced, and my husband's info got the message that they did NOT think his data had been breached. For my own info, I got the same response as in the column - no message but a link to sign up for Experian's free credit monitoring after a date they gave me (why the wait?). Today I tried again, and got the message that they thought my data had been breached. My husband's data got the same response as before, that they thought his data had not been breached. I want to know, like the commenter below, if this is reliable feedback or not?
2
Forget about calling on the weekend to find out how to do a freeze from Equifax, there are no live people available, you have to call Mon-Fri during business hours.
2
Unfortunately, the Equifax site is not working properly and you cannot get a credit freeze there at the moment. It just takes you on endless loops. I called the company and the person there said they were working on it. Uh huh. What a mess. Perhaps Equifax should be liable for any and all fraud that comes of this breach.
21
Equifax should definitely be held accountable for any monetary losses resulting from this breach. Nobody chose them to safeguard their sensitive data. I don't know why we should have to pay at all for any of these so-called protection and monitoring schemes; as if we're not paying them enough already in interest.
I understand that all computer systems sooner or later will be vulnerable to attacks, but once they get in, shouldn't any data stored on these systems be heavily encrypted in the first place? So, was it indeed encrypted?
Is the statement that this breach was "a disappointing event" for Equifax really the best they can do? Truly disappointing indeed.
I understand that all computer systems sooner or later will be vulnerable to attacks, but once they get in, shouldn't any data stored on these systems be heavily encrypted in the first place? So, was it indeed encrypted?
Is the statement that this breach was "a disappointing event" for Equifax really the best they can do? Truly disappointing indeed.
Tried to add security freeze at three major sites:
Equifax - OK - allowed and gave me an unfreeze number
TransUnion - OK - allowed and let me set the unfreeze number
Experian - NO - linked page referenced in NYT article was removed from Experian site - found the security freeze page through another link on their site - but they would NOT allow me no add a freeze. I need to send tons of documents in the mail to have a freeze on my report reviewed,
Equifax - OK - allowed and gave me an unfreeze number
TransUnion - OK - allowed and let me set the unfreeze number
Experian - NO - linked page referenced in NYT article was removed from Experian site - found the security freeze page through another link on their site - but they would NOT allow me no add a freeze. I need to send tons of documents in the mail to have a freeze on my report reviewed,
15
Equifax - ok
TransUnion - failed online and on phone
Experian - failed, written only
TransUnion - failed online and on phone
Experian - failed, written only
2
Perhaps the IRS should wait until Apr 15 before give refunds? That way they can flag if multiple returns are filed for the same SS#
21
IRS simply matching w-2 info reported with tax returns against info employer supplied to IRS could stop the vast majority of fraudulent refunds, couldn't it?
The IRS does match the W-2 info on electronically filed returns. But you could simply report enough self-employment income to get the maximum Earned Income Credit using stolen SS# and DOB for taxpayer and two children. As long as you filed before the real taxpayer, you would get the money unless your return was flagged for another reason.
1
Sell their stock and sue the daylights out of these people!
Their officers knew about the breach and sold stock in advance of public knowledge.
Their officers knew about the breach and sold stock in advance of public knowledge.
306
They are a useless company and always have been.
5
What they did is called "insider trading," and it's (theoretically) illegal. In practice, of course, it's "business as usual."
Ah, capitalism! Ah, America!
Ah, capitalism! Ah, America!
2
We need a law, requiring CC, mortagge, pay loan companies, bank loan, reali estates to verify the name and address with written three way postive proof before providing to sell, provide credit, issue a mortgage. I think it would be hard to fudge, a birth certificate, voter registratino, and drivers license. Maybe I am ignorant.
19
Unfortunately, we have no idea whether existing credit freeze passwords have been compromised.
8
Click on the website link and you get this:
Your connection is not secure
The owner of www.equifaxsecurity2017.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
Your connection is not secure
The owner of www.equifaxsecurity2017.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
9
Friday morning when I set up security freezes (also called credit freezes) on the 3 credit agencies, it was immediately obvious that the Equifax website had weak security compared to Experian and TransUnion. When inputting my credit card to pay for the freeze, it did not even require a cardholder name (only TransUnion did). It also did not ask any verifying security questions (Experian and TransUnion did). I would recommend ignoring any and all guidelines from Equifax. The best explanation of options, and direct links to the pertinent freeze pages for each site are on the FTC website: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
15
Bless you for providing that link. I was able to go to all 3 websites and place freezes. I'm sure if I'd tried to call each organization it would have been a "fools errand" with endless waiting.
3