Equifax hacked; potentially impacting approximately 143 million U.S. consumers.
That’s more than ½ of the US population > 18 yo (those who can presumably open accounts) :eek:
Is the security model now broken with the identifying info of the majority of the population now potentially out on the black market?
I think there have been so many leaks that the average person ought to assume that the bad guys have had their SSN, etc. for quite some time now. So yes, the model is broken but it already was broken.
I’m not sure how catastrophic the consequences need to be before companies take operational security seriously. I’m sort of surprised we haven’t already seen large scale drainage of people’s accounts. It seems the only thing standing between many people’s online access and the bad guys is often a set of easy to look up questions and answers.
Anyway, this is where their priorities are so don’t expect major changes anytime soon: Bloomberg - Are you a robot?
In all fairness to the accused, we can’t assume they sold the stock based on inside information.
Yeah, sure. :rolleyes:
Anyone have any good advice as to what, if anything we should do in response to this particular breach?
Doesn’t seem like it’s at all relevant whether or not we, say, change our online banking passwords?
I may have my particular facts a little wrong, but I believe I heard that Equifax was offering something like 1 year of free credit monitoring to every single American. I think you have to contact them and ask for it.
(ETA: I don’t mean “single” to mean unmarried or unpartnered- you know what I meant.)
Looks like we all need to get new Social Security numbers!
Oh, wait, we can’t do that. Never mind; we’re all screwed. 
From what I can tell, yes, credit monitoring and identify theft protection for everyone.
Go to https://www.equifaxsecurity2017.com and click the big Potential Impact button at the bottom. Enter your last name and last 6 of your SSN, and if they identify you as at risk, they’ll say so, otherwise, they’ll give info on enrolling in their credit protection as well as the date when you can do so. Apparently they’re staggering enrollments so their servers aren’t melted when the entire adult population of the US tries to register on the same day.
I agree, but two things that this one has that previous ones didn’t.
You can’t change the password on an account you don’t know exists. The only thing one can do is diligently monitor your credit reports for any new accounts being opened & hope they’re reported timely. Personally, I wouldn’t sign up for something like LifeLock; it’s $120/year for what you can do yourself. That’s a pretty expensive insurance policy for what you get from them IF you need their services.
When I was the victim of ID theft, a credit card was opened in my name but the mailing address was somewhere else; it didn’t show up in the credit reports until it was delinquent, which only took a couple of months to run up a 5-figure balance as they paid the minimum due for the first couple of months, which was a nominal amount.
I figure if I’m affected (I haven’t looked yet), this is probably the fourth or fifth time for my information. I’m practically desensitized to it by now.
I’m a little confused. I went to the link and provided the information requested; I wasn’t told I was at risk, but was given an enrollment date for the credit protection service (which would seem to imply that I am at risk).
Not sure I’ll take them up on their offer, since a) I’m borderline obsessive about keeping on top of my bank and credit accounts, and b) I already have several flavors of credit protection through organization memberships and my homeowner’s insurance. And I rather imagine that after a year they’ll just start charging the clients with little or no notice.
Ok, so I clicked on the “Potential Impact” to see if my information was potentially impacted, gave my last name and last six digits, but the only message I got was with a date for enrollment. Why didn’t they tell me if I was impacted or not?
Before you accept that free credit monitoring system, be aware that by agreeing to it, you may be waiving your right to sue Equifax over their mishandling of your data.
That’s some catch, that Catch-22.
This is a pretty boneheaded move by them. There’s no way for the average person to verify that equifaxsecurity2017.com is owned by equifax and isn’t a phishing site started up to take advantage of this breach. Equifax should not be training people to go to random domains and entering in personal information.
The entire concept of credit reporting agencies is an archetype of “what could possibly go wrong?”
It now appears that the checker Equifax is promoting isn’t doing any checking at all and is solely there to upsell you into identity protection services. Entering clearly made up data returns that you might have been affected and entering in the same information multiple times returns different results.
So what is a comprehensive list of all the possible implications of this breach?
It seems like they have enough information to at least semi-plausibly pretend to be almost anyone. Is there a chance of flooding the IRS with an enormous number of fake refund-heavy tax filings? To the extent that even if only a small percentage of them are plausible enough to result in refunds it is still a huge amount of money? After all, with 140 million tries available you don’t have to be right a lot. I’m sort of imagining that trying to sort out the fraudulent from the legitimate on such a huge scale would effectively kill the regular tax collecting infrastructure …
On a par with my credit card fraud prevention service calling me on the phone, and then asking me for critical personal information to identify myself. Fucking morons.
That was my suspicion too. It’s like a mob protection racket. Pay us to protect you from “accidents”.
OK, so I did do the check, and it did say it could impact me, although I do see the link above. I have taken free credit monitoring from a previous potential breach on the company level years ago, and I think I’m good at resisting upselling. Should I take the monitoring Equifax is offering, since it’s better than nothing? If not, what SHOULD I be doing?