Equifax

You've probably already heard that Equifax was hacked and sensitive personal data was stolen for 143 million Americans (half of all U.S. adults), and that Equifax has kindly offered their Trusted ID credit monitoring service for free to help mitigate this disaster.
 
Here are a few things you might not have heard...
 
The breech happened in May. They didn't discover it until July. They didn't admit it publicly until September. The first gap shows incompetence, the second gap reveals malfeasance.
 
Four days after the discovery, and long before the incident was made public, three Equifax executives sold $2 million in Equifax stock, including the company's CFO. Here in the U.S. that's called insider trading, which means making stock trades based on information not available to the suckers who bought that stock. It's fraudulent and you can go to prison for it (see Martha Stewart). Even if it is just a white-collar prison with tennis courts. Will that even happen? Not likely.
 
Before you sign up for the "free" monitoring service, read the fine print: by doing so, you waive your right to sue Equifax. There is currently a $70 billion class action lawsuit in progress. If you are one of the people whose information was compromised (as I am) then you will likely be entitled to monetary damages. It won't be enough to compensate you for the yacht somebody in Romania bought with your credit card, but it'll at least be a slap in the face to Equifax.
 
These people lost personal information that you never agreed to give them in the first place. You will be under increased threat of identity theft for life, because while you can change passwords and close accounts you cannot change your Social Security number, birthdate or driver's license number. That information has most likely already been sold on the black market.
 
Think you're safe because you don't live in the U.S.? Many of the compromised records were for UK and Canadian citizens, too.

Bit,
 
Great summary of the situation. I was curious to find out whether I was affected, so I went to their site and entered my last name and the last six digits of my SSN. (Now I'm wondering whether I should have done that.) The answer was that I wasn't affected.
 
To my surprise, an Enroll button appeared. What a nerve. In the middle of this scandal, they ask me to sign up and give them my information.
 
Mitch I.

All of what Dave said, plus watch any recently closed credit accounts you may have.  Most times, if you make a charge against one, it automatically reopens and you won't even know it until much later.
 
If this was done by a foreign country or a group of professionals, there may be NO effect for 5-10 years then, as Dave pointed out, since your birth date and Social Security Number don't change, they can start using those then.  Plus, there's a LOT of spending habit and other personal information that could be mined.
 
Hmm...  I think I'll hack the required systems and change my SSN and birth date.  I want to be younger anyway, ya? 

Yes, the nerve of them wanting us to sign up (giving more info to another one of their potentially insecure web sites) for credit monitoring. Then in a year, start charging us for their mistake.
 
Metaphorically speaking, the CFPB should rape equifax, chop them off at the ankles and bury them in a shallow grave. Equifax has shown nothing but indifference, incompetence and criminal negligence.

Wow I was compromised.  Until I see more details I may or may nor enroll.
That may explain why 6 months ago I got a citibank card that I never applied for.  I got put on an immediate 6 month watch.
That may also explain why almost every new on line purchase I make is held up until I respond to a text message.  As long as I have my phone next to me it all goes pretty well.
 
This internet thing is going to be the end of us.
 
JR
 
 

I'm affected, my Mom is not.  No, I won't be enrolling.

MandolinPicker
And in the end, you simply have no choice but to continue to use these companies. If you want a car, a house, a loan of any type, you have to submit your information to them.   
 

You don't have to do anything. The problem is that they created a system that in the modern world is beyond idiotic - it relies on a "secret" SSN that you are basically forced to give to any number of people and then they make it mostly your problem if this "secret" number (along with a few other pieces of not exactly secure info) gets out and is misused.
 
The obvious solution is actually quite simple - the government just needs to publish everyone's SSN publicly immediately so that none of these idiots will continue to pretend that it's somehow a secure identifier. That would force them into doing what they need to do - setting up a much more secure system for establishing identity that doesn't rely on a "secret" number that we've basically all given to every workplace, financial company, medical facility, school and all kinds of other places over the years.

When Social Security was first introduced, a lot of people were suspicious that it was a government plot to institute a universal identity card. So the cards used to say right on them "not for purposes of identification". They don't say that anymore.

bitflipper
When Social Security was first introduced, a lot of people were suspicious that it was a government plot to institute a universal identity card. So the cards used to say right on them "not for purposes of identification". They don't say that anymore.

No, actually it was a government plot to institute an illegal multi-level pyramid scheme that benefits the early adopters and screws the later generations (like mine).  I've paid a ton in and, it's a good bet, there won't be anything left when I hit their so-called (and moving target) retirement age.
 
[conspiracy rant]
Almost makes me wonder if it wasn't someone in our own government that hacked Equifax so they can use the information against us...
[/conspiracy rant]

Maybe I should ask the NSA for my credit score now? 

This just seems to be getting worse and worse. If you went to the Equifax and were told that you weren't affected, well, it probably isn't correct. It seems that the web site simply gives random answers.

• Those hoping to find out if their Social Security number and other identifying info was stolen, along with a potential 143 million other American’s data won’t find answers from Equifax. In what is an unconscionable move by the credit report company, the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.

 https://techcrunch.com/20...08/ps...d-by-the-hack/

• Also, if you have a credit freeze on your account at Equifax, turns out the PIN is just a date/time stamp. And it appears that they have been using this for well over a decade.

 https://twitter.com/webst...tus/906638411930497029
 
Every time there is a data breech, it always takes a while before the full scope of the damage is known. Given the damaging information being released just in the first couple days, one has to wonder just how bad this will be when everything is finally known.

MandolinPicker
If you went to the Equifax and were told that you weren't affected, well, it probably isn't correct. It seems that the web site simply gives random answers.

One writer entered a made-up name and a random SSN, and the website came back "you are affected". I wouldn't put too much stock in that feature. It wasn't a general breach of the central database, but specific files that were stolen. I'm not sure they even know which ones.
 
There is some good news, however. Bowing to the pressure from legal experts, Equifax has now stated that the mandatory arbitration clause does not apply to this particular situation, so even if you signed up for their Trusted ID program you will still be able to participate in the lawsuit.

Maybe it was the Russians thinking they were getting into a voting machine.

Personally, I think Equifax should go down for this. Out of business. Gone. Sued into oblivion.
 
Of course, I felt the same way about Jack in the Box after they killed a bunch of people. Yet they remain.

MandolinPicker

bitflipper
Personally, I think Equifax should go down for this. Out of business. Gone. Sued into oblivion.

Very much agree. It would also be a warning to others to start taking their responsibility of safeguarding personal information seriously. But alas, I doubt little will happen.....

The core of the problem is all of the supposedly personal information is widely known because we have had to give it to everyone repeatedly over a period of decades. It's a charade to think that information is secret or personal and thus somehow uniquely identifies anyone or can be safeguarded. That's why I say the government should just publish everyone's SSN immediately - it's a charade anyway, so let's just be done with it and force everyone to stop pretending. Now.
 
I'll go even further - "identity theft" is a charade too. It's not that it doesn't happen with horrible consequences for people - it's that if certain information is commonly compromised then one can't pretend that information ever established anyone's identity in the first place.