This is an appalling situation. One correction one can change their SS #. If you go to your SS office there is a way to do that. It was recently announced.   

Well, even more on the Equifax front, and none of it is good. Latest news comes from Argentina where they had a breach. Looked initially like about 100 victims (all employees) this time. But what is really scary - the administrator user name and password was 'admin/admin' (admin/password would have been my first guess).
 
But wait, it gets worse
"From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. "The site also lists each person's DNI [documento nacional de identidad]- the Argentinian equivalent of the social security number - again, in plain text." All told, there were more than 14,000 such records, Mr Krebs said, concluding that the firm had been "sloppy".
 
More over at the BBC http://www.bbc.com/news/technology-41257576
 

Hi,
 
Two things.
 
One. Some articles even suggested that a lot of the security thing was a problem with their servers using Apache, an Unix based operating system. Per my friend, a security expert and original Open BSD security modules person, the issue was not just Apache, but the quality of the folks working on the Operating System. Most of them were not qualified and not experienced enough to even work with Apache or any Operating System, having been brought up in a time that did not work with Unix a whole lot. 
 
Two. Equifax, is a CASH COW ... and owned by invisible huge companies that are simply collecting free money and they couldn't careless if anyone's information was given out ... that information can easily be acquired anywhere else on the net.
 
AND, of course, a Cash Cow is never wrong, and if it is, it was no real big deal (they will never admit any problems, because they hide them on a quick fix in Unix), because if it were, a lot more would be involved and a lot bigger issues would have taken place, and a lot more Federal Institutions would be involved in making sure that nothing else got hurt ... notice the bigger players in Microsoft, Apple and other institutions just laughed it off ... sort of like suggesting their systems are better and more secure. They are not any better or more secure, specially Microsoft that is too slow to resolve issues ... even had a rootkit in your system? ... right ... get ready to lose everything and redo your computer. No such chance or luck with Unix, unless it is administered by someone that does not understand the security levels that can be created and added to it. And a lot of Unix was already 64bit before Microsoft and anyone else, and the security was far better ... but it had work done by folks with interest in it, not Microsoft or Apple.

Hi,
 
(Dupe ... )
 

DrLumen
If you don't want to pay or go the hassle of a credit freeze you can file a fraud alert with the credit bureaus. It is free but it only lasts for 90 days. It does roughly the same as a credit freeze. I keep resubmitting about every 90 days. Supposedly, if you file a fraud alert with one, they send it to the other two automatically.
 

)
 
 
I just completed a credit freeze with all three companies either online or on the phone in less than 30 minutes(the biggest issue was eqifax crapping out and finding the correct phone number)
 
All three were free, no charge

Ham N Egz

DrLumen
If you don't want to pay or go the hassle of a credit freeze you can file a fraud alert with the credit bureaus. It is free but it only lasts for 90 days. It does roughly the same as a credit freeze. I keep resubmitting about every 90 days. Supposedly, if you file a fraud alert with one, they send it to the other two automatically.
 

)
 
 
I just completed a credit freeze with all three companies either online or on the phone in less than 30 minutes(the biggest issue was eqifax crapping out and finding the correct phone number)
 
All three were free, no charge

 I think the charge depends on what state you are in. Texas, for whatever reason, allows them to charge $10. Not that big of a deal but it's the principle of it. Paying to secure something that should never have been allowed out.
 
As to the Apache flaw, it was patched 2 days after it was found about 6 months ago. Equifax never patched their system though.
 
Another thing that is likely to happen, if equifax survives and I really hope the don't, is all the execs are still likely to get their multi-million dollar per year bonuses along with their lucrative golden parachute. IMO, there should be criminal negligence charges against the CEO and his closest minions and IT staff.

Yes, the break-in was made possible by a security flaw in Apache, specifically in support software called Apache Struts that's used to create websites.
 
What makes this look bad for Equifax is that Apache was patched two months before Equifax was breached, but the fix was not installed on the Equifax servers. 
 
Turns out, their Chief Information Security Officer's educational background is a Master of Fine Arts degree in music composition. No kidding. They put a frickin' musician in charge of all the secrets!
 
BTW, CISO Susan Mauldin's linkedin page has been taken down. I'm thinking Ms. Mauldin is exploring new career paths.
 

This sums up the situation in an entertaining way. Are we angry yet?
 

Thanks for the bump Dave!  It reminded me to freeze my credit with all three reporting agencies.  That's $20 (because Equifax was free) well spent I think.  Much better than something like LifeLock!

I just got around to freezing my accounts with the three players involved. I was expecting some major headache in the process, but actually it went quite well. Took around 30-minutes for all three and that was with being cautious, reading, and double-checking everything.
 
What surprised me was I wasn't charged for any of the freeze requests. $0.00 (unless I will be getting a bill at a later date. But nothing was mentioned during the freeze process.)
 
What also surprised me was that TransUnion and Experian sent me email confirmations of my freeze requests. Only our beloved EquiFax did not send any confirmation. Seems like this company need a major overhaul. In my view, that overhaul should be closing down shop, even if the government needs to step in and suggest.