Equifax Breach: Follow These Steps to See If You're Exposed

[Paul Wagenseil]

You can check to see whether you were impacted by the Equifax data breach, but the process can be confusing. Here's how to do it.

Equifax Breach: Follow These Steps to See If You're Exposed : Read more

 

[murrahnoble]

Doesn't it kind of sound like they're scaring us in order to sell subscriptions to the service? I was told that I might have been impacted but I am unable to register for 5 days after I was informed? That seems rather delayed if my personal information has been compromised.

 

[4petersmith]

Paul, I think Equifax's response is the biggest POS I have ever seen. "Write that date down and/or make a calendar-app reminder on that date — it's the first day when you can sign up for the TrustedID protection service." Plus no email confirmation or reminder will be offered.
WOW, Equifax is doing every thing it can to make signing up suspiciously hard. What do you think the take rate on this offer will be? 1%, 2%
Think about this corporate failure versus Volkswagen diesel failure. Thier screw-up cost them tens of billions. Equifax gives hackers Social Security numbers, credit card numbers, addresses etc on 140 MILLION people and they suffer nothing other than a few moments embarrassment in the public eye. OMG!

 

[crtjr64]

Paul must have gotten paid off by Equifax... in order to sign up for this TrustedID service, you have to sign away your rights to a class action suit against Equifax. Also, its a given that these thieves are patient as they sell your information on the black market... it could be well after a year when they do steal your identity and Equifax is unwilling to assist us in fixing a life altering issue their negligence created...

 

[dave.caum]

I agree with you completely. I would think twice before giving up my future right to recover damages caused by their lack of security over consumer data. Hope the three executives that sold their stock after they knew and before they announced it publicly, go to jail.

 

[Paul Wagenseil]

Doesn't it kind of sound like they're scaring us in order to sell subscriptions to the service? I was told that I might have been impacted but I am unable to register for 5 days after I was informed? That seems rather delayed if my personal information has been compromised.

Equifax certainly isn't handling this situation very well, to say the least. But the TrustedID service is free for the first year. You might consider signing up for a credit-monitoring service such as LifeLock or IdentityGuard that isn't owned by Equifax, but those aren't free.

 

[Paul Wagenseil]

Paul must have gotten paid off by Equifax... in order to sign up for this TrustedID service, you have to sign away your rights to a class action suit against Equifax. Also, its a given that these thieves are patient as they sell your information on the black market... it could be well after a year when they do steal your identity and Equifax is unwilling to assist us in fixing a life altering issue their negligence created...

Please. There's always a commenter who thinks that if a reporter presents a story objectively and calmly, the reporter's been "paid off" by the product in question. It doesn't work that way.

Regarding the class-action waiver/forced-arbitration clause, that apples to TrustedID, not to Equifax as a whole.

Anyway, here's another story this corporate shill (me) wrote about Equifax: https/www.tomsguide.com/us/equifax-data-breach-impact,news-25800.html

I have to be fairly polite about the Equifax situation, because it's part of my job. Not every reporter needs to be so restrained: https/krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/

 

[Paul Wagenseil]

Paul, I think Equifax's response is the biggest POS I have ever seen. "Write that date down and/or make a calendar-app reminder on that date — it's the first day when you can sign up for the TrustedID protection service." Plus no email confirmation or reminder will be offered.
WOW, Equifax is doing every thing it can to make signing up suspiciously hard. What do you think the take rate on this offer will be? 1%, 2%
Think about this corporate failure versus Volkswagen diesel failure. Thier screw-up cost them tens of billions. Equifax gives hackers Social Security numbers, credit card numbers, addresses etc on 140 MILLION people and they suffer nothing other than a few moments embarrassment in the public eye. OMG!

I can't disagree with any of that.

 

[rgd1101]

more about the Equifaxsecuirty2017 site.
https/arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/

 

[rickhal]

I was a Lotus Notes messaging server administrator and second level client support consultant for nearly 20 years. I have an idea how IT departments work. Most large corporations look to IT budgets to cut expenses first. The thinking is that if there is a breach, we won't lose money our insurance company will and the customers might too. "But, we'll be just fine in the end", "take a PR hit and move on". This breach should have been avoidable. So, the lesson: Don't trust any of them their first priority is always to bolster the margins. The CEO' little speech means nothing. Just more BS PR from the top guy. The government should require a certain, certifiable level of IT security and breach protections. This is just plain wrong.

 

[rickhal]

I for one understand a reporter's nuanced stance on such news. And we all know that Equifax management will try to make a silk purse out of a sow's ear on this one. They will engage in "corporate speak" and obfuscate and cast the illusion far and wide of deep concern and a willingness to "make things right". Which, they really can't. The damn has been broken and the water streamed out. It can't be taken back. We can only hope the hackers will have difficulty in using much of the enormous amount of data they have stolen.

 

[chb56]

As of 9/10/2017, copied from Equifax FAQ page, you will not sign your rights away by enrolling in TrustedID:

To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.

 

[philcurtisengineering]

A question I have which I not seen covered anywhere,...
but 1st a quick overview of my credit knowledge.
Experian (formerly TRW), Equifax, and Trans-Union are the 3 credit monitoring agencies in the USA.
You MUST look at your credit report from all 3 agencies to ensure you know everything credit related to your SS#. To look at only 1 or 2 is only deceiving yourself.
To my understanding, TRW was the biggest and original in the USA (fact-check?).
Anyway, here's my question.
I have been a paying member of Experian/TRW's Triple-Alert program for years. How does my membership in this program affect me and this Equifax data breach, if at all?
I understand the obvious, any activity on my accounts, I will still be notified. But am I more or less protected with this service? Do I have added legal rights and actionable ability?
In depth questions. Thank you in advance for any input on this.
Phil

 

[lewis_rjay]

I don't remember giving them permission to collect and store my information in the first place. Now they want me to enroll in a security plan, that will eventually cost me, to protect my information that they really as far as i am concerned have no legal right or my permission to have. I will be paying them to protect my information that I would rather they not have. because of a breach in their system I may be screwed. I think a lawsuit is the only way to force them to take responsibility for there lack of proper security. Why is their information database attached to the internet in the first place? I don't believe the internet has ever been proven to be secure from hackers no matter who says it is!

 

[philcurtisengineering]

I don't remember giving them permission to collect and store my information in the first place. Now they want me to enroll in a security plan, that will eventually cost me, to protect my information that they really as far as i am concerned have no legal right or my permission to have. I will be paying them to protect my information that I would rather they not have. because of a breach in their system I may be screwed. I think a lawsuit is the only way to force them to take responsibility for there lack of proper security. Why is their information database attached to the internet in the first place? I don't believe the internet has ever been proven to be secure from hackers no matter who says it is!

It's complicated. Their business is run by communication and now the internet. When you need something financially related, the business communicates with these 3 (or 2 or just 1) and finds out your profile and credit worthiness.
Interesting question about how they get permission in the first place. This system is as entrenched in our financial lives like the federal reserve is entrenched in the world monetary system. I am sure we agree to it in a ToA somewhere.
One thing I have never liked, why is this citizen sensitive data trusted to (three!) private companies? Shouldn't this be a government responsibility? There's basically a CEO, management, and a company board who determines what happens with the most personal details of my life. In my opinion, no company or gov't should have this info. I should. And I should give this info to those companies who I want to do business with.
phil

 

[Paul Wagenseil]

I for one understand a reporter's nuanced stance on such news. And we all know that Equifax management will try to make a silk purse out of a sow's ear on this one. They will engage in "corporate speak" and obfuscate and cast the illusion far and wide of deep concern and a willingness to "make things right". Which, they really can't. The damn has been broken and the water streamed out. It can't be taken back. We can only hope the hackers will have difficulty in using much of the enormous amount of data they have stolen.

Ironically, I'm just hoping that the thieves aren't regular online criminals, but Russian or Chinese state-sponsored hackers looking for information on specific U.S. residents. If so, there would be less chance the stolen data would be monetized.

 

[Paul Wagenseil]

A question I have which I not seen covered anywhere,...
but 1st a quick overview of my credit knowledge.
Experian (formerly TRW), Equifax, and Trans-Union are the 3 credit monitoring agencies in the USA.
You MUST look at your credit report from all 3 agencies to ensure you know everything credit related to your SS#. To look at only 1 or 2 is only deceiving yourself.
To my understanding, TRW was the biggest and original in the USA (fact-check?).
Anyway, here's my question.
I have been a paying member of Experian/TRW's Triple-Alert program for years. How does my membership in this program affect me and this Equifax data breach, if at all?
I understand the obvious, any activity on my accounts, I will still be notified. But am I more or less protected with this service? Do I have added legal rights and actionable ability?
In depth questions. Thank you in advance for any input on this.
Phil

I think the same rules would continue to apply in this case, but please understand that identity "protection" services are really just identity-MONITORING services. They generally can't stop identity theft from happening -- they can only tell you that something unusual is going on (which is better than never finding out) and spur you to take action quickly.

To really prevent this stolen data from being abused, I would recommend 1) signing up for Equifax's Trusted ID free service (there are no strings attached); 2) calling one of the Big 3 credit agencies and placing a fraud alert on your file (this lasts 90 days and is free, and the agency you call will notify the others; getting a credit report from each agency if they don't give it to you when you institute the fraud alert; and finally 4) after a week or two
to make sure the fraud alert is in place, calling each of the Big 3, plus Innovis (the one most people haven't heard of) and having a credit freeze placed on your files.

In most states, that last step will cost a few bucks per credit bureau and will last several years. (In some states, it's free.) For each credit bureau, you'll get a PIN with which you can temporarily unlock your credit report in case you're applying for a new loan, credit card or utility account.

 

[Paul Wagenseil]

I was a Lotus Notes messaging server administrator and second level client support consultant for nearly 20 years. I have an idea how IT departments work. Most large corporations look to IT budgets to cut expenses first. The thinking is that if there is a breach, we won't lose money our insurance company will and the customers might too. "But, we'll be just fine in the end", "take a PR hit and move on". This breach should have been avoidable. So, the lesson: Don't trust any of them their first priority is always to bolster the margins. The CEO' little speech means nothing. Just more BS PR from the top guy. The government should require a certain, certifiable level of IT security and breach protections. This is just plain wrong.

I agree. No company will ever be punished for a data breach until there is comprehensive federal regulation -- or if a big state such as California or Texas enacts such legislation. Look at LinkedIn -- it delayed notifying people about its 2012 data breach, didn't admit just how big the breach was (possibly its entire user base in 2012) until 5 years later, and walked away scot-free.

 

[itsdavebuck1]

Just tried to verify if I was one of the lucky ones. Avast returned a security threat, URL:Mal

 

[Paul Wagenseil]

Just tried to verify if I was one of the lucky ones. Avast returned a security threat, URL:Mal

Did you go to https/www.equifaxsecurity2017.com?