And the premier service you are enrolled in for "free monitoring" auto renews after 12 month...at $19.95/month.

Fuck them. The executives involved should go to jail. The business of Data collection, storage, mining and sale thereof should be shut down if it cannot be protected - which it can't.

Sounds like three jobs.

---

Long Chile was a silly place.

The time lag for notification is straight criminal. They knew about this a loong time, ago, but didn't notify "customers" to give us a fair shot at cancelling affected credit cards, etc. I've had 3 very weird instances of fraud on my credit cars around that timeframe, and spent a lot of time cleaning it up.

Yahoo did the same thing with a long lag between breach and notification. And Wells Fargo too - didn't notify customers about fraudulent account creation until after it went public.

If Congress wants to do something to make itself popular, it could pass a law imposing legal notification timeliness requirements under threat of criminal prosecution. Or give the Consumer Protection Bureau some actual power to drop a hammer on some of these companies.

I'm getting weary of it. I've been hit by every major breach (except Ashley Madison).

Just checked and...ugh...it seems that I have made the "unlucky list".

I already had to replace my AMEX card after weird charges showed up on Amazon for movie and book services that I didn't order. No, instead of getting "free" service for something I can do on my own for free anyway, I will be first, or maybe second in line for the class-action lawsuit.

---

DFL > DNF > DNS

Yeah, I already got the free service from my last breach. I'm going to need more this time.

They had to wait for the insiders to sell their stock first. Cocksuckers.

---

_________________________________
I'll be what I am
A solitary man

I saw some things on twitter where a guy typed in 123456 and test and it said he had been affected...so they may just be taking precautions

This is clear criminal negligence on their part not to mention how they are now handling. Not sure they survive this.

It's one thing to have an account breach where you can leave the service. But these schmucks keep data on you even if you don't want them to.

Not only that, these assholes want to charge you to see your own data that you didn't want them to collect. It wasn't until a law was enacted that you could get one and only one 'free' report a year. If you want more than one, the prices are outrageous to see your own data.

If Congress wants to do something to make itself popular, it could pass a law imposing legal notification timeliness requirements under threat of criminal prosecution. Or give the Consumer Protection Bureau some actual power to drop a hammer on some of these companies.

It looks like the 3 credit companies gave about $1M in campaign donations in 2016. They are really an unregulated monopoly. If this was the government, at this point someone would say, "and people want the government to run our health care."

I had a cc canceled a few weeks ago. I thought it was strange that they gave no explanation other than it was compromised. Normally there's a bogus charge.

You are so right. Furthermore if Equifax can't protect your sensitive date who can? Canadian and American gov'ts have been hacked for SIN numbers too. Maybe for sensitive stuff like this there should be isolated servers. The banks could send the info a clerk could manually input it in and fax a result back. But everyone is in such a damn rush to get stuff processed and save money by automating everything. Same with credit cards. When is the last time anyone turned you credit card over to see if your signature matched. We have PIN numbers for credit cards now but we allow people to bypass that by buying thousands of dollars of stuff online.

---

They constantly try to escape from the darkness outside and within
Dreaming of systems so perfect that no one will need to be good T.S. Eliot

When is the last time anyone turned you credit card over to see if your signature matched.

I just got a new credit card and the place where you sign your name is dark gray. So I signed it but you can barely see my signature. Not that my signature on the card matches how I sign at a store anyway since I basically scribble one letter and then draw a line at the store.

Can't wait for more to come out on this. Pretty stupid on their part. I guess there is a chance as the company said they didn't know about the information but that seems like a stretch. I'm also guessing they are familiar with 10b5-1 and selling shares of the company they work for.

---

"I think I've cracked the code. double letters are cheaters except for perfect squares (a, d, i, p and y). So Leddy isn't a cheater... "

I don't think you understand how it works. They won't use your credit card which Equifax doesn't have, they'll open a new credit card, take out a mortgage, take out a loan not pay any of it and fuck your credit.

One thing that's surprised me is how little coverage this has gotten on the news. Have we reached a point where data breaches are so common that they're no longer considered as noteworthy as the Patriots being upset in a football game?

What bothers me most in all this is now that they've allowed identity info to be compromised you have to monitor basically for the rest of your life--Equifax will offer one year free and then you have to pay. Want to lock your credit report? There's a fee for that. How much money will Equifax make from their negligence?

Seems to me that it's not inconceivable that within the next few years data breaches will have compromised identity info for every single American and we'll all be at high risk of identity theft.

I think Equifax may be out of business soon. Also it is prudent to monitor your credit breach or no breach

That may be worse. It would mean the other two companies have even more of an oligopoly.

These companies are scum. They make money off your data by selling it to other people, then sell your own data to you at an even higher price. All without any of your consent.

Welcome to the digital age; where the individual consumer IS the product. And you cannot opt out...

Item #2 on what Congress could do if they want to be popular: re-think the Social Security #. A plain text # that can't change for life is ancient technology that provides a soft target for criminals, and makes life miserable for marks. All we can do is put a credit lock on the # which hurts ourselves more than any one bad guy.

I'm think if we throw some modern technology at it, it becomes more of a fair fight. I'm thinking of a system where if a potential landlord or loan agent wants to check my credit, I use my Credit Agency X App and request a one-time # that's like a single-use credit card #. It's not the actual Social Security #, but a temporary digital ID linked to my SS#. On this app I then send it to the landlord/agent using their public key in a PKI system. As soon as they use it, that # becomes invalid. If they don't use it, it times out within X days. When someone uses it, I'm notified of who used it and why. Rather than that information being the property of one of a handful of private companies who then try to sell that information back to me.

Social Security #'s need to be under the owner's complete control by design, rather than passed around willy-nilly among myriad private companies.

You're right. We have. We've learned that not even the NSA can keep it's data. Banks can't. Credit agencies can't. Dating services can't. Governments can't.

But that's OK (or sort of OK) as long as the system is designed with that in mind. Which it can be. Right now, it's not. There's a long list of things I could list that might make it better, but #1 is like my post above: just make all the info very easy to make useless.

One thing that's surprised me is how little coverage this has gotten on the news.//

No kidding, you would think there was some major storm somewhere sucking up all the news cycle... But really, how much did we hear about that 8.1 quake? I mean those don't happen every day in populated areas, and without Irma it would have been in the news for at least 3 days instead of 5 minutes. Even Trump is getting pushed to the side, they squeeze in a few minutes here and there and then back to the same 5 second loop of the last hour or two of the hurricane. This is what the news channels wet dream about..


I saw on Facebook a link to see if you were hacked, but of course I stayed away from that. Pretty sure scammers are already out there collecting your info pretending they are the company. As I recall we should all be getting a letter soon if you were hacked and probably a free year or two of some service that looks out for your online presence. Just in time too, my last two year one from the last hack is about to run out!!!

Drain the... oh wait, never mind wrong thread.

I should clarify...I didn't mean to imply that this is more important than the hurricanes, earthquake and other events that I agree deserve the airtime they're getting. I was making a comment that our stations have treated this as a "in other news..." soundbite that got less airtime than a football game and by the next day, no mention.

This is only a part of their business. They also do employment verifications, w2 processing/payroll and other payroll/hr. They have a lot more info then you think.

One thing that bugs me is how cheaply politicians can be bought. 1 million is pocket change for these outfits it must have been spread around dozens of politicans. For that they get all sorts of influence.

---

They constantly try to escape from the darkness outside and within
Dreaming of systems so perfect that no one will need to be good T.S. Eliot

After debating it these past few days, I went nuclear this afternoon and put a full credit freeze on with all 4 bureaus (big 3 + Innovis too).

Cost varies by state & circumstance, but it ended up costing me $5 each at Experian and Transunion, while Innovis was free, and Equifax was also free (an olive branch for the breach, I guess).

It was easy & fast to set up all four freezes online.

We'll see how painful it will be to unfreeze case-by-case in the future, but I've fekkin' had it with all of these damn breaches one after another, and since there will only be more ahead, doing the freeze finally felt like the right move.

This crap sucks.

---

Do not taunt Happy Fun Ball

Yeah. Freezing is almost as much self-harm as protection. It's like protecting yourself from theft by locking yourself in prison. The system is jacked. The Social Security Administration needs to come into the 21st century.

I already had a freeze in place.

Unfortunately, now I wonder if my freeze unlock code was compromised in addition to the usual info.

I guess it depends on the nature of the hack and the structure of their database.

EDIT: Apparently they are claiming that no freeze PINs were compromised, but it remains unclear if any frozen records were hacked. I have complete faith that they are telling the truth.

---

---

"100% of the people who confuse correlation and causation end up dying."

Can someone please fill me in on what the "freeze" means? Does it mean they stop collecting my information? Does it mean they stop distributing my information? Or both?

I guess you don't understand how lawsuits work. They will lose and be forced into bankruptcy to avoid the judgement.

They still collect everything. But, they (supposedly) won't release any of it unless you "unfreeze" it for a period of time or for a specific inquiry.

They charge a fee to freeze your account and another each time you unfreeze it. Unfreezing it for a specific inquiry (say obtaining a mortgage or car loan) is tricky because often the bank or dealer subcontracts out the credit check to a company with a different name than themselves.

---

---

"100% of the people who confuse correlation and causation end up dying."

Let's say that I'm in the process of buying a house and am worried about my information being compromised. Would a freeze accomplish anything? I guess no credit inquiries means no one could open an account with my information, and I can continue monitoring my existing cards to make sure nothing is fishy. Is the freeze and unfreeze process straight-forward, can you unfreeze for a week when you know there'll be an inquiry?

What a massive clusterfuck they've created.

I'm mos def no expert on any of this stuff, but after doing some research throughout the week, here's the TL;DR on freezes...

All of the various reputable (i.e.non self-serving ;) online resources I looked at agreed on a few points...

1) The paid-subscription ID-protection services are all/each too much hit-or-miss in terms of protection, so they are generally not recommended... If you get one for free for a year due to breach, then sure, consider it (but watch out for strings attached).

2) Compared to the paid services, you can do a better job monitoring stuff yourself using resources you have access to now - some free, some not... Regularly checking your credit reports, aggressive account monitoring, etc. But all that takes careful attention and time to do effectively.

3) All sites agreed that a credit-freeze is the safest option, but also the most extreme... One big advantage is that it's fire-&-forget... Once your shit's locked down with a freeze, no babysitting by you required. But that advantage is also it's biggest downside... You are also locked out of your own credit just like any bad guys or good guys out there, so when you need to get "back in", you need to initiate an unfreeze.

When you establish the freeze, each bureau will give you a long PIN - that PIN will be needed to do initiate an unfreeze in the future when necessary. An unfreeze can be permanent or temporary. The unfreeze is always free either way, but if it's temporary, you will most likely be charged again to re-establish the freeze.

I haven't done an unfreeze yet, but it doesn't sound too bad to do. I guess time will tell on that.

The FTC site on credit freezes is pretty helpful, IMO -- https://www.consumer.ftc.gov/...7-credit-freeze-faqs


Truth!

---

Do not taunt Happy Fun Ball

Unfreezing is pretty straightforward -- you can do it online. What I've done when I need an unfreeze (say to get a mortgage) is to ask the bank which credit bureau they want to use (so I don't have to unfreeze all three of them), then unfreeze that bureau for some time window (like one week) and let them do their checks. This does make you vulnerable for the time window where the unfreeze is in place.

I've been frozen for years and it is usually not a hassle. (How often do you get a new cc or obtain a loan?) The one time it was an unexpected hassle was when I wanted to buy a car without financing. The dealer wouldn't accept my personal check without running my credit and I didn't have my freeze PIN with me, so I had to come back the next day with a cashier's check.

The freeze has successfully stopped several identity theft attempts during the time it's been on, too. You get a letter from some bank -- that you never contacted -- stating something like "unfortunately we are not able to open your new account because a credit freeze is in place. Please remove the freeze and resubmit your application."

On a related topic, this hack, and the fallout we're seeing, is a pretty substantial attack on the entire finance system in the US. I wonder if some state actor like NK or Russia is behind it...

---

---

"100% of the people who confuse correlation and causation end up dying."

We cannot do a credit freeze in Canada. And I can't even blame Trump for that! Our gov't have not put the legislation forward to force the credit bureaus to do it. So credit freezes are only done by the bureaus because they have been forced to allow them. The bureaus suck.

---

They constantly try to escape from the darkness outside and within
Dreaming of systems so perfect that no one will need to be good T.S. Eliot

I truly don't give a shit.

Every Soc Sec number ever has been breached. Mine is 644301228. You can buy 500 social security numbers for really cheap. WAAAY cheaper than the technology that was needed to do that hack**. Think about it. WTF is anyone going to do with 134M Soc Sec numbers? The same thing they would do with about 500 of them. Who ever hacked this data did it for the thrill and "hackers street cred", not because they are planning on filling out 134M fake credit card applications.

(It seemed like a lot of heist/action movies from the 90's had plots where someone would steal something worth a couple million to get out of trouble with the bad guys by using a couple of million dollars worth of equipment).

Thanks for the info!

Somehow it really chaps me that these jerks can charge me for the use of and control of my own personal information.

The SS numbers aren't the big issue with this hack. As I understand it, they got essentially all of the information that Equifax has to identify people -- past addresses, bank accounts, credit card accounts, etc. So it makes it really easy for an identity thief to impersonate you. How can you prove you are really you if an imposter has all of this personal information?

---

---

"100% of the people who confuse correlation and causation end up dying."

Oh I agree, the data can be used to imposter and file fake tax returns and stuff that sucks to deal with.

But those schemes- imposter schemes - do not require large pools of data. i guess, maybe, this breach will make the needed data cheaper, but I really doubt this data is going to be "sold." Imagine if someone stole a 747. I mean what can you really do with it?

I don't know if a stolen 747 analogy fits, maybe the sure scale of the theft, but in reality whomever is in possession of that data won't be looking to sell 143 million sets of data in bulk. More like a stolen Toyota Camry, stripped down and each part sold to a different buyer.

---

--------------------------
The secret of a long life is you try not to shorten it.
-Nobody

I agree that the data will be pieced out but in this case it IS more like a stolen 747 because of the sheer size of the hack. And the cost to do this had to be staggering. So...why?

(a side story: I acquired a container from China that had 2000 flip flops for less than $200. I had no clue what to do with them.).

Yeah, I realize a freeze doesn't do anything to protect existing accounts, but I'm already in the habit of very regularly keeping a close eye on all of those. Plus, shenanigans with those accounts are generally much easier to fully fix with the corresponding financial institution, as long as you catch them in a timely manner.

I'm really just concerned about ID theft (whether full-blown or just some chucklehead opening new accounts without me knowing it), and that's what I hope a freeze will prevent.

---

Do not taunt Happy Fun Ball

I found this interesting. Just went through the freeze process for the three credit agencies. Transunion and Experian both had a step to confirm my identity with 3-4 questions about things that would be found on my report. Both had a clear-cut spot where a pin was generated (or in the case of TU I created my own pin). Both felt secure, both gave me the information I'd need if and when I unfreeze my account.

Equifax literally had a check box to freeze my account - didn't ask any credit-related questions - then when I clicked the 'submit' button in had a page it recommended I print out and that was it. I didn't print the page but never saw a pin. Now when I try to unlock it's obviously asking for a pin, and I never saw one provided.

Not a big deal, I think in any future credit inquiries I'll tell the creditor that I've permanently locked my Equifax access and they'll have to use one of the other two. I don't care if it creates more of a monopoly for the other two, fuck Equifax.

And don't forget, we need to 'drain the swamp' by CUTTING regulations, since of course oversight is bad for business and all. We can still trust all the other companies to do the right thing, can't we?

Yeah, the Equifax process was surprisingly bare-bones compared the other 2, which were both much more along the lines of what I expected.

The Equifax PIN was indeed buried in that ridiculous print confirmation, but it was definitely not obvious - I didn't see it until I looked close a couple times.

Although Innovis is not commonly used, its freeze process was also very straight-forward (similar to TU and Exp), but it was free (no credit card entry needed - nice!) and the PIN is sent via snail-mail (not so nice, but I'm hoping mine arrives relatively soon).

---

Do not taunt Happy Fun Ball

True dat!

If someone ever breached my 1Password account, I'd be royally screwed. Thankfully, the chances of that are slim-to-none.

And please no one tell me if I'm wrong about that - just let me instead have that one small mercy of hope, even if delusional.

---

Do not taunt Happy Fun Ball

Just goes to show you, no bad deed goes unrewarded.

IRS awards multimillion-dollar fraud-prevention contract to Equifax

It keeps on going from worse to worser.


Equifax Inc said on Thursday it has taken one of its customer help website pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of more than 145 million people.


Equifax takes down web page after report of new hack

I'm surprised Wall Street did not come up in the most dangerous neighborhoods. Sure they won't stab you or shoot you in your liver, but they do steal from you and your family

The only surprising thing is that anyone is surprised by these breaches.

Very true statement. I was telling people the same thing when the news broke. I find it hard to trust any of these institutions anymore

It's not just the breach, but how the executives covered it up to buy time to unload stock shares before news came out. And now making more money on the perceived need for more security services.