One, did you all check to see if you have been impacted? Most likely you have. Two, the entire thing human error and straight up negligence on their part. This from the company that has info you didn't give them who will ruin your credit for being late with a payment, and or, make it damn near impossible to remove something from your report you didn't cause. People really should be outraged about this.

A few execs in the company stepped down (vs being fired) and and no doubt, left with millions in golden parachute reward for sucking at their jobs. I recommend you PASS this around and let the powers that be (your elected officials will also be directly impacted so probably pissed off) you want a federal investigation and those found guilty, pay the price.

Failure to patch two-month-old bug led to massive Equifax breach

The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more than two months earlier, officials with the credit reporting service said Thursday.

"Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," company officials wrote in an update posted online. "We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."

The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.

Cont:

https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/

Thanks Will. This is just par for the course now days in corporate greed USA. No wonder Bernie has so many followers bashing capitalism.

<--- Wife and I are signing up for Life Lock. Another $500 a year of household money out the window to cover up someone else's screw up.

Thanks Will. This is just par for the course now days in corporate greed USA. No wonder Bernie has so many followers bashing capitalism.

<--- Wife and I are signing up for Life Lock. Another $500 a year of household money out the window to cover up someone else's screw up.

Yup. Might be tax deductible at least.

I've discussed this issue with local people who are knowledgeable about banking, credit, etc., and have decided to lock down my information at all three major credit bureaus. The cost will outweigh any headaches I may have if someone uses my information to obtain a credit card or line of credit at a retailer.

The breach is unacceptable and the Department of Justice should conduct a thorough investigation.

I've discussed this issue with local people who are knowledgeable about banking, credit, etc., and have decided to lock down my information at all three major credit bureaus. The cost will outweigh any headaches I may have if someone uses my information to obtain a credit card or line of credit at a retailer.

The breach is unacceptable and the Department of Justice should conduct a thorough investigation.

It's free but for the d bags at Experien I believe.

I've discussed this issue with local people who are knowledgeable about banking, credit, etc., and have decided to lock down my information at all three major credit bureaus. The cost will outweigh any headaches I may have if someone uses my information to obtain a credit card or line of credit at a retailer.

The breach is unacceptable and the Department of Justice should conduct a thorough investigation.

It's free but for the d bags at Experien I believe.

You can register for credit fraud protection and insurance with Equifax and they are picking up the tab.

How do you find out if your information was exposed?

How do you find out if your information was exposed?

You know, buy giving them yet more info:

https://www.equifax.com/personal/

I was effected.

You know, buy giving them yet more info:

https://www.equifax.com/personal/

I was effected.

Are you certain? People have tested that setup with fake names and SSN's, and been informed by Experian that they were affected. If you sign up for their "free" service, you waive your right to sue them, even if their fraud protection fails.

The Big 3 is a racket. They legally libel people every day and get away with it. I'm not paying them a dime to protect me from THEM! It's legalized racketeering and extortion. If they screw up and negatively impact my life, I will sue them and move on. The .gov has already compromised my PII so many times, I just don't get worked up over something that may never rear it's ugly head.

When Experian pays to lock and unlock my credit upon demand indefinitely with all of the rating agencies, I'll do that. Until then? No.

You know, buy giving them yet more info:

https://www.equifax.com/personal/

I was effected.

Are you certain? People have tested that setup with fake names and SSN's, and been informed by Experian that they were affected. If you sign up for their "free" service, you waive your right to sue them, even if their fraud protection fails.

The Big 3 is a racket. They legally libel people every day and get away with it. I'm not paying them a dime to protect me from THEM! It's legalized racketeering and extortion. If they screw up and negatively impact my life, I will sue them and move on. The .gov has already compromised my PII so many times, I just don't get worked up over something that may never rear it's ugly head.

When Experian pays to lock and unlock my credit upon demand indefinitely with all of the rating agencies, I'll do that. Until then? No.

Are you certain?

Far as I know that's the best way to find out from them



People have tested that setup with fake names and SSN's, and been informed by Experian that they were affected. If you sign up for their "free" service, you waive your right to sue them, even if their fraud protection fails.

See below



The Big 3 is a racket. They legally libel people every day and get away with it. I'm not paying them a dime to protect me from THEM! It's legalized racketeering and extortion. If they screw up and negatively impact my life, I will sue them and move on. The .gov has already compromised my PII so many times, I just don't get worked up over something that may never rear it's ugly head.

When Experian pays to lock and unlock my credit upon demand indefinitely with all of the rating agencies, I'll do that. Until then? No.

https://pbs.twimg.com/media/DJi_dP5VYAAOC5_.jpg:large

Far as I know that's the best way to find out from them



See below



https://pbs.twimg.com/media/DJi_dP5VYAAOC5_.jpg:large

So they got caught and had to crawfish, good! Let me know when the rest of my terms and conditions are met by them.

Far as I know that's the best way to find out from them



See below



https://pbs.twimg.com/media/DJi_dP5VYAAOC5_.jpg:large

So they got caught and had to crawfish, good! Let me know when the rest of my terms and conditions are met by them.

You can register for credit fraud protection and insurance with Equifax and they are picking up the tab.

Supposedly, by taking that option you waive your right to sue them. Realistically, I'm not going to go through that hassle anyway, so I signed up.

You know, buy giving them yet more info:

https://www.equifax.com/personal/

I was effected.

Thank you, I just enrolled. I saw something on Facebook that showed the chief security officer's FB account, her listed major was music composition. If that was legit information, it sounds grossly negligent on their part putting someone in charge who is not even remotely qualified.

Oh boy, we get to live in the early century again but with smartphones and more laws.

Back in the 20s people at least had the decency to jump out of windows.

Unelected, answerable to none, and no repercussions. You also get the privelege of paying for their screw up.

This is why folks kept gardens and hid cash money in chests or under mattresses.

All for your precious 'Credit Score' that they control.

I wanted Trump to be Reagan too. Relive the 80s. Bought into the Retrowave. But he will be another Herbert Hoover paving the way for another Roosevelt.

Just keep paying your taxes people.

Also allow me to laugh heartily at the idea of the DoJ "fixing" anything.

You'll get a class action lawsuit that will make some big firms a lot of money but you wont be getting a new SS# nor your privacy back. Any new laws will be used against you.

And LifeLock? Again, please. Going too far with the comedy. This is serious. Another self appointed middleman that you are paying to monitor your life with a breachable database of your info manned by Jawarwhal in Dehli and kept on a server in China.

Why not get the Pinkerton's involved too?

Oh boy I sure am loving this millenium

I've discussed this issue with local people who are knowledgeable about banking, credit, etc., and have decided to lock down my information at all three major credit bureaus. The cost will outweigh any headaches I may have if someone uses my information to obtain a credit card or line of credit at a retailer.

The breach is unacceptable and the Department of Justice should conduct a thorough investigation.

I locked down all three yesterday. Save yourself time and grief and don't try to phone. Took an hour to fully access all three sites online. Feels spooky giving them your SSN, but hell - half the world has it now anyways!!!!!

And if you are a geezer - it's all free:)

geezer john

And a reminder for those that sign up for Equifax's free year of protection watch out for an automatic renewal cost. Make sure you look through the details so you know how and when you need to cancel if you don't plan to keep it after the year.

Sent from my Alcatel 6055U using Tapatalk

You know, buy giving them yet more info:

https://www.equifax.com/personal/

I was effected.

The last six? If you know when and where someone was born the other numbers are almost a known. Should have been the first to at least leave a little mystery.

There better be some people going to jail. There was some obvious insider trading going on.

A couple of questions. Perhaps rhetorical, perhaps not.

For those using the provided link to check if they were part of the data released in the breach: Why would you trust Equifax to have properly scoped the extent of the data compromised? Are you SURE they are right you were not impacted?

For those who will take them up on the promised credit monitoring: How has Equifax as an organization suddenly earned your trust again after this breach?

Personally, I would treat myself as an impacted person. I would contact all four major credit bureaus - Equifax, Experian, Trans Union and Innovis (people always seem to forget them) and place a permanent freeze on your credit. You will have the ability to temporarily lift it as needed. If you are applying for a loan or credit, ask the lender who they use, and just lift that one temporarily.

As an InfoSec geek, I can tell you this is a big freaking deal. It's one thing when a merchant or lender is compromised. They send you a new credit card or account number, and life marches on.

But, however, comma, how exactly does one change their date of birth, address and Social Security number? (Insert sound of crickets chirping...)


A few helpful links below:

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

https://www.experian.com/freeze/center.html

https://www.transunion.com/credit-freeze/place-credit-freeze

https://www.innovis.com/securityFreeze

Oh, and one other thing, just to add a cherry on the doo-doo cupcake.

If you were impacted, make damn sure you file your taxes as soon as you have your W-2's in January. Because if someone got your name, address and SSN, there is not much stopping them from filing a fraudulent tax return and getting your refund, if any.

(Attention thieves: The joke would be on you, I usually end up paying a few hundred bucks every year, and I'm cool with that.)

Thank you for the information Serious Student. You saved me some leg work.

I have an appointment with my financial advisor people next week. This will be a good topic to add to the discussion.

T2C - you are most welcome, glad to be of assistance.

Hmac - Yes, I would definitely bring it up with your advisor. Making sure you reset/change/strengthen the passwords on all your accounts and funds is probably a good idea. Plus checking them very regularly is also good.

I actually use a specific computer, a "hardened" laptop, just for financial transactions. That is the only thing it's used for - period. When not in use, it stays locked in one of the gun safes. Booted up, do the chores, power off and back in the safe. I also never have any websites "remember" passwords. I generate a unique 20-character password for every website, and write them down in a notebook. That stays in the safe as well.

The laptop does not even have a hard drive, I have it boot from a "live CD" with an operating system which just vanishes as soon as it's powered off. You can find a cheap used laptop without a hard drive on eBay for $60.

https://tails.boum.org/

If someone breaks in here at Rancho Serious and gets into that particular gun safe with all my NFA goodies, I have other problems to worry about besides a little paper notebook.

And as if I have to say it, never, ever reuse passwords between websites.

Here's a link to a password generator.

https://www.grc.com/passwords.htm

It generates 63-character ones. Just cut 20 out of the middle somewhere. You can also just copy/paste them onto a text document (notepad, Word, etc) and then just scribble the name of the website/account next to it. Lock it in the gunsafe, and you just did more in five minutes to secure yourself than most people ever do.

Hmac - Yes, I would definitely bring it up with your advisor. Making sure you reset/change/strengthen the passwords on all your accounts and funds is probably a good idea. Plus checking them very regularly is also good.


I check Credit Karma about once a week. Their credit score is kind of a joke, but as a relative point of reference it's probably useful, especially if compared to my actual FICO score that I get as part of my Visa card. More importantly, it does give me a (slightly watered-down) version of my credit activity. I'll see any new accounts being opened, or any credit inquiries from attempts to open new credit lines.

I was reluctant to sign up with them years ago, but actually they have been FAR less intrusive from a SPAM standpoint than, say, the NRA.....

And a reminder for those that sign up for Equifax's free year of protection watch out for an automatic renewal cost. Make sure you look through the details so you know how and when you need to cancel if you don't plan to keep it after the year.

Sent from my Alcatel 6055U using Tapatalk
From their terms and FAQ:

After the one-year complimentary subscription expires, will the product renew?

The product will expire after one year. We are not requesting consumers’ credit card information when they sign up for the free credit file monitoring and identity theft protection we are offering to all U.S. consumers. Consumers who sign up for TrustedID Premier will not be automatically enrolled or charged after the conclusion of the complimentary year of TrustedID Premier.

Yeah, at no point in the sign-up process was a credit card involved.

Just gonna leave this here...

https://i.redd.it/fau2uq9jmylz.jpg

I checked the Equifax site the day after the breach went public and they said my information was not compromised. I shrugged, though. I was part of the OPM hack a while back so my stuff is already out there, anyway.

I don't read too much into what the C-Level execs in organizations went to school for 20+ years ago. You never know where life takes you as you navigate the corporate world. I work in software now, and I've seen some people who studied things completely unrelated to the tech world, but are doing awesome things today.

Oh, and one other thing, just to add a cherry on the doo-doo cupcake.

If you were impacted, make damn sure you file your taxes as soon as you have your W-2's in January. Because if someone got your name, address and SSN, there is not much stopping them from filing a fraudulent tax return and getting your refund, if any.

(Attention thieves: The joke would be on you, I usually end up paying a few hundred bucks every year, and I'm cool with that.)

I was thinking the same thing, but couldn't they file a false return and get a refund even if you aren't owed one?

Frankly, I think we need to start using drones and direct action on overseas operations behind these hacks. These are direct attacks against our financial system. As a nation state, we should go all assymetrical on their asses.

Double tap and I know I pressed it just once.-----

I don't read too much into what the C-Level execs in organizations went to school for 20+ years ago. You never know where life takes you as you navigate the corporate world. I work in software now, and I've seen some people who studied things completely unrelated to the tech world, but are doing awesome things today.

Just gonna leave this here...

https://i.redd.it/fau2uq9jmylz.jpg


Well I might be willing to give her the benefit of the doubt, that is right up until this happened.
I wonder if the "Mrs Doubtfire" above sold her stock too?

Double Tap
Second time in two days.

Well I might be willing to give her the benefit of the doubt, that is right up until this happened.
I wonder if the "Mrs Doubtfire" above sold her stock too?

I guess I should be clear. I don't write people off just because of of their degrees. I will absolutely say this lady ****ed up.

I guess I should be clear. I don't write people off just because of of their degrees. I will absolutely say this lady ****ed up.

I agree...she's had 14 years in the private sector since her Master's degree. Can't completely judge her qualifications....BUT, her counterparts at Transunion and Experion have through-and-through cybersecurity credentials. Furthermore, most of her online data, including profiles, articles, even YouTube interviews, have been scrubbed from the internet. All signs, including the end result if her tenure, point to her being underqualified for the job she had.

I checked the Equifax site the day after the breach went public and they said my information was not compromised. I shrugged, though. I was part of the OPM hack a while back so my stuff is already out there, anyway.

I don't read too much into what the C-Level execs in organizations went to school for 20+ years ago. You never know where life takes you as you navigate the corporate world. I work in software now, and I've seen some people who studied things completely unrelated to the tech world, but are doing awesome things today.

Agreed. My most trusted minion has a degree in economics. My undergrad work was in accounting. One of the very best security geeks I know never graduated from high school, and has a GED.

The difference is that we all basically reinvented our skillsets, and retrain every day, just like many others here in so many fields.

But, I certainly agree with the others. She's gonna smoke a turd over this one.

From their terms and FAQ:

After the one-year complimentary subscription expires, will the product renew?

The product will expire after one year. We are not requesting consumers’ credit card information when they sign up for the free credit file monitoring and identity theft protection we are offering to all U.S. consumers. Consumers who sign up for TrustedID Premier will not be automatically enrolled or charged after the conclusion of the complimentary year of TrustedID Premier.Must have rethought their position or possibly the initial information I heard was a little off.

Sent from my Alcatel 6055U using Tapatalk

I checked the Equifax site the day after the breach went public and they said my information was not compromised. I shrugged, though. I was I don't read too much into what the C-Level execs in organizations went to school for 20+ years ago. You never know where life takes you as you navigate the corporate world. I work in software now, and I've seen some people who studied things completely unrelated to the tech world, but are doing awesome things today.

This one is close to home for many reasons...

First, as an expert in derogatory UGA jokes, I have to painfully admit that their school of business, and specifically their MIS degree is very highly regarded, with good reason.

Also, I know Susan, worked with her indirectly over a decade, and briefly for her, a decade ago. Solid technical manager, strong business acumen and a great people manager. So I gave her a pass on her school and degree. Been out of touch for a while, but if this was on her watch I'll tell you it's bigger then her, has to be.

Which leads to the real issue... This problem was not just a matter of just applying patches, and after the patch was applied the entire subsystems had to be rebuilt. Essentially rebuilding your entire site and code.

Many, many companies with sensitive information were vulnerable to this issue. Likewise, many businesses do not fully understand that code is a liability. It has to be maintained, actively managed. Most likely there was not budget or permission to do an outage, or something like that to get the patch in place.

And they got bit.

The real issue is that these companies (credit agencies) are allowed to maintain the type of information they have and there's no real negative consequences for allowing a problem to occur.

Equifax will pay big time for this, but it still probably less than what it would be trying to maintain a Fail-Safe environment. No code can be managed to the level of protection needed and still allow consumer and Industry access the way the credit services do.

Meanwhile the government routinely has leaks that are as bad or worse. If you have a family member in the military or has ever gotten a security clearance, your info has been hacked.

It's been pretty much a yearly event for us between medical industry, the OPM hack, merchandise/vendors, etc., your information is vulnerable.

The only thing that makes this even notable is its scale. You're still most likely at risk from someone like a car salesman having access to your information through credit reporting agencies when they should not.

How many times are you asked for the last 4 digits of your social as some form of authorization? Totally bogus check, that's the real issue.

The problem is not how to keep info like your social security number or bank account numbers private. It's making the systems that leverage that information robust so that knowing the ID does not compromise it.

Technology exists now that totally secured credit card transactions even if you have the card number. Want to know why it's not been implemented in the US? Look to the big retailers and the big Banks.

Meanwhile Europeans easily send cash directly from their accounts to other individuals or vendors in a very secure fashion.

Why can't the banks confirm and transact a certified check instantaneously instead of you being stuck with the problem if it turns out to be counterfeit? They choose not to, can't be bothered.

This stuff happens. It will happen again as it's systematic in the collective Industries. They won't fix it unless forced, and the current system will never make that happen.

I agree...she's had 14 years in the private sector since her Master's degree. Can't completely judge her qualifications....BUT, her counterparts at Transunion and Experion have through-and-through cybersecurity credentials.

And that means virtually nothing...

You are right, you can't judge her qualifications at all, since I know what your profession is.

I have zero direct knowledge of Susan's involvement or not in this particular event. Doesn't matter, just like Admirals or similar she will take the bullet for this event, already has.

What I do know is that she hired and developed experts in their respective fields. One particular example got into the computer security field under Susan and has since been at three of the top industry leaders, names ot only would you know, but you use their products daily most likely. Not just worked there, became Chief scientist or similar in the field of computer security.

So independent of who and how it happened, I will just flat-out state as fact from first-hand knowledge it would not be because she was not qualified.



Furthermore, most of her online data, including profiles, articles, even YouTube interviews, have been scrubbed from the internet. All signs, including the end result if her tenure, point to her being underqualified for the job she had.

Meaningless. If anything she should not have had them there to start with. (Linked in for sure).

She and others had to take them down because of personal threats.

In large corporations above a certain level you are not supposed to have any of that information publicly available except through the corporate sources. Carefully managed, etc for this exact reason.

That's not to hide their qualifications, that information is on corporate bios. It's more to prevent witch hunts based on perception rather than fact, and to put these leaders at risk, both physical or other.

I'm below C level in a big corporation, but not by much, and I'm already at the point that the information available on Linked-in or similar is beyond what corporate officially approves of.

Equifax will pay for their sins. Whether Susan had any hand in it or not I don't know, but she's already paid her price. She's just like the admiral of the 7th Fleet, may or may not have had anything to do with the issue. But it happened on her watch, so she's gone.

What I do know is that anyone involved in this field is sweating bullets because it could have been them. And may still have turned out to be.

The article below starts out on the music aspect, which is really a canard, just click bait. But they get into the real issue, and that's where the real problem is.

https://www.nbcnews.com/business/consumer/equifax-executives-step-down-scrutiny-intensifies-credit-bureaus-n801706

Yeah, that's all very interesting. Just idle speculation on my part - I certainly have no expertise in this arena. My bottom-line concern is how it affects me, if at all. I'll see what my advisors have to say later this week and what they think I should do. We'll just move forward from there.

Another interesting twist, a friend who has all his credit proactively locked with all three providers needed to have it unlocked couple days ago to do a loan. Of course the website for Equifax was broken due to overload, phone lines were nonresponsive, Etc

The next day he talks to the bank, and they say hey no problem we were able to pull Equifax anyway. And yet they're all supposed to be locked.

What a mess. We both think there will be Congressional hearings before it's over with. And sad to say, for the first time ever, I might be on the same side of an issue as Senator Warren.

This one is close to home for many reasons...

First, as an expert in derogatory UGA jokes, I have to painfully admit that their school of business, and specifically their MIS degree is very highly regarded, with good reason.

Also, I know Susan, worked with her indirectly over a decade, and briefly for her, a decade ago. Solid technical manager, strong business acumen and a great people manager. So I gave her a pass on her school and degree. Been out of touch for a while, but if this was on her watch I'll tell you it's bigger then her, has to be.

Which leads to the real issue... This problem was not just a matter of just applying patches, and after the patch was applied the entire subsystems had to be rebuilt. Essentially rebuilding your entire site and code.

Many, many companies with sensitive information were vulnerable to this issue. Likewise, many businesses do not fully understand that code is a liability. It has to be maintained, actively managed. Most likely there was not budget or permission to do an outage, or something like that to get the patch in place.

And they got bit.

The real issue is that these companies (credit agencies) are allowed to maintain the type of information they have and there's no real negative consequences for allowing a problem to occur.

Equifax will pay big time for this, but it still probably less than what it would be trying to maintain a Fail-Safe environment. No code can be managed to the level of protection needed and still allow consumer and Industry access the way the credit services do.

Meanwhile the government routinely has leaks that are as bad or worse. If you have a family member in the military or has ever gotten a security clearance, your info has been hacked.

It's been pretty much a yearly event for us between medical industry, the OPM hack, merchandise/vendors, etc., your information is vulnerable.

The only thing that makes this even notable is its scale. You're still most likely at risk from someone like a car salesman having access to your information through credit reporting agencies when they should not.

How many times are you asked for the last 4 digits of your social as some form of authorization? Totally bogus check, that's the real issue.

The problem is not how to keep info like your social security number or bank account numbers private. It's making the systems that leverage that information robust so that knowing the ID does not compromise it.

Technology exists now that totally secured credit card transactions even if you have the card number. Want to know why it's not been implemented in the US? Look to the big retailers and the big Banks.

Meanwhile Europeans easily send cash directly from their accounts to other individuals or vendors in a very secure fashion.

Why can't the banks confirm and transact a certified check instantaneously instead of you being stuck with the problem if it turns out to be counterfeit? They choose not to, can't be bothered.

This stuff happens. It will happen again as it's systematic in the collective Industries. They won't fix it unless forced, and the current system will never make that happen.

At high levels, it's less about technical skill and more about balancing vision, strategy, resources, and people.

When I was in the nuclear weapons realm, I saw the same thing play out over and over again. Some problem happens much lower down the chain, but the person at the top will get hung for it.

I once had a O-5 mentor tell me, "the burden of command is knowing that at any given moment, somebody, somewhere, is doing something that can get you fired."

Ultimately, whatever happened will get blamed on some strategic oversight, misplaced priority, or leadership failing. Whether or not it is actually the fault of the person who is getting fired is immaterial. Examples must be set.

I'll briefly discuss what I did:

1. I put a permanent credit freeze on my account through Experian.
2. I signed up for Zander Identity Theft insurance (recommended by Dave Ramsey)
3. I signed up for LifeLock's basic service
4. I plan to always file my tax returns as soon as feasible from this day forward.

Supposedly LifeLock has had some issues in the past, but they have a reputation as being the best. This data breach is supposedly so bad that the thieves got the motherload of enough info to really screw you.

To my mind, the credit freeze is the best insurance. My credit card company contacted me immediately BEFORE the breach was announced to say they had canceled by card as a precaution and sent me another one in a few days.

Unless I'm mistaken an outfit like Equifax wouldn't have my bank account number, but I signed up to have LifeLock monitor it anyway. Ditto my debit card number.

I can't think of much else to do except maybe change passwords.

I can't think of much else to do except maybe change passwords.

You should also place a freeze with Equifax and TransUnion. It's not like a Fraud Alert...Freezing one doesn't automatically freeze the others and it doesn't do much good to lock Experian if creditors can pull a report from TransUnion and open an account in your name.

You should also place a freeze with Equifax and TransUnion. It's not like a Fraud Alert...Freezing one doesn't automatically freeze the others and it doesn't do much good to lock Experian if creditors can pull a report from TransUnion and open an account in your name.

Fine. Did and did.

I'll briefly discuss what I did:

1. I put a permanent credit freeze on my account through Experian.
2. I signed up for Zander Identity Theft insurance (recommended by Dave Ramsey)
3. I signed up for LifeLock's basic service
4. I plan to always file my tax returns as soon as feasible from this day forward.

Supposedly LifeLock has had some issues in the past, but they have a reputation as being the best. This data breach is supposedly so bad that the thieves got the motherload of enough info to really screw you.

To my mind, the credit freeze is the best insurance. My credit card company contacted me immediately BEFORE the breach was announced to say they had canceled by card as a precaution and sent me another one in a few days.

Unless I'm mistaken an outfit like Equifax wouldn't have my bank account number, but I signed up to have LifeLock monitor it anyway. Ditto my debit card number.

I can't think of much else to do except maybe change passwords.

All good info, thank you.

Does the fail with this company ever stop?! This is truly unbelievable. They directed people to a fake site!

http://wlrn.org/post/after-massive-data-breach-equifax-directed-customers-fake-site

Does the fail with this company ever stop?! This is truly unbelievable. They directed people to a fake site!

http://wlrn.org/post/after-massive-data-breach-equifax-directed-customers-fake-site

Which is another reason why I haven't gone to their site at all. A company hides the fact that they've been hacked so their senior executives can dump their stock, THEN they announce they've been hacked because of internal incompetence. So the first thing they want all consumers to do is visit their system? Lunacy.

How about they PROVE they've corrected their problems with an independent audit and THEN assist the people they affected? :rolleyes:

How about they PROVE they've corrected their problems with an independent audit and THEN assist the people they affected? :rolleyes:

Because, at the end of the day, they don't give two shits about you or anyone else they affected. We are not their customers...We are their PRODUCT.

My only hope is that the resulting class action lawsuits will sink them...We'll see. I also hope that at some point we get away from using SSNs as identification. It was fine in the 1930's, but completely inadequate now.

Because, at the end of the day, they don't give two shits about you or anyone else they affected. We are not their customers...We are their PRODUCT.

My only hope is that the resulting class action lawsuits will sink them...We'll see. I also hope that at some point we get away from using SSNs as identification. It was fine in the 1930's, but completely inadequate now.

Right... they already have the solution to that. It's called "chipping" every living person on the planet.

Sorry, I hope I'm gone before that becomes mandatory because that's about a thousand times worse than gun registration in my book.

I don't think we need to go right to chipping. There's got to be something in-between a 9-digit number that everyone already knows and "the mark of the beast"...

Hell, even pairing your SSN with some kind of two-factor token would be a huge improvement.

It's pretty clear that the situation we have now is shit. But like I said above, nobody but the poor schmuck who has to deal with the results of the ID theft gives two shits. Being fast and loose with your info is profitable, so companies like Equifax will keep doing that. And then LE will take your report online when someone opens an account in your name, and the "submit" button will send it to /dev/null and the world will keep turning.

Because, at the end of the day, they don't give two shits about you or anyone else they affected. We are not their customers...We are their PRODUCT. My only hope is that the resulting class action lawsuits will sink them...We'll see. I also hope that at some point we get away from using SSNs as identification. It was fine in the 1930's, but completely inadequate now.

Exactly. I hope they sink, HARD.

Just before this announced I had a Amex compromised. Just after this was announced, I had my MasterCard compromised.

That's the second time for both of those cards. A few years ago when i first got the MC, it was compromised within like 30 days. These are not lost cards and none handed to a waitress and taken out of my sight or anything of that nature.

This last one I was sitting at the computer and in comes email alerts that I was spending $580 at walmart, gas stations, Wendys. I think it was all on the northern neck area of MD. I would think they could have caught this person. Had to be on camera. But... all you get is the end user criminal and not the original thief.


Ray Kurzweil:
Our intuition about the future is linear. But the reality of information technology is exponential, and that makes a profound difference. If I take 30 steps linearly, I get to 30. If I take 30 steps exponentially, I get to a billion.

That's a lotta phone calls to Equifax gents.

It's free but for the d bags at Experien I believe.

"Locking" = Free

"Freezing" = Cost ---- turning on and turning off

With recent events, this has not been getting much attention, and that will cost us all. CEO of the company gets his ass handed to him by Warren. I'm not a big Warren fan, but she rips him a new one without lube and it's a good watch. I hope people have not forgotten about what Equifax has done to YOU and me.


https://www.youtube.com/watch?time_continue=64&v=vudP3ROnFYI

With recent events, this has not been getting much attention, and that will cost us all. CEO of the company gets his ass handed to him by Warren. I'm not a big Warren fan, but she rips him a new one without lube and it's a good watch. I hope people have not forgotten about what Equifax has done to YOU and me.


https://www.youtube.com/watch?time_continue=64&v=vudP3ROnFYI
She is absolutely not wrong. Mr. Smith should've been carried out in shackles and thrown in a dark hole, then ask the rest of the Equifax a-holes who wants to join him? :mad:

With recent events, this has not been getting much attention, and that will cost us all. CEO of the company gets his ass handed to him by Warren. I'm not a big Warren fan, but she rips him a new one without lube and it's a good watch. I hope people have not forgotten about what Equifax has done to YOU and me.



Frankly I'd love to see this CEO put in prison. That might sober up some of these other assholes who pad their own pockets while selling or otherwise leaving our data unprotected.

Frankly I'd love to see this CEO put in prison. That might sober up some of these other assholes who pad their own pockets while selling or otherwise leaving our data unprotected.

Good thing is, I doubt the majority on either side of the isle as much sympathy for him or the ilk at this point, and that industry has been above the law for a long time, and now that's coming back to bite everyone, including some in the house and senate who have their info out there now. Will anything change? Guess we can look at what happened post 08 crash for some examples....

Sorry for the necro post.

Life lock just saved our @$$ a lot of work. Some a-holes just opened a few cellular accounts under the Mrs’ name and SS. It’s all taken care of now. This could have been a disaster otherwise. If you have not done lifelock, this is a reminder.

Life lock just saved our @$$ a lot of work. Some a-holes just opened a few cellular accounts under the Mrs’ name and SS. It’s all taken care of now. This could have been a disaster otherwise. If you have not done lifelock, this is a reminder.
Glad it got caught, but had you previously locked your credit info at the 3 major credit reporting agencies before it happened?

No, but we have now.