Equifax Takes The Data Breach Cake
On September 7 2017, credit reporting agency Equifax reported one the worst data breaches in history, compromising an estimated 143 million Americans, 44 British citizens, and an uncertain number of Canadians. Read on to learn if your personal information leaked to hackers, and how Equifax is actually making things WORSE with their response to the breach... |
What Was in the Equifax Leak?
It's not pretty. Names, addresses, Social Security Numbers, birth dates, and in some cases driver’s license data were leaked. Additionally, the credit card numbers of 209,000 U.S. citizens, and credit-related dispute documents with personal identifying information for approximately 182,000 more U.S. citizens were leaked.
Last year, Yahoo announced over a billion customer accounts were compromised by hackers, but Yahoo doesn’t have so much sensitive data about its users. This breach is a very big deal. That it happened is an outrage that’s getting worse every day, as we learn more.
First, we learned that Equifax knew about the breach as early as July 29, but waited forty-one days to alert the public. Why did Equifax wait so long to alert the public? The company has not bothered to explain. Nor has it revealed whether card PINs were compromised. It seems such information is none the victims’ business.
Next, we learned that three Equifax executives sold $1.8 million of their personal shares in the company a few days after the breach was discovered and a full month before it was revealed to the public. An Equifax spokesperson claimed that none of the execs knew of the breach at the time they sold their stock, a claim that will surely be examined closely by the SEC.
Consumers who went to an Equifax website set up to tell them whether they were affected by the leak were initially required to agree to binding arbitration of any dispute arising from this matter. Equifax, in effect, said to the whole world, “We’re not going to tell you whether we lost your personal financial data unless you agree not to sue us!” That plan went down in flames; within 24 hours, the company eliminated that clause from its site in the face of withering criticism from all corners.
Were You Affected?
The website itself turns out to be a sham, as people who entered the same data multiple times quickly learned. It just returns random answers, “yes, “no,” or “we don’t know if you were affected.”
The site is supposed to let all affected visitors sign up for the Equifax TrustedID Premier credit monitoring service for one year, free of charge. But as of September 10, I was still getting the peculiar response, “Please return here on September 12, 2017, to complete your enrollment in TrustedID.” Entering different data produced different “return” dates, i. e., September 11 or 13. It’s hard to believe there’s anything behind that cloud of smoke, either.
Yes, it can get worse! The site was not even registered to Equifax, according to the Whois database, until the afternoon of September 10. Its implementation of TLS encryption is flawed, so connections to it may not be secure. It’s running on the free version of Wordpress blogging software, which is entirely unsuitable for enterprise-grade secure applications. Those are just the highlights; there are so many security flaws in the site that OpenDNS, the Cisco-owned domain name service, blocked access to EquifaxSecurity2017.com and warned it was a potential phishing scam. Indeed, the site looks very much like something a phishing scammer would put together.
At this point, there's no good way to determine if you were affected. So it's safer to assume you were. The Federal Trade Commission recommends the following for people who may have been affected by a data brech:
- Check your credit reports from Equifax, Experian, and TransUnion. See my article HOWTO: Get Your Free Credit Report Online for details.
- Consider placing a credit freeze on your files.
- Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
Every time I think that Equifax could not possibly have responded to this breach any worse, the company proves me wrong. At this point, I don’t even want to go near Equifax or any site it purportedly owns. I’m just going to order a 55-gallon drum of popcorn via Amazon Prime and watch the rest of this dumpster fire.
I'll update this story when (or perhaps IF) Equifax gets their act together and/or releases any more details to the public.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 11 Sep 2017
For Fun: Buy Bob a Snickers. |
Prev Article: Can Zello Save You In a Hurricane? |
The Top Twenty |
Next Article: Here's Why Your Password is Hackable |
There's more reader feedback... See all 51 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Equifax Takes The Data Breach Cake (Posted: 11 Sep 2017)
Source: https://rankinfile.com/equifax_takes_the_data_breach_cake.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Equifax Takes The Data Breach Cake"
(See all 51 comments for this article.)Posted by:
Michael
11 Sep 2017
Great blog, Bob. I looked into this fiasco last week and found that Equifax owns TrustedID and is using this breach as a marketing opportunity to line up customers for its overpriced, underwhelming credit monitoring service. Avoid at all costs.
Posted by:
Juanita Moore
11 Sep 2017
My husband's two credit cards were affected. The credit card company alerted us to the first one, and are issuing him a new card. They took all the incorrect charges off our account. I caught the other one this morning by checking our other credit card account and seeing two Apple Itunes charges when we don't own any thing made by Apple. He called and they said they would send him a new card for that one because it too had been compromised. Someone had already tried to charge something else, but had the wrong address so it was denied. We will be keeping our eyes and ears open for a while.
Posted by:
Glen
11 Sep 2017
when ever there is ""BIG MONEY"" involved, there will always be crookedness going on.
Posted by:
Charles
12 Sep 2017
Does this fall under the Consumer Financial Protection Bureau (CFPB)? The following is from the CFPB site: "If you're having trouble with a financial product or service, you can submit a complaint with the CFPB online or by calling (855) 411-CFPB (2372)." I think of this as possibly Squeaky Wheel, part II.
Posted by:
Chris
12 Sep 2017
Get ready for a 'CHIP' folks.
It will be the only solution to "security"...
Based on your own DNA to generate a code unique to your cells. Of course "it won't include GPS tracking" to appease the Christian Population that will refuse the 'MARK of the BEAST'. But even your cell phone has an FM receiver, that isn't allowed by law to be activated....YET!
We live in precarious times...
Posted by:
Bob Hays
12 Sep 2017
People in this country need to wake up and educate themselves about the Federal Reserve, big banks and credit reporting agencies in this country. They are worse than a sham; they are corrupt and take advantage of the general public's ignorance about money.
When I read about this latest scandal last week and what to do about it (go to Equifax to make sure your sensitive information is "protected"), I had to laugh. I'll be watching my own backside as much as these miscreants will allow me. They have way, way too much power.
Posted by:
Linda
12 Sep 2017
Great post, Bob. You expressed my sentiments exactly. I am FURIOUS with Equifax and agree completely with JP's comment, except that I think ALL of Equifax's management should be fired, and that the CEO and Chief Security Officer should also go to jail.
Posted by:
sirpaul2
12 Sep 2017
I read on Bloomberg (couple days ago) there's already a class action suit filed in Portland, Oregon - and will seek as much as $70 billion in damages nationally.
Of course, Equifax didn’t respond to a request for comment on the matter.
Posted by:
LadyLiberTEA
12 Sep 2017
I. SSN:
a) FREEZE: Easy automated (phone or online) lift/restore can be FREE to seniors and/or police-reported identity theft victims (or $10/per bureau per lift/and restore included if desired) varies by State.
b) 90-DAY FRAUD ALERT: Can be FREE, and start with Experian to automatically notify Equifax and TransUnion.
c) FREE ANNUAL 3-BUREA CREDIT REPORTS CHECK: see Bob's reference
II. ONLINE PROTECTIONS: As Bob teaches,
a) Utilize 2-step login verification where available (phone or alternate email);
b) Change passwords every 3 months;
c) Change and Stop Using Security Question Answers ever posted before
III. IDENTITY/CREDIT MONITORING SERVICE:
a) Email alerts and monthly reports after fraud = not preventative
b) FREE with AAA membership pays for itself plus more services; or cheap 1 of the 3 Credit Bureaus
c) DON'T BUY THE INSURANCE--available free from govt remedies for the fastest growing crime; and only covers what the Service monitors = not all identity theft
IV. CAUTION RE PEOPLE IN YOUR HOME; AND IN PUBLIC USING YOUR CARDS/INFORMATION OUT OF YOUR SIGHT! (Check your receipts, too. Waiters change tips; and UPC scanners double-scan.)
Posted by:
Citellus
12 Sep 2017
I can not use credit at Target. I can avoid using Yahoo. I don't have to have a credit card from a hacked company. All after the fact, of course. But how can I possibly avoid Equifax having and giving out my information?
Posted by:
cal67
12 Sep 2017
Not surprising. As far as I am concerned Equifax crossed the line to sleazy outfit some time ago. I used to get regular emails from them at my work email offering to sell me data from their customers so that my company could target people by location, financial income demographic or many other identifiers. Of course they wouldn't give personal information, just lump them into a group and then give me their contact information. I blocked them as spammers. And yes, I did check to ensure it wasn't some spammer. Check out http://www.equifax.com/business/customer-segmentation/
Posted by:
GerryR
12 Sep 2017
Thanks Bob. This makes me feel that people should be able to change their SSNs but according to my lawyer brother whose specialty is Social Security Law that is not possible. Too bad the government isn't more flexible, but, in reality, the federal government has turned into a farce.
Posted by:
Duane
12 Sep 2017
Follow up on class action lawsuit. My daughter who works in the legal profession told me tonight that 23 lawsuits were filed today against EquiFax. Let the torts begin!
Posted by:
Duane
12 Sep 2017
Checked my wife's with her current surname and got "we believe your personal information was not impacted ..."
Tried it with her maiden name and got a "we believe that your personal information may have been impacted by this incident"
Be sure you check with all surnames - current and previous associated with your SSN.
Posted by:
sewlady
12 Sep 2017
Thanks to ladylibertea for info on AAA's offering. I've been a member around 40 years and didn't know about it. Just signed up for the ProtectMyId.
Thanks again.
Posted by:
Dean Forsyth
12 Sep 2017
Yes. Thank you LadyLiberTEA! Signing up for AAA ProtectMyID now.
Posted by:
Gary J. Rachuba
12 Sep 2017
I will be 70 years of age on my next birthday. I figured a couple years ago that I probably will not be seeking any major items requiring loans in my later years. Because of this I put a freeze on my credit reports for all three credit bureaus about three years ago. I check one credit bureau every four months and it has remained clear since I froze my accounts. The freeze has also cut way back on the amount of junk mail I receive.
Posted by:
Nightwish_Fan
12 Sep 2017
I have a question: If I freeze my credit reports, I understand I canNOT get any new credit. I get that part. But the part I don't understand is can I still get access to my Free (3) credit reports. You know, to see them and check them and make sure they are OK--Each one, once a year. Or are we blocked from doing that too? That part is unclear to me.
Great blog Bob. I always enjoy your newsletters.
And thanks to folks in advance for any advice you may have.
Posted by:
Chuck
13 Sep 2017
Just froze my wife's account and mine.
Don't think only the Christians have to worry about the mark of the beast.
Posted by:
Fatso
18 May 2021
Applied for annual report to Equifax. Got letter that name not registered. Next day got report. Name on front spelled wrong but details correct. Wife's request for report not answered. Made second request. Got reply name not listed. 2 days later got report and again her name misspelled but details correct.