Equifax Announces 143 Million U.S. Consumers Info Potentially Comprised

[Pib]

You may want to check Equifax's website of www.equifaxsecurity2017.com see if your  personal info was possibly comprised and signup for 1 free year of credit monitoring whether comprised or not.   Right now it impacts mostly Americans and a limited number of Canadian and UK consumers.

 

I checked to see if my wife's or my info was possibly compromised and it said No.  But I'm still going to sign up for the free one year credit monitoring (for Americans only at this time) of your credit reports at the 3 major credit reporting agencies of Equifax, Experian and Transunion.  Yes, yes,  I know other companies already do that for free or a low cost (or sometimes a high  cost) but I figure one more source of free credit monitoring can't hurt.

 

https://www.equifaxsecurity2017.com/

Partial Quote Below....go to above website and news websites for more info.   

 

Quote

 

September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

 

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

 

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

 

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.

In addition to the website, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. Equifax also is in the process of contacting U.S. state and federal regulators and has sent written notifications to all U.S. state attorneys general, which includes Equifax contact information for regulator inquiries.

Equifax has engaged a leading, independent cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.

CEO Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”

 

 

[CaptHaddock]

However, the fine print on the "free" offer from Equifax specifies that by signing up you waive your right to sue them which would include becoming a member of a class action suit.

 

A better approach is to freeze your credit at all three bureaus so that new accounts cannot be opened in your name. 

[inThailand]

We are in a world where personal data is a very valuable and sellable commodity. IMO you cannot trust any company to keep your data confidential. 

[Pib]

And it goes beyond just companies get hacked and losing personal data; even government agencies get hacked like the U.S. Office of Personnel Management (OPM) personal info data loss a few years ago affecting over 20M people...once again the OPM gave free credit monitoring for X-amount of time. 

 

Excuse me, I didn't mean "hacked;" I meant a "cyber security incident" as the phrase cyber security incident doesn't sound so bad....sounds like a  minor fender-bender accident, a whoops, etc. 

[dabhand]

The lawyers must be lining up for this one. Not only did Equifax delay informing their customers of the hack, some of their top management sold large chunks of shares before the news was released. This includes their CFO who must have been informed of the issue. If he wasn't informed then he needs to go anyway for not having systems in place that ensure he is updated immediately any major financial risk incident is discovered.

 

https://www.cnbc.com/2017/09/07/equifax-cyberattack-three-executives-sold-shares-worth-nearly-2-million-days-after-data-breach.html 

The fillings showed that the trio – Chief Financial Officer John Gamble Jr., workforce solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran – offloaded the shares on August 1 and August 2.

Equifax said on Thursday it discovered a data breach on July 29. The credit reporting firm said the exposed data included names, birth dates, Social Security numbers, addresses and some driver's licence numbers.

[Pib]

Almost all of the recent major data breaches were not announced until months or years after they occurred....responsible individuals/executives too busy "covering their tracks" before reluctantly making public notice (probably because they knew it couldn't be kept under wraps anymore).

[observer90210]

No big deal, considering that highly sensitive national security entities like the Pentagon or the US Army have been hacked..sorry breached...this issue seems child play for bedroom hackers!!

[Pib]

I tried to sign up today for the Equifax 1 year free monitoring but it only accepts U.S. physical addresses; it does not accept APO/FPO (military) or foreign addresses.  I guess I could have entered a relative's U.S. physical address or one of my past U.S. addresses but I didn't want to go down that road due to possible issues. 

 

So, if you are an American which happens to be living outside the U.S. right now with a non-U.S. physical address (i.e., physically living on U.S.property somewhere) and want to use your actual, outside the U.S. address you can't signup online.   That's one way to cut Equifax cost in providing 1 year credit monitoring coverage.

 

They did have a 1800 number you can call with questions/for assistance.  I may give that number a ring just to bend their ear that some Americans do live outside the U.S. like  active duty military/civil service assigned overseas, military retirees with an APO address, just Americans now living in places like Thailand with a foreign address.  

[OJAS]

400,000 UK customers are also affected:-

 

http://news.sky.com/story/equifax-hacking-breach-risks-data-of-400000-uk-customers-11037775

 

[gk10002000]

On 9/7/2017 at 11:11 PM, Pib said:

You may want to check Equifax's website of www.equifaxsecurity2017.com see if your  personal info was possibly comprised and signup for 1 free year of credit monitoring whether comprised or not.   Right now it impacts mostly Americans and a limited number of Canadian and UK consumers.

 

I checked to see if my wife's or my info was possibly compromised and it said No.  But I'm still going to sign up for the free one year credit monitoring (for Americans only at this time) of your credit reports at the 3 major credit reporting agencies of Equifax, Experian and Transunion.  Yes, yes,  I know other companies already do that for free or a low cost (or sometimes a high  cost) but I figure one more source of free credit monitoring can't hurt.

 

https://www.equifaxsecurity2017.com/

Partial Quote Below....go to above website and news websites for more info.   

 

 

Just saying that entering your last name and then last 6 digits of your social security number is a lot of personal information.  And when you enroll you give out more information to a site(s) and a company that already has not maintained things very well.  I did start the enrollment and it said: "Based on the information provided, we believe that your personal information may have been impacted by this incident. " Well, I am over 60 and much of my personal information is all over the place due to the number of direct jobs, contract employers I have had, online purchases, several banks and financial institutions, various credit cards companies, State unemployment agencies, car insurance and medical insurance companies, and so much more, I don't see that a little credit information being available is a big hassle.  If some weird case of identity theft happens, well, so be it.  I will deal with that when it happens.

[JLCrab]

I signed up for the free Equifax service. When they got back to me in about week with a link to complete the application, I clicked on the link and it said:

-- Website is not accessible from your country.

BTW from what I have read, the Equifax site was hacked through an Apache bug in the software used to dispute items in one's credit report. So those are the people -- about 200,000 -- who have entered data into that program who are most at risk.

Edited September 19, 2017 by JLCrab

[Pib]

3 hours ago, JLCrab said:

I signed up for the free Equifax service. When they got back to me in about week with a link to complete the application, I clicked on the link and it said:

-- Website is not accessible from your country.

BTW from what I have read, the Equifax site was hacked through an Apache bug in the software used to dispute items in one's credit report. So those are the people -- about 200,000 -- who have entered data into that program who are most at risk.

Yeap, appears Thailand IP addresses are now blocked....was not blocked when I attempted signup a few days ago and ran into you must have a U.S. physical address to signup...their system was not setup to accept a military APO/FPO or foreign address like for U.S. folks now living outside the U.S. like in Thailand and wanted to use their outside the U.S. address.

[Pib]

And I just tried a VPN connection to the U.S. west coast and reached the site no problem....but to signup you still need to have a U.S. physical address.  

[JLCrab]

I prefer not to use a VPN. If there is no physical address on any of your accounts (as all my accounts were established before moving to Thailand so all they have now is a non-physical address in USA) then any one who fraudulently obtained your data would have a hard time setting up new accounts without a physical address.

Edited September 20, 2017 by JLCrab

[JLCrab]

BTW I tried to apply for a credit freeze at Experian. Based upon the info I provided, they replied that they would need a criminal background check.

[Jingthing]

Oh, balls! 

I procrastinated hoping for the best and just found out I'm one of the many many millions possibly effected.

 

Now what to do?

 

To use their "free" one year monitoring of all three agencies you need a U.S. mobile number.

 

But forgetting that, this advice seems pretty good.

Not sure how practical to do for expats and yes I reckon you need to use U.S. logins.

 

Freeze, don't lock!

Worth a look for all Americans because if you're not effected easily half the Americans you know are.

 

https://culturess.com/2017/10/16/john-oliver-talks-equifax-credit-reports-last-week-tonight/

 

Why care?

 

"A breach of your social security number can have significant lifelong consequences for you and the people you care about. For example, a criminal can use someone’s Social Security number to open up credit card accounts, buy homes, open bank accounts, start a job and even claim your own children as dependents."

Edited October 20, 2017 by Jingthing