Equifax Hack

[BLACK BART]

On ‎9‎/‎8‎/‎2017 at 12:18 PM, Catherine said:

WARNING for anyone who is thinking of signing up for the Equifax "TrustedID Premier" service.  If you agree to it, you are WAIVING your right ever to sue Equifax.

Whether it's waived or not, I wouldn't be counting on ever receiving anything substantial from them in a class action lawsuit (not sure about individual lawsuits). 

I used to play the market quite a bit and over the years was involved in several class action suits (American Express, Red Hat, eMachines, Amazon (no, I didn't keep that last one-I knew it would never get past $34). 

Anyway, those things are a lawyer's dream - they typically sue the companies for $25-50-100 million; name 2 to 5 people as "token plaintiffs," and pay them about $5K each.  A very small portion goes to the actual injured parties (you), and the lawyers keep the remaining lion's share (many millions).  One (filing against American Express, I think) even gouged with the stipulation that they (the lawyers) were also to receive a minimum of $2.5M for "mailing and handling" with the reservation that they must be reimbursed if such cost exceeded that amout and noting that they "expected it would." 

While I don't remember my check amounts received exactly, I believe they ranged from about $5 to $75 each.

[Lee B]

Bart, I agree that is usually what happens, although I did receive $ 4,900 from a class action lawsuit against Charles Schwab.

[SaraEA]

Equifax had an earlier breach in March, and according to the Wall St Journal the top executives sold tons of stock then too.  This one was only announced to "customers," i.e., certain financial institutions that use their reports, not to the public.  It's beginning to look like the SEC is the one who is going to nail them, and then consumers will get much of the fines.  The class action lawyers will have to stand in line.

Joining a class action now is premature in my opinion.  Equifax still isn't sure (or isn't identifying) the consumers whose data were stolen.  Eventually they will have to send letters to all those millions of people.  (USPS should have a banner year.) Their website that supposedly informs you if you are among the victims isn't functional--people have gone in three different times and gotten different answers.  Some have entered random letters for their name and all zeros for the SS#s and learned they were hacked.  As of today none of us really knows if we are among the injured.

[Lee B]

One of the executives who sold his stock  and then had the audacity to claim he knew nothing was the Equifax CFO. #*#*#*#*

 

[jklcpa]

In one of the Equifax's latest missteps, on Monday night the company sent out a tweet with what was supposed to be a link to their page where people could sign up for the free year of credit monitoring. Instead of sending out the correct page, it tweeted a link to a phishing site.

Quote

Errant Equifax tweet sends breach victims to site flagged for phishing

By Joe Uchill - 09/20/17 01:08 PM EDT

 

 

 

 

Beleaguered credit agency Equifax tweeted a link to a would-be phishing site to a victim of its massive breach rather than the breach information site it intended.

The exchange happened Monday evening when a current customer of Equifax's credit monitoring service TrustedID asked if he could cancel that subscription in exchange for the free year of TrustedID offered to victims.

"Hi! For more information about the product and enrollment, please visit: [the url of the fake site] -Tim," tweeted Equifax from its official account.

Equifax apparently intended to send a link to equifaxsecurity2017.com, the site with information on how to sign up for TrustedID. Instead, the tweet rewrote equifaxsecurity2017 as securityequifax2017. 

The securityequifax2017 web address had already been registered by security researcher Nick Sweeting, who scooped up the site to prevent a scam artist from using it to trick potential victims into entering their information, thinking they were communicating with Equifax.

Experts typically suggest that companies host sites like equifaxsecurity2017.com under their domain names — in this case, equifax.com — to assure users they are not giving information to a fake site.

The tweet stayed up into Wednesday, but by Wednesday afternoon the incorrect tweet had been taken down and Equifax issued a statement apologizing for the incident.

“All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017 . com . We apologize for the confusion," Equifax said.

 

Updated: 4:47 p.m.

 

Edited September 21, 2017 by jklcpa
removed links

[Lee B]

Actually, I read a story about the creation of the site.

The site was deliberately created by a software engineer the day the news of the hack was first announced.

He then inserted the link to his fake site into Equifax's tweet as an object lesson of how easy it is hack a company like Equifax.

 According to the creator, the fake site was just a dummy, which didn't collect or save any information. 

Very funny, I really needed a chuckle at that moment !  

[Roberts]

If you waive the Equifax lawsuit right you aren't just waiving your claim, you are reducing the financial punishment Equifax will be given. If everyone followed that through process, Equifax would be able to avoid most of their punishment. Plus by signing up to their free service, you'll be bombarded with advertisements from them in a year to renew or risk being hacked.

 

[Lion EA]

Equifax has made it clear in print on their site that you do NOT waive your right to sue.  I still think the're sleazeballs, but the public outcry or states attorneys general or both made them remove the waiver and state their new offer.

[Lee B]

Perhaps this should be a separate topic ?

The SEC announced today that they recently discovered that their database containing sensitive corporate information which could have used to generate insider trading profits

was hacked back in 2016. 

So here we all are being bounced around like ping pong balls in a game we can't see by unknown players waiting for our number to come up like a reverse lottery.

Any thoughts that we as individuals have control are sadly probably delusional .

[SaraEA]

Today I put freezes on the credit histories of both me and my husb. No problems at all--all three major sites worked smoothly and no delays (haven't done Innovis yet--got weary of the process; tomorrow is another day).  So for anyone who hasn't done so yet, the overload problems seem to have been corrected.

I also contacted our Senator, who has been a dedicated consumer watchdog for decades and seems to have carried on as such in the US Senate.  Asked him where he was in all this--it's his bailiwick after all.  Also asked him to encourage IRS to issue IP PINs to everyone who requests one because to date Equifax still has not notified those who were victims and tax season is just a few months away.  The website that is supposed to tell people if they're among the victims is not functional but gives random answers.  Asked him to demand that they notify actual victims because everyone is sitting on pins and needles.  Oh, and to see what he can do to put the company out of business.  Surely they've broken enough laws to forfeit the right to operate.

I delayed instituting the freezes because we were shopping our auto and home insurances.  One place I called was highly rated Amica.  I asked which credit reporting bureau they used and they said Equifax.  I said I wouldn't do business with a company that pays Equifax to not take security of our data seriously.  Perhaps this is the only way to take them down--encourage their customers to leave.

I read today that hackers are targeting SIM cards in phones.  Once they get that they can have emails and two-factor identification notices sent to them, so these supposed extra layers of security can be useless.  The internet as we know it has got to change....

[Lee B]

The chairs of the  committees in Congress that have oversight in this area have supposedly already signaled to the financial industry that no new laws will forthcoming

and that "business as usual will continue".  I am afraid that will will have to look the attorney generals of states like California and New York for any action and redress. Sad !