Jump to content
ATX Community

Equifax Hack


Lee B

Recommended Posts

2 hours ago, Lynn EA USTCP in Louisiana said:

Roberts, how did you do the freeze on your accounts?  I tried to do that and it would not process without a credit card #.

 

As far as I know it goes by the state you're in.  I think it was free in MA when I placed mine a few years ago..  I did one for my friend in FL and I think it was $5.

Link to comment
Share on other sites

1 hour ago, cbslee said:

Yes, it's not free, you have to give them a debit or credit card and you have to go all three services.

 

 

Just like "security" software which keeps pushing out "false positives" as a not so subtle reminder they are "protecting" you, so you will renew.  Theft out of my pocket, as we hear often from someone who gets a false positive, stating they were going to order, but cannot trust us, when the actual problem is the user not keeping their "security" software current, or the "security" software simply being wrong (for a profit).

Thank goodness there are now many free "security" programs (they really are not, they really just serve as a backup should you do something you should not), which are far more accurate than the paid offerings.  VirusTotal is also a good way to quickly check something against the day's current security signatures en masse.

As awful as identity theft is, if one is prepared, it is not really a life changer.  Not easy to deal with, but it can be dealt with (not defending the error, just making a point).  One of our kids has a VERY common name, and has many incorrect items shown on a credit report.  He deals with it as needed, without constant worry.  In face to face needs of credit (renting an apartment for example), the other party can fairly easily see and understand the problem.  The "instant" online machine generated approvals, not so much, but that can be a good thing, since those items are usually high interest types of credit.

To go even further, without getting into all the details, I know of a few folks who have been issued a new SSN (for reasons not including identity theft), which is WAY more trouble than incorrect credit reporting.

  • Like 1
Link to comment
Share on other sites

Definitely check the fees in your state.  CT allows a $10 fee to impose and to lift a freeze, but both are free to folks age 62 or older.  Not that it can do much good because the crooks have the data they need to pretend to be you.  Since all the credit reporting agencies have essentially the same data on us, a breach at one of them is as good as hacking all of them.

The real scary part is that crooks now have enough data on half of us to become us.  They can move to Idaho, use our name, get a job, vote, get a cell phone, rent an apartment, get a bank account and credit cards, rob banks, sell drugs, kill someone--all in your good name.  A freeze can't fix it.  The world as we know it will have to change.  IRS will have to issue everyone an IP PIN; lenders will have to verify applicants' identities in person; no more security questions about prior addresses or mortgage payment amounts--the answers are all out there now.  This will be costly for the gov't and businesses that rely on credit scores. This company needs to close.  There will never be enough money to pay for the damage done.

  • Like 1
Link to comment
Share on other sites

According to this article, Equifax knew about the software flaw, but also knew that there was a software patch available well before the hack started and did nothing.

Equifax is not only greedy, it is stupid and incompetent and doesn't care that identity theft cost Americans 16 Billion Dollars last year !

The CEO and other officials should be prosecuted to the full extent of the law !

 

NEW YORK (AP) -- Credit agency Equifax traced the theft of sensitive information about 143 million Americans to a software flaw that could have been fixed well before the burglary occurred, further undermining its credibility as the guardian of personal data that can easily be used for identity theft.

Equifax identified a weakness in an open-source software package called Apache Struts as the technological crack that allowed hackers to heist Social Security numbers, birthdates, addresses and full legal names from a massive database maintained primarily for lenders.

SECURITY FOR DUMMIES

    The patch was released shortly afterward. Equifax said the database intrusion began in May and continued until July.

Security experts said Equifax had more than enough opportunity to block intruders by sealing the security hole. "There is no excuse for not following basic cybersecurity hygiene," said Nate Fick, CEO of the security firm Endgame. "Some heads should definitely roll for this; it's only a question of how many."

The company didn't respond to inquiries on Thursday

Link to comment
Share on other sites

Quote

There is no excuse for not following basic cybersecurity hygiene

This really can't be emphasized enough.  I have seen so many websites and servers get hacked due people being lax about applying security patches--it is by far the most common way for an internet connected system to be compromised, and the easiest to avoid.

  • Like 1
Link to comment
Share on other sites

Sara touched on the computer-based security questions in her post above, and today a friend ran into this situation when trying to place a freeze and get her free credit report.  These tasks are going to be especially hard for some women who have changed their name recently.  Below is my friend's real-life example that happened this morning.

Her background:  Divorced and changed her name back to maiden name a year or two ago, bought a new house this year and moved in so her address has changed.

She can't get passed the security question of "which person do you know that lives, or lived, at [insert address she lived at ~ 15 years ago].  She picked "none of the above" and thinks possibly that there is a person somewhere with the same last name that she doesn't know and that the computer is matching with that really old address.  Now she is being instructed to send in her SS card, DL, and a utility bill by U.S. mail.

How much more insecure and a PITA can they make this?

I also agree with Sara that IRS should be issuing IP PINs to everyone as an added form of i.d. in order to file returns, or some other form of i.d. that must match up before processing the returns.

This is going to be a nightmare for a looooooooooooooong time.

  • Like 1
Link to comment
Share on other sites

Is it just a coincidence that the IRS are holding -- now -- a webinar such as this?

IRS will host an Individual Taxpayer Identification Number (ITIN) Process webinar on Wednesday, Sept. 20 from 1- 2:30 p.m. EDT. Those interested in attending the ITIN Process Webinar can register via the ITIN Process Webinar Registration Page.

 

Link to comment
Share on other sites

NEW YORK — Equifax says its chief information officer and chief security officer are leaving the company, following the enormous breach of 143 million Americans' personal information.

The credit data company said Friday that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring from Equifax immediately. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receivEquifax disclosed last week that hackers accessed or stole the Social Security numbers, birthdates and other information. It also presented Friday a litany of security efforts it made after noticing suspicious network traffic on July 29. It said it believes the access occurred from May 13 through July 30.

You couldn't make this up - the Chief Security Officer was music major in college .:angry:

Link to comment
Share on other sites

I read some comments about the music major news on Marketwatch and the Wall St Journal.  Many people chimed in that music majors are adept at IT because the skills required for things like tone sequencing and sound wave lengths translate easily to IT.  Several commented that they work in IT and some of their most adept coworkers have music degrees.  Go figure.  The person at Equifax was actually the head of security, so her job was to manage the department staffed hopefully with security experts, but one would like to think she knew something about security in addition to management.  Rumors are that encryption was not in use and that a security patch was not applied.  Apparently that was a platform patch so wasn't as easy as downloading.  I'm not making excuses for them, and I am shocked out of my mind that there was no encryption.  WHAT?  You have sensitive financial data on much of the population and didn't want to pay a token amount for encryption software?  That's how Blue Cross got hacked--weren't you paying attention?

I read today that Equifax didn't have much insurance.  Coupled with their assets on hand, there's only enough for each of us to get less than $10, before attorney fees.  Some states have laws that they have to pay upwards of $200 per incident, but there is simply not enough to do that.  All the executives and the entire board should have to return all the millions they were paid over the years to go into the injury pot.

Anyone have any news on how imposing credit freezes is going at all three major credit bureaus? I keep reading about the system overloads and don't want to waste my time if it won't work.  By the way, there's a forth one, Innovis, where we should all put a freeze at as well.

  • Thanks 1
Link to comment
Share on other sites

Well, here are some things about Susan Maudlin that were scrubbed from her LinkedIn profile that she or the company tried to scrub from the record. Yay(!) for screenshots.  Youtube videos were also taken down, but the Zero Hedge blog page linked below has a link to the transcript of one interview that is worth reading for her thoughts on security and the use of the cloud. Then there are her comments that are quoted of her thoughts on  recruiting security personnel.

http://www.zerohedge.com/news/2017-09-15/another-equifax-coverup-did-company-scrub-its-chief-security-officer-was-music-major

  • Thanks 1
Link to comment
Share on other sites

This is probably not related to Equifax, but last week my wife got a phone message to call the number on back of her MasterCard and was told she will be getting a new card due to a possible compromise.  Then this morning I have an email from Discover card saying they will be sending me a new card due to an external breach and my card may have been compromised.  This happened to my wife last year too, possibly from use in a large retail outlet, she was there again recently.

I think it's time we go to eyeball or thumbprint recognition.  My brokerage uses voice recognition, which is immediate when I call.  Must be easy for them as there is no mistaking my distinctive Brooklyn accent.

Thanks Sara EA, I just found out about Innovis (they must be really new, it comes up on spellcheck, Equifax doesn't).

  • Like 1
Link to comment
Share on other sites

Under heavy pressure, Equifax has decided to waive the fees for freezing your credit.

Of course they still insist that the 3 officers that sold Equifax stock had no idea about the hack which was announced 2 days later. LOL

Unfortunately even if you freeze your credit, they can still sell and make huge profits with your personal info to other financial firms.

Link to comment
Share on other sites

Sorry, missed the messages to me. Equifax is waiving the fee and so is Innovis if you are inclined to put a freeze over there as well.

For the wife and I it was $20 total - not horrific. The fees are set at the state level.

Financial crimes rarely end in prison terms. I don't know of a single mortgage broker or investment banker that went to prison for mortgage fraud. Equifax and their investors will pay a substantial fine, all the key people will quit and move to other companies doing the same work and it'll all be forgotten from their end as we deal with this for the next couple of decades.

Keep those pin numbers in case you ever need to suspend the freeze. We have no debt but might be buying a condo in a year so I'm a little concerned we might need a bridge loan as we sell the rest of our property to pay for it. I wonder if the loan companies tell you which company to unfreeze so they can check your credit.

Link to comment
Share on other sites

I've had to unfreeze to add one of our kids to our cell's family plan, to get some dental work done, etc.,  I ask who they use.  Sometimes they have to call corporate, but I've always gotten it.  I do a temporary unfreeze online for that agency only, you have a few options, at no cost and account is automatically refrozen at no cost.

Freezes are often free for senior citizens and anyone who was a victim of identity theft.  A few states allow charges of $10; CT does and I think PA.  A few states do not allow charges at all.  And, the rest allow charges from about $3 to about $6.

Consumer radio talk show host Clark Howard's web pages:

http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/

http://clark.com/personal-finance-credit/equifax-free-credit-monitoring-data-breach-dont-sign-up/

For those who don't click on links, Clark Howard has changed the name of his website to Clark.com, so start on his homepage and search for the topics that interest you.

 

  • Like 2
Link to comment
Share on other sites

An excerpt from an long article by Bloomberg News:

"In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company's outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it's not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public "

Now it turns out that the same intruders hacked Equifax back in March and they never disclosed or acknowledged the hack.

In addition they chose not to implement the software patch that they knew would fix the problem.

This company deserves the death sentence !

 

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...