XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Fri Jan 18, 2019 8:57 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 59 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: Equifax breach
PostPosted: Mon Sep 18, 2017 2:58 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 696
Seems there's little urgency about this since the news coverage of it seems relegated to
just the tech sections. I thought I'd bring it up, since we're so security minded !
Most friends and associates I mention this to seem to shrug their shoulders about it.

Brian Krebs has some very good info on the breach and a pretty thorough Q&A about it.
Starts here
and here
and the Q&A is here


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 3:29 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15378
Thanks for the additional info Jimcha.

I'm still confused though. :(


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 3:42 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
It was on all the news channels when it was first announced.
I also saw a ton about it online last week.

One of the best and most concise articles I read is this:
http://fortune.com/2017/09/08/equifax-what-to-do/

And a quick link to where you can find out if you've been impacted (may have been = yes):
https://trustedidpremier.com/eligibilit ... ility.html

From what I've read signing up for Equifax's monitoring is not the best idea - why give them even more data - and they might be bankrupt in the near future anyway.

We have credit monitoring through Experian and we put a fraud alert on our account there and they pass that along to the other 2 (required whenever and wherever you put this alert up - lasts for 90 days and then you have to re-up it). Credit/security freezing has a lot of pluses - and minuses - take care before you put one on - and if you put on one, you really should do all 3 - and the repercussions are steep.

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 4:12 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Best is to place security freezes at Equifax, Experian, TransUnion and lesser known Innovis. Also security alert or freeeze at ChexSystems, to prevent fraudulent avtivity at banks. Krebs has links. Equifax's TrustedID Premier free monitoring won't stop ID theft, but might help after the facr to give you an alert. Krebs says it won't at least cause any harm. I've signed up for that, but with 143 million beating down their door, there seem to be some errors and problems there. Maybe in a week or two if things begin to settle down I'll have a better idea.

Can't give link right now, but Krebs has a full rundown for what you should do. Could be Jimcha gave the link for that, but I'm writing from iPad, and too awkward to check that out right now. (I hate writing on iPad.) Krebs says that fraud alerts not as effective as full freezes. Oh, and Qualys gives TransUnion a grade of C for its encryption, so best to do that one by phone.

Here's link to Krebs after all

https://krebsonsecurity.com/2017/09/the ... ould-know/


Last edited by WZZZ on Mon Sep 18, 2017 4:27 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 4:27 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
The downside to a bad credit rating is I can't get a loan. The upside is thieves can't get one in my name either.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 6:02 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
One further thought, our financial advisor suggests checking "inquiries" weekly assuming you have credit monitoring set up.
Also set up monitoring to search for SS # and CC #s on the dark web.
FWIW one of us was "impacted" but we have very little exposure on Equifax - happened to have a credit report from them just before the breach - and a fraud alert ongoing thought that wouldn't stop the thieves.
If you know what equifax had before or now, it'll give you an idea of what you can lose.
If you haven't applied for a loan they don't have your driver's license (because of patriot's act) and they may not have a full SS number.
You can also alert your CC companies of your impact.

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 6:32 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
The only real protection from Equifax, if you're impacted, is to setup a credit freeze. The only thing the freeze does is stop you from taking out a new loan, applying for a credit card, etc. - things we shouldn't be doing very often. With your credit frozen thieves won't be able to do anything with your information and will quickly get discouraged from trying.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 7:01 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
MonkeyBoy wrote:
The only real protection from Equifax, if you're impacted, is to setup a credit freeze...

I don't trust Equifax to get anything right.

We have a monitoring, fraud alert, freeze etc approach - and we use a monitoring system via our brokerage account.

The "free" monitoring with Equifax is only for a year, but the impact of this will be much greater than a year - and equifax may not be around for that long - if you take their free trueidentity which you are encouraged to do by them after you check the impact on your data - you still need to consider doing something further after that free year. There is also a TU product that is free but I don't know anything about it other than that I've read some negative reviews of their free "credit lock" system (aka credit freeze lite)

Have you checked to see if you are impacted? If you have and the first report says "no" - check again - friends got a no, returned got a no - returned got a "may be" which is the closest they'll say to yes.

Equifax is supposed to be sending out letters to all impacted telling them what has been stolen, but I'm not expecting that any time soon - look at how long it took them to alert everyone to the breach in the first place.

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 7:26 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Quote:
Equifax is supposed to be sending out letters to all impacted telling them what has been stolen, but I'm not expecting that any time soon - look at how long it took them to alert everyone to the breach in the first place.

From what I've been reading, they're only contacting anyone by mail whose CC was stolen, around 209,000, not the full 143 million impacted.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 7:37 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 696
BDaqua - the Equifax breach compromised 143 million SSN's, birthdays, addresses, and possibly in some cases
drivers license numbers. It's serious, since all that info is all ID thieves need. Keys to the kingdom so to speak.
The links I imbedded in my initial post are all from Krebs site, with the last one, which Wzz reposted in full
being the most comprehensive although it needs some updating.

Mrs H - Anything that Equifax offers in the way of protection is insult to injury. That also applies to all the other credit monitoring
companies, I never consented that they could collect my personal info so that it could be sold. An I'm not giving them a dime
for any of their services.
Surfing their sites aren't on my top ten things to do with my morning coffee, but I wasn't surprised to
see all the other companies sites offer paid for protection if you were worried about the Equifax hack.

One of the issues I have with most other articles about the breach is that they're comparing it to other data breaches which to
me pale in comparison, Yahoo's breach for instance only exposed some of peoples data, but not their SSN's.
Equifax's breach was keys to the kingdom as I said before.
Reading Krebs other articles, the TrustedID site was a shambles when it first appeared and I'm not sure it it's even working correctly
now, when it first went live you could enter a made up name and number and it would still work. Not a huge comfort. And the wording
as you said is ambiguous ( "MAY" be affected ).

I have to love how two technology officers at Equifax "retired" recently. :roll:
https://arstechnica.com/tech-policy/201 ... ty-breach/



.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Sep 18, 2017 7:38 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 696
WZZZ wrote:
Quote:
Equifax is supposed to be sending out letters to all impacted telling them what has been stolen, but I'm not expecting that any time soon - look at how long it took them to alert everyone to the breach in the first place.

From what I've been reading, they're only contacting anyone by mail whose CC was stolen, around 209,000, not the full 143 million impacted.


Wzzz is right the mailing is just for the CC number taken during the breach.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 6:22 am 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
jimcha wrote:
...
Mrs H - Anything that Equifax offers in the way of protection is insult to injury. That also applies to all the other credit monitoring
companies, I never consented that they could collect my personal info so that it could be sold. An I'm not giving them a dime
for any of their services.


I hope I didn't make it sound like we had Equifax protection - nor that we would think to sign up for it.
Our monitoring program comes from our brokerage account and it is free. If it can tell me that my SS #, or CC #s are out there in the dark web then that's something I'd like to know. I don't exactly know where I'd go from there other than to request a change to the numbers.
You are absolutely right - who gave them the right to harvest all this info about each of us in the first place? And why can't they take better care of it?

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 6:26 am 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
jimcha wrote:
WZZZ wrote:
Quote:
Equifax is supposed to be sending out letters to all impacted telling them what has been stolen, but I'm not expecting that any time soon - look at how long it took them to alert everyone to the breach in the first place.

From what I've been reading, they're only contacting anyone by mail whose CC was stolen, around 209,000, not the full 143 million impacted.


Wzzz is right the mailing is just for the CC number taken during the breach.

Thanks both, I do remember reading that.

Of all the numbers stolen, I actually am not as concerned about CC #s as about SS# combined with an address.
A CC# can be changed easily - and you are only liable for the first $50 (our cards are covered for everything no risk even of a $50 fraudulent charge)

$1 million insurance for identity theft is included in a lot of homeowner's policies (and it's also part of our monitoring coverage), I'd just dread having to get involved in the nuisance and trouble involved with all of that.

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 10:01 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
The current theory is that the table they compromised to get the CC numbers were related to people who signed up for Equifax's credit monitoring services.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 1:19 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
MonkeyBoy wrote:
The current theory is that the table they compromised to get the CC numbers were related to people who signed up for Equifax's credit monitoring services.

Well that leaves us out :D ! Nice to know how well they took care of the folks who paid them to monitor their info.

So it's either SS #, birthday, or address (or all 3) compromised. Thanks, Equifax.

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 2:14 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 696
I read that also, that the CC breach was related to people signing up for Equifax's monitoring service.
But it's still a theory, until it's confirmed.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 3:19 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
It would neatly explain the smaller number of affected people.

I doubt we'll ever really know without some kind of criminal probe and even then it would likely end up in sealed records. You know, for national security or trade secret reasons.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 6:55 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15378
I'm too poor to have credit at all, so I guess I shouldn't worry too much?


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Tue Sep 19, 2017 8:04 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 696
BDAqua wrote:
I'm too poor to have credit at all, so I guess I shouldn't worry too much?


Do you have a social security number ?
If you do then I would worry, a lot or a little is up to you, being poor or rich has no bearing on ID theft
nor is having lousy credit. Unlike a CC number the government can't just issue you a new SSN #.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Wed Sep 20, 2017 7:43 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15378
Thanks.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Wed Sep 20, 2017 3:44 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Bad credit will stop thieves from opening new lines of credit in your name, since they'll get denied for the same reason as you would. A credit freeze is still a good idea because thieves aren't exactly the most rational of people... spend three weeks trying to scam money in your name, only gets $100 out of it, thief considers that a win. Could have earned a lot more at a minimum wage job for all that time.

Actually you can get issued a new SSN in the event of ID theft but it's ridiculously complicated and requires court time, legal fees, etc. - I think you have to prove to a federal judge that you need a new SSN. Of course given the scope of the Equifax breach I doubt there's enough SSNs available to issue us all new SSNs.

This rabbit hole is getting pretty deep.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Thu Sep 21, 2017 6:01 am 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
MonkeyBoy wrote:
...Of course given the scope of the Equifax breach I doubt there's enough SSNs available to issue us all new SSNs.

This rabbit hole is getting pretty deep.

And of course every time you take out your Medicare card at the pharmacy or hospital, you are subject to someone grabbing that number... (We erased and rubbed out some of the numbers on the card for that very reason)

I can't remember where I read this but I read somewhere (before this administration got hold of everything good and turned it around) that they (whoever they are) were thinking of issuing new Medicare numbers to everyone - numbers not linked to SS#. That way there will be 2 numbers out there for the thieves to get...

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Thu Sep 21, 2017 6:09 am 
Offline
User avatar

Joined: Mon Sep 14, 2009 8:51 pm
Posts: 559
Location: Minnesota, USA
I thought I was hearing on the radio that you have to pay for a credit freeze (among all the other disadvantages).


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Thu Sep 21, 2017 12:34 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
Limnos wrote:
I thought I was hearing on the radio that you have to pay for a credit freeze (among all the other disadvantages).

Indeed you do - and to lift it - and to reinstate it.

The prices are by state - there are charts out there telling you what they are.
(We've gotten mixed advice on what to do about this from different financial advisors.)

_________________
Mrs H


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Thu Sep 21, 2017 12:37 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 2222
Here's one place you can check the rates by state - I've also seen it simpler in pdf form but I couldn't put my hands on it again:
http://www.experian.com/news/security-freeze.html

_________________
Mrs H


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 59 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group