Equifax hacked, 140+ million Americans' info stolen

[civvver]

https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html?mcubz=1

I'm speechless quite frankly. Just can't believe how a company with no opt out (if applying for a loan or credit) for storing your information can allow this to happen.

I'm not usually paranoid about these things like when target got hacked etc, cus it's usually limited to address and credit card numbers. Disputing charges on credit cards is super easy both to monitor and to resolve. Monitoring your credit is not easy. I'm on one credit report site but they only show you two reports and pull monthly. Monthly is lots of time to do lots of damage.

Also concerned they might be able to access your bank account with this info. Most banks use a simple two factor authentication, so if you have a cell phone and it's the phone number in equifax, the hackers just have to spoof your phone or steal your number to gain access. I might remove my phone number and setup an email only for my bank. That might be the best course. Email is probably much easier to hack than a phone but a new email account only for bank would be unknown to the hackers.

I guess the only solace is knowing it's a huge number of people who are affected and hackers don't have time to steal everyone's identity so it's a numbers game. Probably ok in the meantime.

 

[Zelig]

Was really only a matter of time, the credit bureaus are all clowns when it comes to security.

And places with good 2FA don't use SMS for it, the NIST pulled their recommendation for that over a year ago: https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

 

[Kyriakos]

Mr Robot is real.

 

[schlaufuchs]

Was really only a matter of time, the credit bureaus are all clowns when it comes to security.

And places with good 2FA don't use SMS for it, the NIST pulled their recommendation for that over a year ago: https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

What do they recommend using instead?

 

[civvver]

Well most banks still do. Mine will email or text a code when logging on from a new ip.

 

[Zelig]

What do they recommend using instead?

An app like Google Authenticator or Authy, or a disconnected token generator like an RSA SecurID token.

 

[civvver]

So what do you think we should do zelig? Put a credit freeze and change the two factor auth on our bank accounts?

I'm a little skeptical about doing a credit freeze cus couldn't the identity thieves just unfreeze it if they have all your info?

Also do you think the public is overreacting or under reacting? What do you think the chances are of having your identity stolen as a result of this? Certainly it's a ton higher but 1 person out of 143 million is still not that likely of being sold and actually used to open accounts?

 

[Zelig]

Do nothing, sue companies if it causes problems.

Are you an Equifax breach victim? You could give up right to sue to find out

 

[civvver]

Yeah right, if the settlement is like 200 million lawyers will get 20 or so and average consumer will get like $2 after filling out a bunch of arduous paperwork. Class action suits are good for making companies think twice, and good for lining lawyers' pockets, but not that good at giving the class action patrons actual damages.

And anyway I wasn't suggesting signing up for the equifax offer, though I did enter my number to see if I was affected, but I didn't proceed any further. I would rather sign up for my own independent service.

 

[Synobun]

A 200 million settlement seems too low given the size and reach of Equifax. But you are right that the actual financial reward to the victim would be very little... the idea here is to force the company into being better. A (successful) class action lawsuit bears a lot of publicity and a lot of pressure.

 

[Perfection]

Does this mean we can see Trumps credit report?

 

[Zelig]

https://twitter.com/webster/status/906346071210778625

Like I said, clowns.

 

[civvver]

Yes I saw that too, it's a total joke. I'm not sure I'm going to even bother freezing with equifax until that mess is fixed.

 

[hobbsyoyo]

I cannot understand why the majority of people are completely ok with companies having virtually unlimited ability to collect, store, sell and have stolen so much personal data yet will freak out for anything the government does that can be in any way be construed as a privacy issue. The very idea of national ID cards gets people in the US up in arms but they're totes mgotes cool with every software service ever forcing them to give up their privacy as part of the ToS.

 

[rah]

I went to their site and was happy to discover that I was not one who's information was hacked.
But it was ironic that I had to give them some personal information for them to be able to tell me that

 

[Zelig]

I cannot understand why the majority of people are completely ok with companies having virtually unlimited ability to collect, store, sell and have stolen so much personal data yet will freak out for anything the government does that can be in any way be construed as a privacy issue. The very idea of national ID cards gets people in the US up in arms but they're totes mgotes cool with every software service ever forcing them to give up their privacy as part of the ToS.

I don't read terms of service, and assume that most of them aren't actually valid - if any problems come up I'll just sue them in local small claims.

(Not that you shouldn't also prioritize products and services from companies who care about your privacy.)

 

[civvver]

I cannot understand why the majority of people are completely ok with companies having virtually unlimited ability to collect, store, sell and have stolen so much personal data yet will freak out for anything the government does that can be in any way be construed as a privacy issue. The very idea of national ID cards gets people in the US up in arms but they're totes mgotes cool with every software service ever forcing them to give up their privacy as part of the ToS.

It's just we don't have a choice in this matter. Many people do try to protect their data when they have the option, but if you want any kind of loan these credit companies have your info. I get some people say use all cash, no credit cards, buy cars with cash etc, but very few can actually buy a home with cash so it's just not realistic. Plus even phone and cable companies these days do credit checks on you or require huge security deposits.

It's the politicians and regulators letting these guys get away with it that's the issue.

Hopefully what we'll see is enormous fines against equifax and new standards for security which are enforced.

 

[Zelig]

Well I don't like real estate an an asset class, and was fortunate that I didn't need loans for schooling, so I don't foresee ever needing a loan.

 

[Broken_Erika]

I'm confident Equifax will respond to this by upgrading to Norton Internet Security 2010.

 

[civvver]

Well I don't like real estate an an asset class, and was fortunate that I didn't need loans for schooling, so I don't foresee ever needing a loan.

Good for you. Millions of other people prefer to buy homes rather than rent anything.