Suggestions for personal action on the equifax breach
- Executioner
- Life Member
- Posts: 10133
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Suggestions for personal action on the equifax breach
Man this just gets better. Maybe it's time for a reset to the Matrix. If a hospital or any company in the medical field lost this same info (full names, Addr, SSN, DOB), they would be fined into oblivion for HIPAA violations. Yet, because it's a financial company that leaked the exact same data, they are not subject to the same regulations
Krebs on Security warns that Experian has made it easy for anyone to request the PIN needed to unlock a previously frozen credit file: some of the “hurdles” merely involve knowing the person’s name, address, date of birth, and social security number, all of which have been jeopardized in countless breaches. There is additional authorization in the form of challenge questions, but the answers to these are now indexed or exposed by search engines, social networks, and third-party services online — both criminal and commercial.
https://krebsonsecurity.com/2017/09/exp ... reeze-pin/
Krebs on Security warns that Experian has made it easy for anyone to request the PIN needed to unlock a previously frozen credit file: some of the “hurdles” merely involve knowing the person’s name, address, date of birth, and social security number, all of which have been jeopardized in countless breaches. There is additional authorization in the form of challenge questions, but the answers to these are now indexed or exposed by search engines, social networks, and third-party services online — both criminal and commercial.
https://krebsonsecurity.com/2017/09/exp ... reeze-pin/
Re: Suggestions for personal action on the equifax breach
I went to Experian site and it said it could not provide me w/PIN # with the information I provided (wth?), and instead I have to mail them or call.
Last edited by darcy on Sat Sep 23, 2017 4:23 pm, edited 1 time in total.
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
- FlyingPenguin
- Flightless Bird
- Posts: 32773
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Suggestions for personal action on the equifax breach
Excellent guide on credit freeze here with links: http://clark.com/personal-finance-credi ... haw-guide/
EXECUTIONER: Gets even better. Steve Gibson did a podcast on this last week (just got around to listening to it today). Equifax is so lacking in any security protocols that the PIN they generate for a freeze is based on a time date stamp. So if it's 9/22 at 1:05pm when you request your freeze, then your PIN is 09220105. They don't even bother hashing it. As Steve said, if this is an example of their level of expertise in cyber security, then we can assume the worst about everything else involving the breach.
EXECUTIONER: Gets even better. Steve Gibson did a podcast on this last week (just got around to listening to it today). Equifax is so lacking in any security protocols that the PIN they generate for a freeze is based on a time date stamp. So if it's 9/22 at 1:05pm when you request your freeze, then your PIN is 09220105. They don't even bother hashing it. As Steve said, if this is an example of their level of expertise in cyber security, then we can assume the worst about everything else involving the breach.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "
Re: Suggestions for personal action on the equifax breach
OMG. !!FlyingPenguin wrote:EXECUTIONER: Gets even better. Steve Gibson did a podcast on this last week (just got around to listening to it today). Equifax is so lacking in any security protocols that the PIN they generate for a freeze is based on a time date stamp. So if it's 9/22 at 1:05pm when you request your freeze, then your PIN is 09220105. They don't even bother hashing it. As Steve said, if this is an example of their level of expertise in cyber security, then we can assume the worst about everything else involving the breach.
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
- FlyingPenguin
- Flightless Bird
- Posts: 32773
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Suggestions for personal action on the equifax breach
Finally got around to freezing mine. Need to work on the wife's next.
Experian was a pain. Kept telling me I had to mail in a form even though I already had a credit reporting account with them. Turned out (I think) it was just the way my address was spelled, that or they wanted the "Jr." suffix (which I never use). When I copied the personal info from my credit report and pasted it into the form, it worked.
Equifax was an F'ing joke. They never asked ANY security questions. Just SSN and DOB. No questions about past credit history at all.
All three charged me $10.
Does anyone know if there's any way to CONFIRM my credit reports are locked? For all we know these companies could be B.S.ing us. I wonder if I can ask my bank to run a credit check on me?
Experian was a pain. Kept telling me I had to mail in a form even though I already had a credit reporting account with them. Turned out (I think) it was just the way my address was spelled, that or they wanted the "Jr." suffix (which I never use). When I copied the personal info from my credit report and pasted it into the form, it worked.
Equifax was an F'ing joke. They never asked ANY security questions. Just SSN and DOB. No questions about past credit history at all.
All three charged me $10.
Does anyone know if there's any way to CONFIRM my credit reports are locked? For all we know these companies could be B.S.ing us. I wonder if I can ask my bank to run a credit check on me?
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "
- Executioner
- Life Member
- Posts: 10133
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Suggestions for personal action on the equifax breach
I would think that Congress should get involved in some way. This is crazy shit that we have to deal with, along with all the other hacking attempts.
Re: Suggestions for personal action on the equifax breach
I've been getting about 10 spam calls a day on my phone since this happened. Before I was getting close to zero. Most are hangups, but a couple had partial messages -"Call us to help with your credit" etc. I normally get about 5 calls a week.
- FlyingPenguin
- Flightless Bird
- Posts: 32773
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Equifax hack has the hallmarks of state-sponsored pros
One of the interesting things promoting this idea, is that no one who monitors the "Dark Web" has seen any uptick in credentials and credit card numbers being sold. Whoever hacked the data is sitting on it, and it's rapidly becoming stale. You try to sell this kind of stuff as quickly as you can before people get around to locking their credit and changing credit card numbers.
It's beginning to look like it was some kind of targeted state sponsored hack, and the rest of us just got caught up in it.
Equifax hack has the hallmarks of state-sponsored pros
http://www.msn.com/en-us/news/finance-c ... ?ocid=News
It's beginning to look like it was some kind of targeted state sponsored hack, and the rest of us just got caught up in it.
Equifax hack has the hallmarks of state-sponsored pros
http://www.msn.com/en-us/news/finance-c ... ?ocid=News
Besides amassing data on nearly every American adult, the hackers also sought information on specific people. It's not clear exactly why, but there are at least two possibilities: They were looking for high-net-worth individuals to defraud, or they wanted the financial details of people with potential intelligence value.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "
Re: Suggestions for personal action on the equifax breach
So when you freeze your credit and you later decide to apply for something, how do you get it approved? Do you have to go first to all 3 agencies and unlock it?
Re: Suggestions for personal action on the equifax breach
You just ask the place that you're trying to get credit from to tell you which agency they use.
- FlyingPenguin
- Flightless Bird
- Posts: 32773
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Suggestions for personal action on the equifax breach
And if you paid a freeze fee (it varies state to state) then you will likely need to pay the same for the unlock.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "
Re: Suggestions for personal action on the equifax breach
OK. I froze all 3. Only 2 of them charged me $10 (Equifax didn't. Not surprised) yesterday. This morning I woke up to texts from my bank about fraudulent charges (they declined them) so my card is disabled and I'm getting a new one. SIGH SMH
- Executioner
- Life Member
- Posts: 10133
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Suggestions for personal action on the equifax breach
and those could have been from something else and not the Equifax breach. For my wife and I, we get one of those once a year from our bank or CC company. Worst mistake we made is paying for breakfast, lunch, or dinner with a CC, where you give it to them and they walk away with the card. Never again. We now play with cash, unless the table has a self payment option, so your card never leaves your hand.Losbot wrote:OK. I froze all 3. Only 2 of them charged me $10 (Equifax didn't. Not surprised) yesterday. This morning I woke up to texts from my bank about fraudulent charges (they declined them) so my card is disabled and I'm getting a new one. SIGH SMH
Re: Suggestions for personal action on the equifax breach
Yeah, that's the annoying part. I'm super anal when it comes to my debit card. I don't like to hand it over anywhere. I just take cash out every 2 weeks to use on lunch or whatever. I don't know how this happened. SMH
Re: Suggestions for personal action on the equifax breach
I finally managed to get through Equifax's credit freeze process online.