Suggestions for personal action on the equifax breach

Kick Back and Relax in the Cheers! Forum. Thoughts on life or want advice or thoughts from other pca members. Or just plain "chill". Originator of da Babe threads.
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Suggestions for personal action on the equifax breach

Post by Executioner »

Man this just gets better. Maybe it's time for a reset to the Matrix. If a hospital or any company in the medical field lost this same info (full names, Addr, SSN, DOB), they would be fined into oblivion for HIPAA violations. Yet, because it's a financial company that leaked the exact same data, they are not subject to the same regulations

Krebs on Security warns that Experian has made it easy for anyone to request the PIN needed to unlock a previously frozen credit file: some of the “hurdles” merely involve knowing the person’s name, address, date of birth, and social security number, all of which have been jeopardized in countless breaches. There is additional authorization in the form of challenge questions, but the answers to these are now indexed or exposed by search engines, social networks, and third-party services online — both criminal and commercial.

Image

https://krebsonsecurity.com/2017/09/exp ... reeze-pin/
User avatar
darcy
Posts: 6263
Joined: Tue Jun 01, 2004 9:33 pm
Location: NYC

Re: Suggestions for personal action on the equifax breach

Post by darcy »

I went to Experian site and it said it could not provide me w/PIN # with the information I provided (wth?), and instead I have to mail them or call.
Last edited by darcy on Sat Sep 23, 2017 4:23 pm, edited 1 time in total.
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >

Lily, 1995 - 2009 ~ < Forever In Our Hearts >

The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Suggestions for personal action on the equifax breach

Post by FlyingPenguin »

Excellent guide on credit freeze here with links: http://clark.com/personal-finance-credi ... haw-guide/

EXECUTIONER: Gets even better. Steve Gibson did a podcast on this last week (just got around to listening to it today). Equifax is so lacking in any security protocols that the PIN they generate for a freeze is based on a time date stamp. So if it's 9/22 at 1:05pm when you request your freeze, then your PIN is 09220105. They don't even bother hashing it. As Steve said, if this is an example of their level of expertise in cyber security, then we can assume the worst about everything else involving the breach.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
darcy
Posts: 6263
Joined: Tue Jun 01, 2004 9:33 pm
Location: NYC

Re: Suggestions for personal action on the equifax breach

Post by darcy »

FlyingPenguin wrote:EXECUTIONER: Gets even better. Steve Gibson did a podcast on this last week (just got around to listening to it today). Equifax is so lacking in any security protocols that the PIN they generate for a freeze is based on a time date stamp. So if it's 9/22 at 1:05pm when you request your freeze, then your PIN is 09220105. They don't even bother hashing it. As Steve said, if this is an example of their level of expertise in cyber security, then we can assume the worst about everything else involving the breach.
OMG. !!
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >

Lily, 1995 - 2009 ~ < Forever In Our Hearts >

The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Suggestions for personal action on the equifax breach

Post by FlyingPenguin »

Finally got around to freezing mine. Need to work on the wife's next.

Experian was a pain. Kept telling me I had to mail in a form even though I already had a credit reporting account with them. Turned out (I think) it was just the way my address was spelled, that or they wanted the "Jr." suffix (which I never use). When I copied the personal info from my credit report and pasted it into the form, it worked.

Equifax was an F'ing joke. They never asked ANY security questions. Just SSN and DOB. No questions about past credit history at all.

All three charged me $10.

Does anyone know if there's any way to CONFIRM my credit reports are locked? For all we know these companies could be B.S.ing us. I wonder if I can ask my bank to run a credit check on me?
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Suggestions for personal action on the equifax breach

Post by Executioner »

I would think that Congress should get involved in some way. This is crazy shit that we have to deal with, along with all the other hacking attempts.
User avatar
wvjohn
Posts: 9238
Joined: Wed Nov 22, 2000 7:09 am
Contact:

Re: Suggestions for personal action on the equifax breach

Post by wvjohn »

I've been getting about 10 spam calls a day on my phone since this happened. Before I was getting close to zero. Most are hangups, but a couple had partial messages -"Call us to help with your credit" etc. I normally get about 5 calls a week.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Equifax hack has the hallmarks of state-sponsored pros

Post by FlyingPenguin »

One of the interesting things promoting this idea, is that no one who monitors the "Dark Web" has seen any uptick in credentials and credit card numbers being sold. Whoever hacked the data is sitting on it, and it's rapidly becoming stale. You try to sell this kind of stuff as quickly as you can before people get around to locking their credit and changing credit card numbers.

It's beginning to look like it was some kind of targeted state sponsored hack, and the rest of us just got caught up in it.

Equifax hack has the hallmarks of state-sponsored pros

http://www.msn.com/en-us/news/finance-c ... ?ocid=News
Besides amassing data on nearly every American adult, the hackers also sought information on specific people. It's not clear exactly why, but there are at least two possibilities: They were looking for high-net-worth individuals to defraud, or they wanted the financial details of people with potential intelligence value.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Suggestions for personal action on the equifax breach

Post by Losbot »

So when you freeze your credit and you later decide to apply for something, how do you get it approved? Do you have to go first to all 3 agencies and unlock it?
User avatar
normalicy
Posts: 9513
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: Suggestions for personal action on the equifax breach

Post by normalicy »

You just ask the place that you're trying to get credit from to tell you which agency they use.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Suggestions for personal action on the equifax breach

Post by FlyingPenguin »

And if you paid a freeze fee (it varies state to state) then you will likely need to pay the same for the unlock.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Suggestions for personal action on the equifax breach

Post by Losbot »

OK. I froze all 3. Only 2 of them charged me $10 (Equifax didn't. Not surprised) yesterday. This morning I woke up to texts from my bank about fraudulent charges (they declined them) so my card is disabled and I'm getting a new one. SIGH SMH
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Suggestions for personal action on the equifax breach

Post by Executioner »

Losbot wrote:OK. I froze all 3. Only 2 of them charged me $10 (Equifax didn't. Not surprised) yesterday. This morning I woke up to texts from my bank about fraudulent charges (they declined them) so my card is disabled and I'm getting a new one. SIGH SMH
and those could have been from something else and not the Equifax breach. For my wife and I, we get one of those once a year from our bank or CC company. Worst mistake we made is paying for breakfast, lunch, or dinner with a CC, where you give it to them and they walk away with the card. Never again. We now play with cash, unless the table has a self payment option, so your card never leaves your hand.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Suggestions for personal action on the equifax breach

Post by Losbot »

Yeah, that's the annoying part. I'm super anal when it comes to my debit card. I don't like to hand it over anywhere. I just take cash out every 2 weeks to use on lunch or whatever. I don't know how this happened. SMH
User avatar
normalicy
Posts: 9513
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: Suggestions for personal action on the equifax breach

Post by normalicy »

I finally managed to get through Equifax's credit freeze process online.
Post Reply