Equifax customer information leak

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Locked
JBTX
Posts: 1530
Joined: Wed Jul 26, 2017 12:46 pm

Re: Equifax customer information leak

Post by JBTX » Wed Sep 13, 2017 2:19 pm

I signed up for equifax credit monitoring yesterday. I still haven't received an email with final link to activate. The message said wait up to 2 days. Does it really take that long?

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Wed Sep 13, 2017 2:21 pm

knpstr wrote:
Wed Sep 13, 2017 2:06 pm
May as well concede defeat in terms of potential litigation and sign up for the $1,000,000 in fraud protection?
It will only cover you for 1 year. After that you're on your own. The data will be available to malicious parties forever.

If you sign up for it now, they will be hoping you will renew it after a year, so it's actually a great promotional business for them!!

You can sign up for this kind of coverage with your renters/homeowners policy as well.

I would not sign up for ANYTHING with Equifax. It's not the data breach, but they way they have handled it. 40 days to inform the public that their information was stolen? That's the kind of urgency they work with? Obviously some big guys at Equifax thought this wasn't severe enough to act on it immediately, or maybe they just decided they needed to offload some stock. :)

AntsOnTheMarch
Posts: 318
Joined: Mon May 29, 2017 5:47 pm

Re: Equifax customer information leak

Post by AntsOnTheMarch » Wed Sep 13, 2017 2:25 pm

davebo wrote:
Wed Sep 13, 2017 1:21 pm

3) My first inclination is to put my PIN numbers in Evernote, but that's probably not a good idea. Or maybe use some shorthand e.g. EF 452857 so it's not so obvious. Or just do it the old fashioned way and try to keep things offline/secure.
I wouldn't use Evernote for this. Not encrypted and they've been hacked before. There is a way to encrypt the notes but I can't vouch for it and more trouble than it's worth (wrong tool for this job, imho).
http://www.getsaferoom.com/

Shorthand methods could work but you'd have to make everything vague so someone finding it wouldn't know what to do with it or how to decipher. I actually like this method and used to employ it regularly in "olden times" but I have to store so much personal information now that I don't trust myself to remember my own shorthand and also, what happens if I get hit by a truck and DW has to get at it? Therefore, piece of paper in safe location. Or, my preference: dedicated password manager.

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 2:27 pm

anoop wrote:
Wed Sep 13, 2017 2:21 pm
knpstr wrote:
Wed Sep 13, 2017 2:06 pm
May as well concede defeat in terms of potential litigation and sign up for the $1,000,000 in fraud protection?
It will only cover you for 1 year. After that you're on your own. The data will be available to malicious parties forever.

If you sign up for it now, they will be hoping you will renew it after a year, so it's actually a great promotional business for them!!

You can sign up for this kind of coverage with your renters/homeowners policy as well.

I would not sign up for ANYTHING with Equifax. It's not the data breach, but they way they have handled it. 40 days to inform the public that their information was stolen? That's the kind of urgency they work with? Obviously some big guys at Equifax thought this wasn't severe enough to act on it immediately, or maybe they just decided they needed to offload some stock. :)
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

User avatar
DaftInvestor
Posts: 3129
Joined: Wed Feb 19, 2014 10:11 am

Re: Equifax customer information leak

Post by DaftInvestor » Wed Sep 13, 2017 2:29 pm

knpstr wrote:
Wed Sep 13, 2017 2:27 pm
anoop wrote:
Wed Sep 13, 2017 2:21 pm
knpstr wrote:
Wed Sep 13, 2017 2:06 pm
May as well concede defeat in terms of potential litigation and sign up for the $1,000,000 in fraud protection?
It will only cover you for 1 year. After that you're on your own. The data will be available to malicious parties forever.

If you sign up for it now, they will be hoping you will renew it after a year, so it's actually a great promotional business for them!!

You can sign up for this kind of coverage with your renters/homeowners policy as well.

I would not sign up for ANYTHING with Equifax. It's not the data breach, but they way they have handled it. 40 days to inform the public that their information was stolen? That's the kind of urgency they work with? Obviously some big guys at Equifax thought this wasn't severe enough to act on it immediately, or maybe they just decided they needed to offload some stock. :)
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
.... 5 agencies

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 2:36 pm

DaftInvestor wrote:
Wed Sep 13, 2017 2:29 pm
knpstr wrote:
Wed Sep 13, 2017 2:27 pm
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
.... 5 agencies
Equifax, Experian, TransUnion are the main 3 and then Innovis is also mentioned, what's the 5th one?

The FTC only mentions going to the "big 3" to do a freeze on their site
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

User avatar
DaftInvestor
Posts: 3129
Joined: Wed Feb 19, 2014 10:11 am

Re: Equifax customer information leak

Post by DaftInvestor » Wed Sep 13, 2017 2:39 pm

knpstr wrote:
Wed Sep 13, 2017 2:36 pm
DaftInvestor wrote:
Wed Sep 13, 2017 2:29 pm
knpstr wrote:
Wed Sep 13, 2017 2:27 pm
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
.... 5 agencies
Equifax, Experian, TransUnion are the main 3 and then Innovis is also mentioned, what's the 5th one?

The FTC only mentions going to the "big 3" to do a freeze on their site
Chex Systems (talked about earlier in this thread and some others. Often used for opening new bank accounts):
https://www.chexsystems.com/

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Wed Sep 13, 2017 2:42 pm

knpstr wrote:
Wed Sep 13, 2017 2:27 pm
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
The security/credit freeze protects against only one small part of the damage that can be done.

It can also be used to mess up cell phone service, bank accounts, retirement accounts, filing of taxes on your behalf (to get your refund), and even have crimes committed on your behalf.
http://money.cnn.com/2017/09/11/technol ... index.html

If you really want to be immune, you would have to leave the US and take all your money with you!

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 2:48 pm

anoop wrote:
Wed Sep 13, 2017 2:42 pm
knpstr wrote:
Wed Sep 13, 2017 2:27 pm
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
The security/credit freeze protects against only one small part of the damage that can be done.

It can also be used to mess up cell phone service, bank accounts, retirement accounts, filing of taxes on your behalf (to get your refund), and even have crimes committed on your behalf.
http://money.cnn.com/2017/09/11/technol ... index.html

If you really want to be immune, you would have to leave the US and take all your money with you!
So after reading what you wrote, I think my response still applies.

I also adjust my withholding so that there is not much of a refund (not due to this breach but just as a general practice) so I guess that provides some inherent protection from a refund being stolen.
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Wed Sep 13, 2017 2:52 pm

knpstr wrote:
Wed Sep 13, 2017 2:48 pm
So after reading what you wrote, I think my response still applies.

I also adjust my withholding so that there is not much of a refund (not due to this breach but just as a general practice) so I guess that provides some inherent protection from a refund being stolen.
It is a useful step, but far from enough. It would be naive for one to think that because they have frozen their credit files, they are now protected from any damage due to the breach.

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 2:54 pm

anoop wrote:
Wed Sep 13, 2017 2:52 pm
knpstr wrote:
Wed Sep 13, 2017 2:48 pm
So after reading what you wrote, I think my response still applies.

I also adjust my withholding so that there is not much of a refund (not due to this breach but just as a general practice) so I guess that provides some inherent protection from a refund being stolen.
It is a useful step, but far from enough. It would be naive for one to think that because they have frozen their credit files, they are now protected from any damage due to the breach.
I think there may be a misunderstanding when I said the "it seems best course of action after reading this thread" and what people seem to be inferring as: "the thing to do to eliminate any chance of ID theft ever".
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

SpideyIndexer
Posts: 255
Joined: Thu Apr 02, 2015 10:13 pm

Re: Equifax customer information leak

Post by SpideyIndexer » Wed Sep 13, 2017 3:00 pm

So it is nice that Equifax dropped the fee for freezing credit reports from them. When will Equifax get around to refunding fees for freezes that we placed at Experian and Transunion due to their negligence?

Or, more likely, they would put some sort of reciprocal agreement in place with the other big 2.

Somewhat of a tangent, I have always resented how "issued once" SSNs were universally adopted as ID numbers by pretty much all financial institutions.

User avatar
DaftInvestor
Posts: 3129
Joined: Wed Feb 19, 2014 10:11 am

Re: Equifax customer information leak

Post by DaftInvestor » Wed Sep 13, 2017 3:04 pm

SpideyIndexer wrote:
Wed Sep 13, 2017 3:00 pm
So it is nice that Equifax dropped the fee for freezing credit reports from them. When will Equifax get around to refunding fees for freezes that we placed at Experian and Transunion due to their negligence?
Equifax has yet to refund me the fee I paid to them (likely have to call to get it done) - fat chance they will refund the other fees.

User avatar
DaftInvestor
Posts: 3129
Joined: Wed Feb 19, 2014 10:11 am

Re: Equifax customer information leak

Post by DaftInvestor » Wed Sep 13, 2017 3:05 pm

anoop wrote:
Wed Sep 13, 2017 2:52 pm
knpstr wrote:
Wed Sep 13, 2017 2:48 pm
So after reading what you wrote, I think my response still applies.

I also adjust my withholding so that there is not much of a refund (not due to this breach but just as a general practice) so I guess that provides some inherent protection from a refund being stolen.
It is a useful step, but far from enough. It would be naive for one to think that because they have frozen their credit files, they are now protected from any damage due to the breach.
This is a useful answer, but far from enough. Beyond freezing credit files what else are you recommending?
Certainly freezing your credit is "a" step to better securing yourself.

User avatar
Earl Lemongrab
Posts: 2939
Joined: Tue Jun 10, 2014 1:14 am

Re: Equifax customer information leak

Post by Earl Lemongrab » Wed Sep 13, 2017 3:06 pm

I think the other two ought to offer free one-time freezes for a while. People are in a panic ready to sign up. Later, when things calm down and they find out that they can't open new credit cards and such, then they can pay to get them unfrozen.
This week's fortune cookie: "You will do well to expand your horizons." Ow. Passive-aggressive and vaguely ominous.

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 3:07 pm

DaftInvestor wrote:
Wed Sep 13, 2017 2:39 pm
knpstr wrote:
Wed Sep 13, 2017 2:36 pm
DaftInvestor wrote:
Wed Sep 13, 2017 2:29 pm
knpstr wrote:
Wed Sep 13, 2017 2:27 pm
Yes, I think your feelings towards the company is justified. From reading this thread it seems like the best course of action (in terms of preventing ID theft) is to place a security/credit freeze with 4 agencies.
.... 5 agencies
Equifax, Experian, TransUnion are the main 3 and then Innovis is also mentioned, what's the 5th one?

The FTC only mentions going to the "big 3" to do a freeze on their site
Chex Systems (talked about earlier in this thread and some others. Often used for opening new bank accounts):
https://www.chexsystems.com/
:beer I missed the mentioning of that one
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 3:18 pm

Dave Ramsey often touts "ID theft Insurance". Looking into what he recommends, it is only $145/yr for "family coverage". Perhaps that would be worth the small price as well. They also give $1M in reimbursement of stolen funds and a case worker will "do all the work" to get things straightened out for you.

Perhaps something to consider as yet another protection on top of freezing one's credit? It sounds like it doesn't provide any "stopping power" but if something happens the hassle will be taken care of for you?
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Wed Sep 13, 2017 3:31 pm

DaftInvestor wrote:
Wed Sep 13, 2017 3:05 pm
This is a useful answer, but far from enough. Beyond freezing credit files what else are you recommending?
Certainly freezing your credit is "a" step to better securing yourself.
I have not found any good recommendations beyond limiting the number of financial institutions you deal with and checking all your accounts regularly to spot any issues/anomalies. This becomes and ongoing investment of time, and it also doesn't help with things like fraudulent taxes or someone getting a driver's license in your name.

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 3:40 pm

anoop wrote:
Wed Sep 13, 2017 3:31 pm
DaftInvestor wrote:
Wed Sep 13, 2017 3:05 pm
This is a useful answer, but far from enough. Beyond freezing credit files what else are you recommending?
Certainly freezing your credit is "a" step to better securing yourself.
I have not found any good recommendations beyond limiting the number of financial institutions you deal with and checking all your accounts regularly to spot any issues/anomalies. This becomes and ongoing investment of time, and it also doesn't help with things like fraudulent taxes or someone getting a driver's license in your name.
I recently renewed my driver's license. In the state of Michigan anyway (perhaps all states as I think legislation was made after 9/11) they are pushing the "Real ID" license for everyone by year 2020, where you provide your passport or birth certificate at the time of renewal and you get an extra "star" on your license to act as a stronger indication of one's true identity. I guess you'll need it to board any airplane after year 2020.

If that was mandatory (which it is not in the terms it says this won't invalidate old licenses without the star) a fraudster would have to replicate a birth certificate or passport in order to get a license in your name. Maybe it is a worthwhile measure.
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

kjdbonez
Posts: 38
Joined: Tue Aug 09, 2016 2:14 pm

Re: Equifax customer information leak

Post by kjdbonez » Wed Sep 13, 2017 3:42 pm

Two questions:
1) If you freeze your credit, does "credit monitoring" actually benefit you any further? I assume that any sort of credit monitoring software works similar to CreditKarma - these programs won't work if you have your credit frozen with the Big 3. So maybe an ID theft protection would be beneficial in the case that someone uses your stolen information to get a drivers license, medical treatment, etc in your name, but I don't see how the FREE credit monitoring services being offered are going to benefit anyone.

2) If you freeze your credit with the big 3, are lenders still able to report information to the agencies? For example if I freeze my credit while I'm in the process of paying off a loan. Once that loan is paid off (and credit still frozen), do the credit bureaus still receive and process that information so that when the freeze is "thawed" my credit will reflect my actual financial situation?

User avatar
knpstr
Posts: 1808
Joined: Thu Nov 20, 2014 8:57 pm
Location: Michigan

Re: Equifax customer information leak

Post by knpstr » Wed Sep 13, 2017 3:55 pm

kjdbonez wrote:
Wed Sep 13, 2017 3:42 pm

2) If you freeze your credit with the big 3, are lenders still able to report information to the agencies? For example if I freeze my credit while I'm in the process of paying off a loan. Once that loan is paid off (and credit still frozen), do the credit bureaus still receive and process that information so that when the freeze is "thawed" my credit will reflect my actual financial situation?
From what I've read, all accounts already open are fully active credit/debit/loans/etc. during a freeze. A freeze just makes it more difficult for someone to open a new account because places are "supposed to" check your credit. If it is frozen they will see that and shouldn't open any new accounts under your name while the freeze is active. So I think all opened accounts are fully active but information can no longer be pulled from the accounts to open new sources of credit.

That's my understanding anyway.
ftc wrote:What is a credit freeze?
Also known as a security freeze, this tool lets you restrict access to your credit report, which in turn makes it more difficult for identity thieves to open new accounts in your name. That’s because most creditors need to see your credit report before they approve a new account. If they can’t see your file, they may not extend the credit.

Does a credit freeze affect my credit score?
No. A credit freeze does not affect your credit score.

Can anyone see my credit report if it is frozen?
Certain entities still will have access to it. your report can be released to your existing creditors or to debt collectors acting on their behalf.
government agencies may have access in response to a court or administrative order, a subpoena, or a search warrant.
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius

User avatar
zaplunken
Posts: 854
Joined: Tue Jul 01, 2008 9:07 am

Re: Equifax customer information leak

Post by zaplunken » Wed Sep 13, 2017 4:39 pm

I just did a security freeze with ChexSystems based upon replies to my question why them too.

The security code you have to enter was almost impossible to get right. Upper or lower case? Mixed? 10 freaking trys before it was accepted cuz you get a new one each time and it's impossible to figure out the case of the letters. Other than that stupidity this was simple.

tj
Posts: 1962
Joined: Thu Dec 24, 2009 12:10 am

Re: Equifax customer information leak

Post by tj » Wed Sep 13, 2017 6:06 pm

Is nobody freezing sagestream?

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: Equifax customer information leak

Post by azurekep » Wed Sep 13, 2017 6:43 pm

SpideyIndexer wrote:
Wed Sep 13, 2017 3:00 pm


Somewhat of a tangent, I have always resented how "issued once" SSNs were universally adopted as ID numbers by pretty much all financial institutions.
Part of it is our fault. If we go to a department store and they advertise 20% off and ask for a SSN to get the deal, we say "Sure!" (Okay, I never did that and maybe you didn't either, but a lot of people did.)

The more freely we give out our information, the more businesses realize how "generous" we are with our personal information. The latest trend I've noticed is asking for our birthdate.

Of course, The Patriot Act helped a lot of things along... We are all suspects who need to be numbered and tracked -- until proven innocent. :?

User avatar
AAA
Posts: 843
Joined: Sat Jan 12, 2008 8:56 am

Re: Equifax customer information leak

Post by AAA » Wed Sep 13, 2017 6:54 pm

knpstr wrote:
Wed Sep 13, 2017 2:48 pm
I also adjust my withholding so that there is not much of a refund (not due to this breach but just as a general practice) so I guess that provides some inherent protection from a refund being stolen.
I'm not understanding this. Someone could file a return with exaggerated deductions and/or losses, thus generating a fake large refund. It would have nothing to do with your genuine refund amount, no?

But this brings up a question I have about fraudulent returns. The thief doesn't have access to your brokerage statements, pay stubs, etc. The IRS is supposed to have copies of these. So when a return is filed, aren't these things cross-checked and isn't it obvious that what is submitted doesn't match?

User avatar
VictoriaF
Posts: 17519
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: Equifax customer information leak

Post by VictoriaF » Wed Sep 13, 2017 7:50 pm

AAA wrote:
Wed Sep 13, 2017 6:54 pm
knpstr wrote:
Wed Sep 13, 2017 2:48 pm
I also adjust my withholding so that there is not much of a refund (not due to this breach but just as a general practice) so I guess that provides some inherent protection from a refund being stolen.
I'm not understanding this. Someone could file a return with exaggerated deductions and/or losses, thus generating a fake large refund. It would have nothing to do with your genuine refund amount, no?
If an imposter files your return before you do, it will delay your refund. If you don't expect a refund, or expect a small refund, you can wait until the IRS corrects your records.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

User avatar
VictoriaF
Posts: 17519
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: Equifax customer information leak

Post by VictoriaF » Wed Sep 13, 2017 7:56 pm

azurekep wrote:
Wed Sep 13, 2017 6:43 pm
SpideyIndexer wrote:
Wed Sep 13, 2017 3:00 pm


Somewhat of a tangent, I have always resented how "issued once" SSNs were universally adopted as ID numbers by pretty much all financial institutions.
Part of it is our fault. If we go to a department store and they advertise 20% off and ask for a SSN to get the deal, we say "Sure!" (Okay, I never did that and maybe you didn't either, but a lot of people did.)

The more freely we give out our information, the more businesses realize how "generous" we are with our personal information. The latest trend I've noticed is asking for our birthdate.
Giving your SSN to Target may be objectionable. But what about a potential employer? What if you are applying for a job with dozens potential employers? What if your potential employers are small companies with poor record-keeping?

Getting medical insurance requires the SSN. Getting medical treatment may require the SSN. Renting an apartment requires the SSN.

Even if you eliminate unnecessary disclosures of the SSN, there are still numerous necessary disclosures many of which are vulnerable to breaches.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

User avatar
zaplunken
Posts: 854
Joined: Tue Jul 01, 2008 9:07 am

Re: Equifax customer information leak

Post by zaplunken » Wed Sep 13, 2017 8:07 pm

Medicare uses your SS as your id, how stupid is that? I hear this is changing to a plain old number but I'm not sure when.

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: Equifax customer information leak

Post by azurekep » Wed Sep 13, 2017 9:32 pm

VictoriaF wrote:
Wed Sep 13, 2017 7:56 pm
azurekep wrote:
Wed Sep 13, 2017 6:43 pm
SpideyIndexer wrote:
Wed Sep 13, 2017 3:00 pm


Somewhat of a tangent, I have always resented how "issued once" SSNs were universally adopted as ID numbers by pretty much all financial institutions.
Part of it is our fault. If we go to a department store and they advertise 20% off and ask for a SSN to get the deal, we say "Sure!" (Okay, I never did that and maybe you didn't either, but a lot of people did.)

The more freely we give out our information, the more businesses realize how "generous" we are with our personal information. The latest trend I've noticed is asking for our birthdate.
Giving your SSN to Target may be objectionable. But what about a potential employer? What if you are applying for a job with dozens potential employers? What if your potential employers are small companies with poor record-keeping?

Getting medical insurance requires the SSN. Getting medical treatment may require the SSN. Renting an apartment requires the SSN.

Even if you eliminate unnecessary disclosures of the SSN, there are still numerous necessary disclosures many of which are vulnerable to breaches.

Victoria
Sure. I'm just saying that SSNs were not designed to be universal IDs. But as people freely gave up that information in return for trivial things like store discounts, SSNs as IDs quickly proliferated. Smart people were warning that if people kept giving out their SSN willingly, the SSN would soon become a National ID. They were right.

User avatar
VictoriaF
Posts: 17519
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: Equifax customer information leak

Post by VictoriaF » Wed Sep 13, 2017 9:37 pm

azurekep wrote:
Wed Sep 13, 2017 9:32 pm
Sure. I'm just saying that SSNs were not designed to be universal IDs. But as people freely gave up that information in return for trivial things like store discounts, SSNs as IDs quickly proliferated. Smart people were warning that if people kept giving out their SSN willingly, the SSN would soon become a National ID. They were right.
Sure. I am just saying that before people freely gave out their SSN, they were asked to give their SSN.

You are saying that people were the chicken and stores were the egg. I insist that stores were the chicken and people were mere eggs.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: Equifax customer information leak

Post by azurekep » Wed Sep 13, 2017 9:47 pm

VictoriaF wrote:
Wed Sep 13, 2017 9:37 pm
azurekep wrote:
Wed Sep 13, 2017 9:32 pm
Sure. I'm just saying that SSNs were not designed to be universal IDs. But as people freely gave up that information in return for trivial things like store discounts, SSNs as IDs quickly proliferated. Smart people were warning that if people kept giving out their SSN willingly, the SSN would soon become a National ID. They were right.
Sure. I am just saying that before people freely gave out their SSN, they were asked to give their SSN.

You are saying that people were the chicken and stores were the egg. I insist that stores were chicken and people were mere eggs.

Victoria
At first, people were asked to give out their SSN is a very limited number of circumstances. Some that you already mentioned.

Later, they were asked to give our their SSN in return for a variety of ordinary goods and services -- things that never required an SSN in the past.

Eventually, people automatically handed out their SSN when asked almost as a Pavlovian reaction.

Now that was true as of a few years ago. People are now becoming more sophisticated and realizing they should protect their SSN. Smart people, for example, lobbied Fidelity to let them use their own custom ID instead of their SSN as their user name. :o

User avatar
VictoriaF
Posts: 17519
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: Equifax customer information leak

Post by VictoriaF » Wed Sep 13, 2017 10:08 pm

azurekep wrote:
Wed Sep 13, 2017 9:47 pm
Eventually, people automatically handed out their SSN when asked almost as a Pavlovian reaction.
If it's because of Pavlov, it must be another Russian conspiracy.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: Equifax customer information leak

Post by azurekep » Wed Sep 13, 2017 10:22 pm

VictoriaF wrote:
Wed Sep 13, 2017 10:08 pm
azurekep wrote:
Wed Sep 13, 2017 9:47 pm
Eventually, people automatically handed out their SSN when asked almost as a Pavlovian reaction.
If it's because of Pavlov, it must be another Russian conspiracy.

Victoria
Yes. And I'm sure your avatar is some kind of Kremlin-installed listening device. Black Swan??? How gullible do you think we are?!

Anyway, before I end the OT chatter, I just wanted to add how it used to be shopping at brick and mortar stores. We actually had a choice as to whether to share our information or not. It's probably too late now, but we can act more judiciously going forward.

Store 1 (at the checkout counter): "May I have your zip code?"
Me: "I'm sorry, I don't live in the area."

Store 2 (at the checkout counter): "May I have your phone number?"
Me: "I'm sorry, I'm between phone numbers right now."
Store 2: "That's fine".

Me at store 3 : "I notice you rang this up but didn't apply the 20% discount advertised on the sign."
Store 3: "You need to fill out this form."
Me: "It asks for my Social Security Number!"
Store 3: "Yes. Just fill out that form with your Social Security Number and you'll get the 20% discount."
Me: "No thanks."

These can be potentially awkward moments, but the clerks always were nice.

On the other hand, it was fun watching people in line loudly blurting out their phone numbers and zip codes. :D I'm sure they thought it was harmless, and in itself it was. But all this has led to a pattern of action where we're all freely giving out this information and not even thinking twice about it.

Until now. :twisted:

User avatar
mrc
Posts: 1006
Joined: Sun Jan 10, 2016 6:39 am
Location: right here

Re: Equifax customer information leak

Post by mrc » Thu Sep 14, 2017 4:38 am

tj wrote:
Wed Sep 13, 2017 6:06 pm
Is nobody freezing sagestream?
So how many of these dastardly credit reporting agencies are there???? StageStream is new to me. Their online freeze screen explains how to perform a security freeze by phone, or by mail. No online method. I hate being on the phone, then dragging the spouse to the line. I hate more mailing copies of sensitive documents to an organization I've never even heard of.

You can apply by Secured Fax (what is that?).
A great challenge of life: Knowing enough to think you're doing it right, but not enough to know you're doing it wrong. — Neil deGrasse Tyson

Rupert
Posts: 2670
Joined: Fri Aug 17, 2012 12:01 pm

Re: Equifax customer information leak

Post by Rupert » Thu Sep 14, 2017 7:05 am

AAA wrote:
Wed Sep 13, 2017 6:54 pm

But this brings up a question I have about fraudulent returns. The thief doesn't have access to your brokerage statements, pay stubs, etc. The IRS is supposed to have copies of these. So when a return is filed, aren't these things cross-checked and isn't it obvious that what is submitted doesn't match?
They are eventually crosschecked, but not before refunds are issued. Why would they implement such a stupid practice? Because of political pressure on the IRS to make the quick processing of refunds the agency's top priority. People and their elected representatives would scream bloody murder if the IRS actually waited for all documentation to come in before refund checks are cut.

User avatar
flamesabers
Posts: 1470
Joined: Fri Mar 03, 2017 12:05 pm
Location: Rochester, MN

Re: Equifax customer information leak

Post by flamesabers » Thu Sep 14, 2017 10:46 am

JBTX wrote:
Wed Sep 13, 2017 2:19 pm
I signed up for equifax credit monitoring yesterday. I still haven't received an email with final link to activate. The message said wait up to 2 days. Does it really take that long?
I also signed up for Equifax credit monitoring on Tuesday and still haven't received an activation email either. It's not showing up in my spam folder either.

Has anyone received this email yet?

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Thu Sep 14, 2017 10:51 am

flamesabers wrote:
Thu Sep 14, 2017 10:46 am
I also signed up for Equifax credit monitoring on Tuesday and still haven't received an activation email either. It's not showing up in my spam folder either.

Has anyone received this email yet?
Do you really trust a company that had 2 whole months to prevent this attack and did nothing about it?
https://www.usatoday.com/story/money/20 ... 665100001/
Equifax told USA TODAY late Wednesday that the criminals who potentially gained access to the personal data of up to 143 million Americans had exploited a website application vulnerability known as Apache Struts CVE-2017-5638.

The vulnerability was patched on 7 March 2017, the same day it was announced, the foundation said. Modifications were made on March 10, according to the National Vulnerability Database.

Equifax said that the unauthorized access began in mid-May. That's a period of two months in which the company could have, and should have, say experts, dealt with the problem.

User avatar
flamesabers
Posts: 1470
Joined: Fri Mar 03, 2017 12:05 pm
Location: Rochester, MN

Re: Equifax customer information leak

Post by flamesabers » Thu Sep 14, 2017 10:56 am

anoop wrote:
Thu Sep 14, 2017 10:51 am
flamesabers wrote:
Thu Sep 14, 2017 10:46 am
I also signed up for Equifax credit monitoring on Tuesday and still haven't received an activation email either. It's not showing up in my spam folder either.

Has anyone received this email yet?
Do you really trust a company that had 2 whole months to prevent this attack and did nothing about it?
Couldn't you make the same argument for those who are freezing their credit report with Equifax? Besides, it's not as if turning down the credit monitoring will somehow reverse the damage that has already been done.

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Thu Sep 14, 2017 11:02 am

flamesabers wrote:
Thu Sep 14, 2017 10:56 am
Couldn't you make the same argument for those who are freezing their credit report with Equifax? Besides, it's not as if turning down the credit monitoring will somehow reverse the damage that has already been done.
My point is that the company is so poorly managed that buying any service from them is signing up for more pain.

User avatar
flamesabers
Posts: 1470
Joined: Fri Mar 03, 2017 12:05 pm
Location: Rochester, MN

Re: Equifax customer information leak

Post by flamesabers » Thu Sep 14, 2017 11:20 am

anoop wrote:
Thu Sep 14, 2017 11:02 am
flamesabers wrote:
Thu Sep 14, 2017 10:56 am
Couldn't you make the same argument for those who are freezing their credit report with Equifax? Besides, it's not as if turning down the credit monitoring will somehow reverse the damage that has already been done.
My point is that the company is so poorly managed that buying any service from them is signing up for more pain.
I'm not buying a service from them. Once the year is up, I'm done with the free credit monitoring.

Again, your argument can be applied to those who are freezing their credit report with Equifax.

JBTX
Posts: 1530
Joined: Wed Jul 26, 2017 12:46 pm

Re: Equifax customer information leak

Post by JBTX » Thu Sep 14, 2017 11:22 am

flamesabers wrote:
Thu Sep 14, 2017 10:46 am
JBTX wrote:
Wed Sep 13, 2017 2:19 pm
I signed up for equifax credit monitoring yesterday. I still haven't received an email with final link to activate. The message said wait up to 2 days. Does it really take that long?
I also signed up for Equifax credit monitoring on Tuesday and still haven't received an activation email either. It's not showing up in my spam folder either.

Has anyone received this email yet?
Still no email for me, it has been 2 days. Not in spam folder

Why the hell would it take days? Are they having to personally set each one of these things up? Is it not an automated response?

What a cluster........

User avatar
siamond
Posts: 3445
Joined: Mon May 28, 2012 5:50 am

Re: Equifax customer information leak

Post by siamond » Thu Sep 14, 2017 11:27 am

anoop wrote:
Thu Sep 14, 2017 11:02 am
My point is that the company is so poorly managed that buying any service from them is signing up for more pain.
I don't know about that. Equifax will be SO scrutinized in the coming year that they will be much more incentivized to provide a proper service than any of their competitors. Just as a case in point, I seriously doubt that they'll be late in implementing security patches ever again, and whoever made that huge mistake is no longer working with them by now... I did sign up and my wife did the same. I just don't see any drawback of doing so. Still have to receive the confirmation e-mail though.

User avatar
flamesabers
Posts: 1470
Joined: Fri Mar 03, 2017 12:05 pm
Location: Rochester, MN

Re: Equifax customer information leak

Post by flamesabers » Thu Sep 14, 2017 11:28 am

JBTX wrote:
Thu Sep 14, 2017 11:22 am
flamesabers wrote:
Thu Sep 14, 2017 10:46 am
JBTX wrote:
Wed Sep 13, 2017 2:19 pm
I signed up for equifax credit monitoring yesterday. I still haven't received an email with final link to activate. The message said wait up to 2 days. Does it really take that long?
I also signed up for Equifax credit monitoring on Tuesday and still haven't received an activation email either. It's not showing up in my spam folder either.

Has anyone received this email yet?
Still no email for me, it has been 2 days. Not in spam folder

Why the hell would it take days? Are they having to personally set each one of these things up? Is it not an automated response?

What a cluster........
I suspect either the system is backlogged or the credit monitoring hasn't been fully setup to begin with. Either way it's not a good sign that Equifax is trying to make amends with consumers.

Shemi
Posts: 5
Joined: Thu Aug 17, 2017 3:55 pm

Re: Equifax customer information leak

Post by Shemi » Thu Sep 14, 2017 11:34 am

I could not obtain the free credit report from the Equinox site just now. I got spinning colored circles and the browser froze; had to reboot.

Equinox seems way over their head in managing this crisis. Perhaps this is a (rare) case where govt. intervention would be best--perhaps the govt. should take over Equifax like the did with AIG in '08.

User avatar
flamesabers
Posts: 1470
Joined: Fri Mar 03, 2017 12:05 pm
Location: Rochester, MN

Re: Equifax customer information leak

Post by flamesabers » Thu Sep 14, 2017 11:40 am

Shemi wrote:
Thu Sep 14, 2017 11:34 am
Equinox seems way over their head in managing this crisis. Perhaps this is a (rare) case where govt. intervention would be best--perhaps the govt. should take over Equifax like the did with AIG in '08.
I don't see how the government taking over Equifax would be an improvement considering the OPM breach in 2015. Ironically, OPM discovered the breach in April of 2015 but waited until June 2015 to make the announcement, just like Equifax did.

anoop
Posts: 439
Joined: Tue Mar 04, 2014 1:33 am

Re: Equifax customer information leak

Post by anoop » Thu Sep 14, 2017 11:47 am

IMO, a credit freeze is overrated, unless you don't have a monitoring service. If you have a monitoring service, you get notified as soon as pull happens, so you can take immediate action if it wasn't legitimate.

Regarding the insurance providing $1M in coverage for lost assets -- read up about it. Usually you don't need that because the assets will be restored once it's established there was fraud. You can buy ID theft insurance from a regular insurance company for very little money which pays out a reasonable amount like say $10K to get help to fix the ID theft issue. I am much more comfortable with that model.

Rupert
Posts: 2670
Joined: Fri Aug 17, 2012 12:01 pm

Re: Equifax customer information leak

Post by Rupert » Thu Sep 14, 2017 12:27 pm

Our friend Ron Lieber over at the New York Times (he has favorably mentioned Bogleheads in several articles) is pressing for answers to many of your questions and has finally gotten some answers from Equifax: https://www.nytimes.com/2017/09/14/your ... v=top-news

Wakefield1
Posts: 646
Joined: Mon Nov 14, 2016 10:10 pm

Re: Equifax customer information leak

Post by Wakefield1 » Thu Sep 14, 2017 3:34 pm

As to the issue that Equifax supposedly sat on the knowledge that the breach had occurred for some considerable time before going public about it:it occurs to me that possibly Equifax did indeed get in touch with Law Enforcement such as the FBI or other high level and was advised to keep a low profile so that investigators/detectives could work on finding facts as to who was the hacker or where were they based,without the hacker(s) being alerted that their cover was blown-If that was the case then perhaps that shouldn't be held against Equifax-but if they indeed kept quiet with the knowledge without alerting anyone (except the inside sellers?!) then indeed that was a very bad thing and perhaps should be held accountable for it.

User avatar
Pajamas
Posts: 2780
Joined: Sun Jun 03, 2012 6:32 pm

Re: Equifax customer information leak

Post by Pajamas » Thu Sep 14, 2017 4:17 pm

azurekep wrote:
Wed Sep 13, 2017 6:43 pm
Part of it is our fault. If we go to a department store and they advertise 20% off and ask for a SSN to get the deal, we say "Sure!" (Okay, I never did that and maybe you didn't either, but a lot of people did.)

The more freely we give out our information, the more businesses realize how "generous" we are with our personal information. The latest trend I've noticed is asking for our birthdate.

Of course, The Patriot Act helped a lot of things along... We are all suspects who need to be numbered and tracked -- until proven innocent. :?

I used a credit card today at a grocery store that I don't usually go to and the card reader actually asked for my email address. The clerk reached over and pressed the button to skip that without me even asking but she did say some people give it. Container Store used to (and might still) ask for your zip code at the register. One clerk gave me a hard time about not wanting to provide that but finally backed down. Now I just tell them "11111" because "00000" doesn't work.
Last edited by Pajamas on Thu Sep 14, 2017 4:17 pm, edited 1 time in total.

User avatar
VictoriaF
Posts: 17519
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: Equifax customer information leak

Post by VictoriaF » Thu Sep 14, 2017 4:17 pm

flamesabers wrote:
Thu Sep 14, 2017 11:40 am
Shemi wrote:
Thu Sep 14, 2017 11:34 am
Equinox seems way over their head in managing this crisis. Perhaps this is a (rare) case where govt. intervention would be best--perhaps the govt. should take over Equifax like the did with AIG in '08.
I don't see how the government taking over Equifax would be an improvement considering the OPM breach in 2015. Ironically, OPM discovered the breach in April of 2015 but waited until June 2015 to make the announcement, just like Equifax did.
The OPM breach was worse than the Equifax breach. At least, 143 million American consumers did not get their fingerprints exposed. The difference is that with the OPM the victims are employees and retirees who depend on the OPM. With Equifax, the victims are consumers who would be happy if Equifax and other Credit Reporting Agencies had disappeared.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

Locked