Equifax data breach impacts 44% of Americans

[MacMadame]

I don't see a thread on this and I think it's vitally important that people understand what happened and what their options are. DO NOT JUST SIGN UP FOR EQUIFAX's CREDIT MONITORING SYSTEM WITHOUT READING THIS POST!!

First, if you didn't hear about this, the credit firm Equifax had a data breach and 143-144 million customer's data was stolen. It's 44% of all people in the US but it's more if you don't count kids and people who don't have a credit report. It's more than half of adults with credit.

They stole pretty much every thing. Name, addresses, SSNs, birth dates... everything needed to steal your identity.

Not only that, but they took SIX WEEKS to announce it. In the meantime, 3 executives sold off a bunch of their stock (on the same day?). Equifax says those execs didn't know. If true, this means their internal operations are completely screwed up. If not true, that's insider trading.

Second, Equifax has set up a site to check if you were impacted. THIS SITE IS A DISASTER in the making. It's a fricking Word Press site! (WP is notorious for its security issues) It has a bad SSL certificate (or did, they may have fixed that part). It asks for the last SIX digits of your SSN which means all but 3. This is insane. The site is so bad that it was marked as a potential phishing site by at least one company.

If you were hacked, they give you a date to come back and sign up for their credit monitoring service with 1 year free. However, the user agreement for signing up for this service includes a binding arbitration clause. This means you can't sue them and you can't join a Class Action suit. You are signing away your rights before you know if you'll have any damages.

Third, credit monitoring is nice and all, but it doesn't PREVENT identity theft. It only tells you about it after the fact.

So what should you do? The following is my opinion only.

1) Don't put your info into the Equifax site. (I did before I knew about Word Press and am very sorry.) Just assume your data was hacked and take the steps you would if it was.

2) Don't sign up for their free credit monitoring service unless they get rid of the binding arbitration clause. Sign up for a free site like Credit Karma instead. Credit Karma sends me an email anytime my credit score changes. (You can also sign up and then write to them within 30 days to opt out of that part. Personally, I don't think it's worth it.)

3) Freeze your credit. Yes, it's a pain and it cost money to both freeze and unfreeze it when you want to apply for cards, but it's the only way to PREVENT identity theft. Everything else just helps you detect it and/or deal with the aftermath. But before you do that, do this:

4) Get an account on the Social Security web site if you haven't already got one. One scam people do when they get your SSN is to sign up for an account in your name and then they can do all sorts of bad things because the SSA thinks they are you. (Do this first because they use Equifax so if your credit is frozen, you can't get your SSA account without paying.)

5) Go to this site and opt out of those unsolicited pre-approved credit and insurance offers. People steal them out of your mailbox and use them to get credit cards in your name. You can opt out for 5 years or permanently.

https://www.optoutprescreen.com/?rf=t

Here are some resources to learn more:

Announcement from Equifax:
https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628

Why this breach is the "worst ever":
https://arstechnica.com/information...ossibly-the-worst-leak-of-personal-info-ever/

What to know before you just do what Equifax tells you:
https://www.washingtonpost.com/news...ebsite/?sw_bypass=true&utm_term=.608b9735284e

How to freeze your credit:
https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

How to opt-out of pre-approved offers:
https://www.optoutprescreen.com/?rf=t

A Class Action suit against Equifax has already been filed:
http://www.prnewswire.com/news-rele...reach-victims-300516335.html?tc=eml_cleartime

 

[Susan1]

I don't see a thread on this and I think it's vitally important that people understand what happened and what their options are. DO NOT JUST SIGN UP FOR EQUIFAX's CREDIT MONITORING SYSTEM WITHOUT READING THIS POST!!

Second, Equifax has set up a site to check if you were impacted. THIS SITE IS A DISASTER in the making. It's a fricking Word Press site! (WP is notorious for its security issues) It has a bad SSL certificate (or did, they may have fixed that part). It asks for the last SIX digits of your SSN which means all but 3. This is insane. The site is so bad that it was marked as a potential phishing site by at least one company.

1) Don't put your info into the Equifax site. (I did before I knew about Word Press and am very sorry.) Just assume your data was hacked and take the steps you would if it was.

4) Get an account on the Social Security web site if you haven't already got one. One scam people do when they get your SSN is to sign up for an account in your name and then they can do all sorts of bad things because the SSA thinks they are you. (Do this first because they use Equifax so if your credit is frozen, you can't get your SSA account without paying.)

5) Go to this site and opt out of those unsolicited pre-approved credit and insurance offers. People steal them out of your mailbox and use them to get credit cards in your name. You can opt out for 5 years or permanently.

https://www.optoutprescreen.com/?rf=t

Help!!! I'm so confused. I went to the Equifax site. They gave me a date next week to come back. So am I o.k. if I don't go back and sign up?

I had or have an SSA account? I haven't checked it for 4-5 years. If my password is outdated, anyone could say that and get in?

I haven't checked my credit score on all three sites for that long either.

I only have a "major credit card" through the bank and Kohl's. And Elder Beerman that I haven't used for years. Do I need to cancel or freeze them or something? Doesn't that mess up your credit score?

I hardly ever get credit card things in the mail. What about Time Warner and stuff like that? I just tear them in half and throw them away. They only have my name and address on it, just like all junk mail.

I don't know what to do - at almost 5:00 on a Friday. Geez. I can't deal with one more thing right now.

Edited - I looked at the optoutpress thing. They want my SS#. How do I know they can be trusted?

 

[GarrAargHrumph]

The Attorney General of NY State has informed Equifax that their "can't sue us" clause is unenforceable, and that it must be taken down.

 

[MacMadame]

Personally I thought that but I'm not a lawyer.

 

[MacMadame]

Help!!! I'm so confused. I went to the Equifax site. They gave me a date next week to come back. So am I o.k. if I don't go back and sign up?

Yes.

I had or have an SSA account? I haven't checked it for 4-5 years. If my password is outdated, anyone could say that and get in?

It should be just like any online site. You have to go through their password retrieval process which usually includes them sending you an email that would go to you and not someone else.

I only have a "major credit card" through the bank and Kohl's. And Elder Beerman that I haven't used for years. Do I need to cancel or freeze them or something? Doesn't that mess up your credit score?

A 'credit freeze' means no one can get your credit report but you. That means 99.9% of companies will not issue you new credit because they want to see your report first.

Most people don't open up new accounts all that often. When you want to open a credit card, buy a car (with a loan) or get a mortgage, you unfreeze your account for 24 hours. (You can do it online.) The company you are getting the credit with will ask for your credit report, get it, give you the credit (or not) and then your account is frozen back up.

I hardly ever get credit card things in the mail. What about Time Warner and stuff like that? I just tear them in half and throw them away. They only have my name and address on it, just like all junk mail.

Thieves are interested in credit cards. Though, in general, you shouldn't throw out your utility bills in the trash because those can be used in identity theft too. We get all that stuff online now anyway.

Edited - I looked at the optoutpress thing. They want my SS#. How do I know they can be trusted?

They are a known business who has been around for years. Of course, they could have a breach too but they aren't a scam site.

 

[Aceon6]

Yup. DH the lawyer says that it's unenforceable in this case. Assuming 44% of Congress is impacted, as will be 22 states Attorneys General, don't expect Equifax to get a lot of government sympathy.

 

[Susan1]

Personally I thought that but I'm not a lawyer.

I haven't checked my credit score on all three sites for that long either.

Serious questions from me earlier!!!!!

And I just went to the Equifax site to see how to freeze my credit. Is it too late? And how would giving Equifax my SS# and stuff to freeze my credit help!!!!!

$5 and a certified letter to each one?? I don't have the money or the strength to do all that!

 

[MacMadame]

I wanted to mention that there is an option besides a credit freeze or credit monitoring. It's a fraud alert. You can put a fraud alert on your accounts instead. It's free. But it only lasts 90 days.

However, if you are trying to decide what to do, you can turn on a fraud alert at one company and theynotifyy the others and you have some protection for 90 days while you decide what to do.

https://www.transunion.com/fraud-victim-resource/place-fraud-alert

 

[MacMadame]

$5 and a certified letter to each one?? I don't have the money or the strength to do all that!

You can do it online.

 

[Susan1]

Yes.


It should be just like any online site. You have to go through their password retrieval process which usually includes them sending you an email that would go to you and not someone else.


A 'credit freeze' means no one can get your credit report but you. That means 99.9% of companies will not issue you new credit because they want to see your report first.

Most people don't open up new accounts all that often. When you want to open a credit card, buy a car (with a loan) or get a mortgage, you unfreeze your account for 24 hours. (You can do it online.) The company you are getting the credit with will ask for your credit report, get it, give you the credit (or not) and then your account is frozen back up.


Thieves are interested in credit cards. Though, in general, you shouldn't throw out your utility bills in the trash because those can be used in identity theft too. We get all that stuff online now anyway.


They are a known business who has been around for years. Of course, they could have a breach too but they aren't a scam site.

I was sending at the same time you were.
I'll try the SSA thing in a minute.
I can't imagine ever buying a car, a house, etc. where someone would need my credit report.
I tear off the part of the utility bill with the info on it and put it in the shred box.

I just saw a new message! It's probably you, but I'm sending now anyway.

 

[BittyBug]

Thanks @MacMadame. I was not aware of the importance of setting up a social security account.

 

[Debbie S]

I just tried to set up a SSA account and it wouldn't let me. I called the help number. Got someone pretty quickly who told me to submit my info again. This time, I got a message that my electronic access was being suspended for 24 hours (prob b/c I tried the sign-up too many times). The woman at SSA asked me if I'd put a freeze on my credit or if I was signed up for a credit monitoring service, b/c that would prevent their system from verifying my identity with a credit bureau (she says they use Experian). I was part of a data breach a few years ago at the university where I got my MBA so I was subscribed to a service along with everyone else in that mess. She said I need to go to a SSA field office with ID (driver's license or passport) to get a special security code and then go back to the website, click on a different box (further down the home page) and then click on the option to set up with the code.

She told me it's not likely anyone else has set up an account in my name, b/c I would have gotten a message that an account was already set up. And then when I thanked her, told me to have a great day. Yeah, sure.

 

[wickedwitch]

I just tried to set up a SSA account and it wouldn't let me. I called the help number. Got someone pretty quickly who told me to submit my info again. This time, I got a message that my electronic access was being suspended for 24 hours (prob b/c I tried the sign-up too many times). The woman at SSA asked me if I'd put a freeze on my credit or if I was signed up for a credit monitoring service, b/c that would prevent their system from verifying my identity with a credit bureau (she says they use Experian). I was part of a data breach a few years ago at the university where I got my MBA so I was subscribed to a service along with everyone else in that mess. She said I need to go to a SSA field office with ID (driver's license or passport) to get a special security code and then go back to the website, click on a different box (further down the home page) and then click on the option to set up with the code.

She told me it's not likely anyone else has set up an account in my name, b/c I would have gotten a message that an account was already set up. And then when I thanked her, told me to have a great day. Yeah, sure.

The exact same thing happened to me.

 

[Susan1]

You can do it online.

That seems kind of dangerous now!

However, if you are trying to decide what to do, you can turn on a fraud alert at one company and theynotifyy the others and you have some protection for 90 days while you decide what to do.

Thank you, thank you, thank you!!!

Just did that. Went through all the signing up and found out I had one already. From my previous address of 10 years ago (I wasn't going to change my user name, which had part of my address in it!!), so I had to go through everything again and change my address and email too. I haven't checked to see if I got an email from them yet. I'm going to do the SSA thing and the opt out thing first and check for all three. I don't leave my email open at home when I am on other sites. Check, clean out, reply, close...........................

My hands were shaking so bad, I couldn't type and the things you can't see while you are typing, I kept messing up, so I had to do them one fingered 90 Days. It didn't specifically say it was free anywhere. Maybe they'll have everything fixed by then. The 7 year one is if you already have an identity theft report.

 

[Susan1]

I just tried to set up a SSA account and it wouldn't let me. I called the help number. Got someone pretty quickly who told me to submit my info again. This time, I got a message that my electronic access was being suspended for 24 hours (prob b/c I tried the sign-up too many times). The woman at SSA asked me if I'd put a freeze on my credit or if I was signed up for a credit monitoring service, b/c that would prevent their system from verifying my identity with a credit bureau (she says they use Experian).

Crap! I just did that backwards. I should have checked the SSA site first and then done the fraud alert thing???????????????? Brain flippity - SSA should know I have an account already. They send me email reminders to check it every October (birthday). I need to lie down now!

 

[Debbie S]

Crap! I just did that backwards. I should have checked the SSA site first and then done the fraud alert thing???????????????? Brain flippity - SSA should know I have an account already. They send me email reminders to check it every October (birthday). I need to lie down now!

If you get e-mail reminders from SSA, then you likely already have an online account so you don't need to set one up.

 

[MacMadame]

For those who find my above advice to be too many steps, this is something you can do right now that is easy:

1) Go to any of the 3 credit bureaus and ask for a fraud alert to be put on your account. Here's a link to Trans Unions:

https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp

2) Get your credit report from all 3 to see if you've already been a victim:

https://www.annualcreditreport.com/index.action

This will protect you while you do the other things and decide if a credit freeze is the way to go for you.

 

[BittyBug]

2) Get your credit report from all 3 to see if you've already been a victim:

https://www.annualcreditreport.com/index.action

Rather than hitting up all three agencies at once, I have seen suggestions to stagger the requests by requesting one from a different agency every four months. Since everyone is entitled to one free report per year from each agency, that approach provides continuous checks at no cost.

 

[Susan1]

If you get e-mail reminders from SSA, then you likely already have an online account so you don't need to set one up.

Yeah, hence the "brain flippity" as I was typing! I knew I had an online account. I have the user name and password right here, but I haven't used it for years, and I was worried that if I tried to use the password and then have to change it, someone else could do the same thing. But MacMadame reminded me they'd have to send it to my email address.

So.............I did the opt out thing too. (I had to close my browser and come back...)

Here's what part of the confirmation says -

Although your request becomes effective with Equifax, Experian, Innovis and TransUnion within five business days of your request, you may not see an immediate reduction in the amount of offers you receive. This is because your name may have already been provided to some companies that have not yet mailed their offers to you. You may continue to receive certain firm offers for several months.


While your name will be removed from the lists that Equifax, Experian, Innovis and TransUnion provide to businesses for the purpose of making you a firm offer of credit or insurance, you may continue to receive offers from sources that do not use Consumer Credit Reporting Companies to compile their lists.

Is doing that going to help then? Is it too late? What about email "offers"? I have to put my email address on everything online. And delete a ton of spam every day without opening it. Am I going to have to open them to see if somebody bought something with my account?

Crap again - is the credit report thing going to mess up when I have to renew Medicaid. I have to send in forms saying nothing has changed and I'm sure they check something somewhere.

I hate whoever did this!!!!! And the jerks who waited till they unloaded their stock and then watched it fall after they admitted what happened and apologized. Geez.

 

[Susan1]

For those who find my above advice to be too many steps, this is something you can do right now that is easy:

1) Go to any of the 3 credit bureaus and ask for a fraud alert to be put on your account. Here's a link to Trans Unions:

https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp

2) Get your credit report from all 3 to see if you've already been a victim:

https://www.annualcreditreport.com/index.action

This will protect you while you do the other things and decide if a credit freeze is the way to go for you.

I'm too flustered to find it now (and there's only one page to look through, half of them my posts!!), but did someone mention Credit Karma? I see the commercials where they get an actual credit score. I never saw those on any of my credit "reports" the last time I got them. When I worked at the mortgage company, we used to order FICO scores that were the three digit numbers. When I re-fied my house, I had an excellent FICO score. Mine will be a lot lower now, because I don't have a mortgage anymore. And I pay everything off on time. The only blip I ever had is when my credit card payment got chopped in half by the post office and they sent half of my check back three weeks later, which was going to make my payment late for the only time ever. (They did waive the late fees when I mailed the half check and envelope and a note with my payment.) Is Credit Karma free?

 

[Meredith]

Thanks for starting this thread, @MacMadame, and for providing links so we can make our decisions a little more intelligently.

 

[BaileyCatts]

What is the Social Security account thing you are talking about? Where do you do that?

 

[Debbie S]

What is the Social Security account thing you are talking about? Where do you do that?

The Social Security Administration website. Click on the mySocial Security box and it will take you through the steps to create an account. Once you do that, you'll receive your annual statements online instead of mail, and i imagine you can also apply for benefits online when it's time.

 

[MacMadame]

https://www.ssa.gov

Rather than hitting up all three agencies at once, I have seen suggestions to stagger the requests by requesting one from a different agency every four months. Since everyone is entitled to one free report per year from each agency, that approach provides continuous checks at no cost.

I've seen that advice too. But right now, knowing our data has been out there over a month and some people already have been victims of identity theft, I'm worried about not checking them all.

Though now that I think of it if one site has it, they probably all do. Most of the time anyway.

 

[Garden Kitty]

Another article with a warning that the one year free credit monitoring may be automatically renewed resulting in charges unless you affirmatively cancel.

 

[Susan1]

Someone from a security firm in this area (I already put the paper in the trash) said people shouldn't panic and do all these things that are being advised to protect yourself now because whoever breached has had all this time to already steal personal data. Yikes. To still monitor things like we should have already been doing, but the damage is probably done. And that people will be at risk for the rest of their lives. Great.