MacMadame
Doing all the things
- Messages
- 58,852
I don't see a thread on this and I think it's vitally important that people understand what happened and what their options are. DO NOT JUST SIGN UP FOR EQUIFAX's CREDIT MONITORING SYSTEM WITHOUT READING THIS POST!!
First, if you didn't hear about this, the credit firm Equifax had a data breach and 143-144 million customer's data was stolen. It's 44% of all people in the US but it's more if you don't count kids and people who don't have a credit report. It's more than half of adults with credit.
They stole pretty much every thing. Name, addresses, SSNs, birth dates... everything needed to steal your identity.
Not only that, but they took SIX WEEKS to announce it. In the meantime, 3 executives sold off a bunch of their stock (on the same day?). Equifax says those execs didn't know. If true, this means their internal operations are completely screwed up. If not true, that's insider trading.
Second, Equifax has set up a site to check if you were impacted. THIS SITE IS A DISASTER in the making. It's a fricking Word Press site! (WP is notorious for its security issues) It has a bad SSL certificate (or did, they may have fixed that part). It asks for the last SIX digits of your SSN which means all but 3. This is insane. The site is so bad that it was marked as a potential phishing site by at least one company.
If you were hacked, they give you a date to come back and sign up for their credit monitoring service with 1 year free. However, the user agreement for signing up for this service includes a binding arbitration clause. This means you can't sue them and you can't join a Class Action suit. You are signing away your rights before you know if you'll have any damages.
Third, credit monitoring is nice and all, but it doesn't PREVENT identity theft. It only tells you about it after the fact.
So what should you do? The following is my opinion only.
1) Don't put your info into the Equifax site. (I did before I knew about Word Press and am very sorry.) Just assume your data was hacked and take the steps you would if it was.
2) Don't sign up for their free credit monitoring service unless they get rid of the binding arbitration clause. Sign up for a free site like Credit Karma instead. Credit Karma sends me an email anytime my credit score changes. (You can also sign up and then write to them within 30 days to opt out of that part. Personally, I don't think it's worth it.)
3) Freeze your credit. Yes, it's a pain and it cost money to both freeze and unfreeze it when you want to apply for cards, but it's the only way to PREVENT identity theft. Everything else just helps you detect it and/or deal with the aftermath. But before you do that, do this:
4) Get an account on the Social Security web site if you haven't already got one. One scam people do when they get your SSN is to sign up for an account in your name and then they can do all sorts of bad things because the SSA thinks they are you. (Do this first because they use Equifax so if your credit is frozen, you can't get your SSA account without paying.)
5) Go to this site and opt out of those unsolicited pre-approved credit and insurance offers. People steal them out of your mailbox and use them to get credit cards in your name. You can opt out for 5 years or permanently.
https://www.optoutprescreen.com/?rf=t
Here are some resources to learn more:
Announcement from Equifax:
https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628
Why this breach is the "worst ever":
https://arstechnica.com/information...ossibly-the-worst-leak-of-personal-info-ever/
What to know before you just do what Equifax tells you:
https://www.washingtonpost.com/news...ebsite/?sw_bypass=true&utm_term=.608b9735284e
How to freeze your credit:
https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
How to opt-out of pre-approved offers:
https://www.optoutprescreen.com/?rf=t
A Class Action suit against Equifax has already been filed:
http://www.prnewswire.com/news-rele...reach-victims-300516335.html?tc=eml_cleartime
First, if you didn't hear about this, the credit firm Equifax had a data breach and 143-144 million customer's data was stolen. It's 44% of all people in the US but it's more if you don't count kids and people who don't have a credit report. It's more than half of adults with credit.
They stole pretty much every thing. Name, addresses, SSNs, birth dates... everything needed to steal your identity.
Not only that, but they took SIX WEEKS to announce it. In the meantime, 3 executives sold off a bunch of their stock (on the same day?). Equifax says those execs didn't know. If true, this means their internal operations are completely screwed up. If not true, that's insider trading.
Second, Equifax has set up a site to check if you were impacted. THIS SITE IS A DISASTER in the making. It's a fricking Word Press site! (WP is notorious for its security issues) It has a bad SSL certificate (or did, they may have fixed that part). It asks for the last SIX digits of your SSN which means all but 3. This is insane. The site is so bad that it was marked as a potential phishing site by at least one company.
If you were hacked, they give you a date to come back and sign up for their credit monitoring service with 1 year free. However, the user agreement for signing up for this service includes a binding arbitration clause. This means you can't sue them and you can't join a Class Action suit. You are signing away your rights before you know if you'll have any damages.
Third, credit monitoring is nice and all, but it doesn't PREVENT identity theft. It only tells you about it after the fact.
So what should you do? The following is my opinion only.
1) Don't put your info into the Equifax site. (I did before I knew about Word Press and am very sorry.) Just assume your data was hacked and take the steps you would if it was.
2) Don't sign up for their free credit monitoring service unless they get rid of the binding arbitration clause. Sign up for a free site like Credit Karma instead. Credit Karma sends me an email anytime my credit score changes. (You can also sign up and then write to them within 30 days to opt out of that part. Personally, I don't think it's worth it.)
3) Freeze your credit. Yes, it's a pain and it cost money to both freeze and unfreeze it when you want to apply for cards, but it's the only way to PREVENT identity theft. Everything else just helps you detect it and/or deal with the aftermath. But before you do that, do this:
4) Get an account on the Social Security web site if you haven't already got one. One scam people do when they get your SSN is to sign up for an account in your name and then they can do all sorts of bad things because the SSA thinks they are you. (Do this first because they use Equifax so if your credit is frozen, you can't get your SSA account without paying.)
5) Go to this site and opt out of those unsolicited pre-approved credit and insurance offers. People steal them out of your mailbox and use them to get credit cards in your name. You can opt out for 5 years or permanently.
https://www.optoutprescreen.com/?rf=t
Here are some resources to learn more:
Announcement from Equifax:
https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628
Why this breach is the "worst ever":
https://arstechnica.com/information...ossibly-the-worst-leak-of-personal-info-ever/
What to know before you just do what Equifax tells you:
https://www.washingtonpost.com/news...ebsite/?sw_bypass=true&utm_term=.608b9735284e
How to freeze your credit:
https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
How to opt-out of pre-approved offers:
https://www.optoutprescreen.com/?rf=t
A Class Action suit against Equifax has already been filed:
http://www.prnewswire.com/news-rele...reach-victims-300516335.html?tc=eml_cleartime