No credit card required
Browse credit cards from a variety of issuers to see if there's a better card for you.
@Anonymous wrote:What makes me grumpy as heck is that I never authorized Equifax or any credit agency to possess my personal information.
Yeah that is what gets me about them wanting you to pay for your credit report. They make money off of your report and you should have free 24 hour access to the data within it. It is your data not theirs. If anyone should be paying anyone it is CRAs paying us.
DH wasn't affected. I was. Arrrgghhh! Just signed up for the free monitoring they are offering. DH can complete his registration on 9/11. I think they want to get the affected people signed up right away. Good thing I watch my credit like a hawk, though. I might put all my reports on ice, though.
@Sevenfeet wrote:This is pretty awful. I'm exposed and i imagine that most on this board are too. As someone who works in IT and has to deal with security measures, my questions are:
1. What was the security breach? (I'm sure they will never discuss details, but I want to know).
2. How was it discovered?
3. Why did it take 3+ months to discover?
4. Did a new patch to close the vulnerability have to be written or did one already exist? If one existed before, how long was it available from the vendor?
4. Was the data encrypted? If not, why not?
5. Was encrypted or unencrypted data passed to hackers?
Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything. Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet). Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff. Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security.
No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies. Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening). As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target). The initial response seems to be appropriate but there are a lot of unanswered questions.
DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.
@Anonymous wrote:... and adding gas to the fire, the link they've given out for consumers to check if their info was potentially impacted doesn't do that:
https://www.equifaxsecurity2017.com/potential-impact/
Clicking the 'Check Potential Impact' button serves a form that asks for last name and last 6 digits of your social security number. When I enter this info and click continue, all I get is a message that says:
- - - - - -
Thank You
Your enrollment date for TrustedID Premier is:
09/13/2017
Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return tofaq.trustedidpremier.com and click the link to continue through the enrollment process.
- - - - - -
... which doesn't address whether my info has been impacted. The link in the message just serves a general info page. Not cool.
My DH got the same message as you. I got a different message that said I was affected, and I could enroll right away. He has to wait until the 11th.
Should I freeze experian, Equifax, and Transunion?
If this hapened to any small business there would be a dozen financial institutions refusing to do business with them until they went through a full PCI DSS review. The worst PCI DSS violation in history and I bet not a single bank stops sending these fools payment card and payment application data full of personally identifiable information. So baffling.
@Anonymous wrote:
@Sevenfeet wrote:This is pretty awful. I'm exposed and i imagine that most on this board are too. As someone who works in IT and has to deal with security measures, my questions are:
1. What was the security breach? (I'm sure they will never discuss details, but I want to know).
2. How was it discovered?
3. Why did it take 3+ months to discover?
4. Did a new patch to close the vulnerability have to be written or did one already exist? If one existed before, how long was it available from the vendor?
4. Was the data encrypted? If not, why not?
5. Was encrypted or unencrypted data passed to hackers?
Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything. Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet). Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff. Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security.
No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies. Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening). As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target). The initial response seems to be appropriate but there are a lot of unanswered questions.
DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.
Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.
@But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer...
I was not affected with my report already locked. I'm in the Sept 11th group.
@DeeBee78 wrote:
@Anonymous wrote:
@Sevenfeet wrote:This is pretty awful. I'm exposed and i imagine that most on this board are too. As someone who works in IT and has to deal with security measures, my questions are:
1. What was the security breach? (I'm sure they will never discuss details, but I want to know).
2. How was it discovered?
3. Why did it take 3+ months to discover?
4. Did a new patch to close the vulnerability have to be written or did one already exist? If one existed before, how long was it available from the vendor?
4. Was the data encrypted? If not, why not?
5. Was encrypted or unencrypted data passed to hackers?
Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything. Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet). Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff. Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security.
No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies. Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening). As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target). The initial response seems to be appropriate but there are a lot of unanswered questions.
DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.
Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.
@But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer...
+10000
Well said!
for my wife it said that she was not impacted and it said to click below to complete her enrollment....but for me all it said wad my enrollment date. does that mean I wad possibly impacted?