cancel
Showing results for 
Search instead for 
Did you mean: 

Equifax - data breach - 143 million US consumers

tag
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers


@Anonymous wrote:

What makes me grumpy as heck is that I never authorized Equifax or any credit agency to possess my personal information. 


Yeah that is what gets me about them wanting you to pay for your credit report.  They make money off of your report and you should have free 24 hour access to the data within it.  It is your data not theirs. If anyone should be paying anyone it is CRAs paying us.

Message 51 of 519
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers

DH wasn't affected. I was. Arrrgghhh! Just signed up for the free monitoring they are offering. DH can complete his registration on 9/11. I think they want to get the affected people signed up right away. Good thing I watch my credit like a hawk, though. I might put all my reports on ice, though.

Message 52 of 519
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers


@Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.

Message 53 of 519
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers


@Anonymous wrote:

... and adding gas to the fire, the link they've given out for consumers to check if their info was potentially impacted doesn't do that:

 

https://www.equifaxsecurity2017.com/potential-impact/

 

Clicking the 'Check Potential Impact' button serves a form that asks for last name and last 6 digits of your social security number. When I enter this info and click continue, all I get is a message that says:

 

- - - - - - 

 

Thank You

 

Your enrollment date for TrustedID Premier is:

 

09/13/2017

 

Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return tofaq.trustedidpremier.com and click the link to continue through the enrollment process.

 

- - - - - - 

 

... which doesn't address whether my info has been impacted. The link in the message just serves a general info page. Not cool. 

 


My DH got the same message as you. I got a different message that said I was affected, and I could enroll right away. He has to wait until the 11th.

Message 54 of 519
Manonfire
Regular Contributor

Re: Equifax - data breach - 143 million US consumers

Should I freeze experian, Equifax, and Transunion?

Message 55 of 519
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers

If this hapened to any small business there would be a dozen financial institutions refusing to do business with them until they went through a full PCI DSS review.  The worst PCI DSS violation in history and I bet not a single bank stops sending these fools payment card and payment application data full of personally identifiable information.  So baffling.  

Message 56 of 519
DeeBee78
Valued Contributor

Re: Equifax - data breach - 143 million US consumers


@Anonymous wrote:

@Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.


Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.

 

@But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer... Smiley Mad Smiley Mad Smiley Mad

Message 57 of 519
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers

I was not affected with my report already locked.  I'm in the Sept 11th group. 

Message 58 of 519
Anonymous
Not applicable

Re: Equifax - data breach - 143 million US consumers


@DeeBee78 wrote:

@Anonymous wrote:

@Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.


Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.

 

@But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer... Smiley Mad Smiley Mad Smiley Mad


+10000

 

Well said!

Message 59 of 519
Manonfire
Regular Contributor

Re: Equifax - data breach - 143 million US consumers

for my wife it said that she was not impacted and it said to click below to complete her enrollment....but for me all it said wad my enrollment date. does that mean I wad possibly impacted?

Message 60 of 519
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.