cancel
Showing results for 
Search instead for 
Did you mean: 

Equifax - data breach - 143 million US consumers

Valued Contributor

Re: Equifax - data breach - 143 million US consumers


gamewithrules wrote:

What makes me grumpy as heck is that I never authorized Equifax or any credit agency to possess my personal information. 


Yeah that is what gets me about them wanting you to pay for your credit report.  They make money off of your report and you should have free 24 hour access to the data within it.  It is your data not theirs. If anyone should be paying anyone it is CRAs paying us.

BOA Cash Rewards, AMEX BCE, AMEX PRG, AMEX Ameriprise Platinum, AMEX SPG, CITI AADvantage Platinum, Chase Hyatt, Chase Southwest Premier, Chase Southwest Plus, Barclay Arrival +, Barclay AAdvantage Red Aviator, USAA Prefered Cash Rewards , Cap One Quicksilver, Lendup L card, JCrew, Pottery Barn, Express, NFCU Go Rewards.
Valued Contributor

Re: Equifax - data breach - 143 million US consumers

DH wasn't affected. I was. Arrrgghhh! Just signed up for the free monitoring they are offering. DH can complete his registration on 9/11. I think they want to get the affected people signed up right away. Good thing I watch my credit like a hawk, though. I might put all my reports on ice, though.

Current Scores------ EQ 681; TU 650; EX 687 FICO 08--- Gardening from 09/07/17 until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Valued Contributor

Re: Equifax - data breach - 143 million US consumers


Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.

Current Scores------ EQ 681; TU 650; EX 687 FICO 08--- Gardening from 09/07/17 until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Valued Contributor

Re: Equifax - data breach - 143 million US consumers


gamewithrules wrote:

... and adding gas to the fire, the link they've given out for consumers to check if their info was potentially impacted doesn't do that:

 

https://www.equifaxsecurity2017.com/potential-impact/

 

Clicking the 'Check Potential Impact' button serves a form that asks for last name and last 6 digits of your social security number. When I enter this info and click continue, all I get is a message that says:

 

- - - - - - 

 

Thank You

 

Your enrollment date for TrustedID Premier is:

 

09/13/2017

 

Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return tofaq.trustedidpremier.com and click the link to continue through the enrollment process.

 

- - - - - - 

 

... which doesn't address whether my info has been impacted. The link in the message just serves a general info page. Not cool. 

 


My DH got the same message as you. I got a different message that said I was affected, and I could enroll right away. He has to wait until the 11th.

Current Scores------ EQ 681; TU 650; EX 687 FICO 08--- Gardening from 09/07/17 until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Established Member

Re: Equifax - data breach - 143 million US consumers

Should I freeze experian, Equifax, and Transunion?

New Contributor

Re: Equifax - data breach - 143 million US consumers

If this hapened to any small business there would be a dozen financial institutions refusing to do business with them until they went through a full PCI DSS review.  The worst PCI DSS violation in history and I bet not a single bank stops sending these fools payment card and payment application data full of personally identifiable information.  So baffling.  

Starting June 2017 EQ-629, TU-636, EX-637
Current as of October 2017 EQ-665, TU-691, EX-662
Valued Contributor

Re: Equifax - data breach - 143 million US consumers


Bella007 wrote:

Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.


Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.

 

But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer... Smiley Mad Smiley Mad Smiley Mad



Starting scores: 552 EQ, 570 TU, 558 EX Current scores (9/29/17): 746 EQ 721 TU 719 EX
Valued Contributor

Re: Equifax - data breach - 143 million US consumers

I was not affected with my report already locked.  I'm in the Sept 11th group. 

Starting Score: (8/15) EQ08 592 TU08 572 EX08 600
Current Score: (11/17) EQ08 702TU08 700 EX08 696
I flew for free and it was glorious. Nxt trip, 1st Class overseas. ETA 5/2018. My Butter is in the Freezer till July 2018.
Valued Contributor

Re: Equifax - data breach - 143 million US consumers


DeeBee78 wrote:

Bella007 wrote:

Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.


Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.

 

But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer... Smiley Mad Smiley Mad Smiley Mad


+10000

 

Well said!

Current Scores------ EQ 681; TU 650; EX 687 FICO 08--- Gardening from 09/07/17 until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Established Member

Re: Equifax - data breach - 143 million US consumers

for my wife it said that she was not impacted and it said to click below to complete her enrollment....but for me all it said wad my enrollment date. does that mean I wad possibly impacted?