Credit Card Center Advertiser Disclosure

Reply
Established Contributor
Posts: 900
Registered: ‎01-16-2017

Re: Equifax - data breach - 143 million US consumers


gamewithrules wrote:

What makes me grumpy as heck is that I never authorized Equifax or any credit agency to possess my personal information. 


Yeah that is what gets me about them wanting you to pay for your credit report.  They make money off of your report and you should have free 24 hour access to the data within it.  It is your data not theirs. If anyone should be paying anyone it is CRAs paying us.

January 15 2017 Experian 527 Transunion 528 Equifax 529
August 1 2017 Experian 702, Transunion 711, Equifax 715

BOA Cash Rewards, AMEX BCE, AMEX PRG, AMEX Ameriprise Platinum, AMEX SPG, CITI AADvantage Platinum, Chase Southwest Premier, Chase Southwest Plus, Barclay Arrival +, Barclay AAdvantage Red Aviator, USAA Prefered Cash Rewards , Cap One Quicksilver, Lendup L card, JCrew, Pottery Barn, Express, NFCU Go Rewards.. 130k total credit lines.
Valued Contributor
Posts: 1,734
Registered: ‎06-13-2016
0 Kudos

Re: Equifax - data breach - 143 million US consumers

DH wasn't affected. I was. Arrrgghhh! Just signed up for the free monitoring they are offering. DH can complete his registration on 9/11. I think they want to get the affected people signed up right away. Good thing I watch my credit like a hawk, though. I might put all my reports on ice, though.

Current Scores------ EQ 679; TU 653; EX 681 FICO 08---------------- Gardening until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Valued Contributor
Posts: 1,734
Registered: ‎06-13-2016
0 Kudos

Re: Equifax - data breach - 143 million US consumers


Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.

Current Scores------ EQ 679; TU 653; EX 681 FICO 08---------------- Gardening until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Valued Contributor
Posts: 1,734
Registered: ‎06-13-2016
0 Kudos

Re: Equifax - data breach - 143 million US consumers


gamewithrules wrote:

... and adding gas to the fire, the link they've given out for consumers to check if their info was potentially impacted doesn't do that:

 

https://www.equifaxsecurity2017.com/potential-impact/

 

Clicking the 'Check Potential Impact' button serves a form that asks for last name and last 6 digits of your social security number. When I enter this info and click continue, all I get is a message that says:

 

- - - - - - 

 

Thank You

 

Your enrollment date for TrustedID Premier is:

 

09/13/2017

 

Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return tofaq.trustedidpremier.com and click the link to continue through the enrollment process.

 

- - - - - - 

 

... which doesn't address whether my info has been impacted. The link in the message just serves a general info page. Not cool. 

 


My DH got the same message as you. I got a different message that said I was affected, and I could enroll right away. He has to wait until the 11th.

Current Scores------ EQ 679; TU 653; EX 681 FICO 08---------------- Gardening until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Established Member
Posts: 30
Registered: ‎05-14-2017
0 Kudos

Re: Equifax - data breach - 143 million US consumers

Should I freeze experian, Equifax, and Transunion?

Valued Member
Posts: 59
Registered: ‎06-26-2017

Re: Equifax - data breach - 143 million US consumers

[ Edited ]

If this hapened to any small business there would be a dozen financial institutions refusing to do business with them until they went through a full PCI DSS review.  The worst PCI DSS violation in history and I bet not a single bank stops sending these fools payment card and payment application data full of personally identifiable information.  So baffling.  

In the garden as of 8/23/2017. I plan on relaxing here until April, 2018.
Starting June 2017 EQ-629, TU-636, EX-637
Current as of September 2017 EQ-653, TU-674, EX-650
Valued Contributor
Posts: 2,028
Registered: ‎03-03-2015

Re: Equifax - data breach - 143 million US consumers


Bella007 wrote:

Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.


Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.

 

But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer... Smiley Mad Smiley Mad Smiley Mad



Starting scores: 552 EQ, 570 TU, 558 EX Current scores (9/1/17): 727 EQ 748 TU 731 EX
Valued Contributor
Posts: 1,612
Registered: ‎07-22-2015

Re: Equifax - data breach - 143 million US consumers

I was not affected with my report already locked.  I'm in the Sept 11th group. 

Starting Score: (8/15) EQ08 592 TU08 572 EX08 600
Current Score: (8/17) EQ08 690TU08 690 EX08 692
I flew for free and it was glorious. Nxt trip, 1st Class overseas. ETA 5/2018. My Butter is in the Freezer till July 2018.
Valued Contributor
Posts: 1,734
Registered: ‎06-13-2016

Re: Equifax - data breach - 143 million US consumers


DeeBee78 wrote:

Bella007 wrote:

Sevenfeet wrote:

This is pretty awful.  I'm exposed and i imagine that most on this board are too.  As someone who works in IT and has to deal with security measures, my questions are:

 

1.  What was the security breach? (I'm sure they will never discuss details, but I want to know).

2.  How was it discovered?

3.  Why did it take 3+ months to discover?

4.  Did a new patch to close the vulnerability have to be written or did one already exist?  If one existed before, how long was it available from the vendor?

4.  Was the data encrypted?  If not, why not?

5.  Was encrypted or unencrypted data passed to hackers?

 

Data of this type in this day and age needs to be encrpyted with the highest quality encryption available through the entire chain....databases, middleware, reporting systems, webservers, everything.  Databases need to be firewalled behind the middleware and the middleware(s) needs to be firewalled from the webserver (which is exposed to the Internet).  Then forensic software needs to be installed on all levels to check for strange or unauthorized movement of data from place to place and notify 24/7 staff.  Only transactional data can be accessed....no large data dumps without shutting down the link and notifying security. 

 

No system is completely foolproof but Equifax is supposed to have the strongest security regime out there....equivalent to major banks and government agencies.  Anything less is a major breach of trust and a class action lawsuit waiting to happen (I'm sure it's already happening).  As for Equifax executives, this is the kind of thing that gets people fired (just look at what happened at Target).  The initial response seems to be appropriate but there are a lot of unanswered questions.


DH read that three top execs sold stock three days after the hack. Take that with a grain of salt. I haven't looked it up. DH had already read a bunch on it before I got home about 30 minutes ago.


Yeah, for some reason I'm more bothered by the (most likely illegal) insider trading than the breach itself. Data breaches happen all the time, so I've done what I can to limit the amount of informaiton I have out there.

 

But the stock sale? I'm not prepared to just let that go by without a second look by the SEC. We all work hard to grow our money through careful investing, and here are these entitled @sshats being handed stock options, then cashing them out when they know the crap is about to hit the fan. The rich get richer... Smiley Mad Smiley Mad Smiley Mad


+10000

 

Well said!

Current Scores------ EQ 679; TU 653; EX 681 FICO 08---------------- Gardening until "Winter is Over"
Beginning Scores-- EQ 632; TU 576; EX 619 FICO 08 (06/13/16) - BK7 discharged 11/2015

Take the myFICO Fitness Challenge
Established Member
Posts: 30
Registered: ‎05-14-2017

Re: Equifax - data breach - 143 million US consumers

for my wife it said that she was not impacted and it said to click below to complete her enrollment....but for me all it said wad my enrollment date. does that mean I wad possibly impacted?

Forums posts are not provided or commissioned by FICO. Forums posts have not been reviewed, approved or otherwise endorsed by FICO. It is not FICO's responsibility to ensure all posts and/or questions are answered.

† Advertiser Disclosure: The listings that appear on myFICO are from companies from which myFICO receives compensation, which may impact how and where products appear on myFICO (including, for example, the order in which they appear). myFICO does not review or include all companies or all available products.
‡ Credit cards for FICO Score ranges: The score ranges are guidelines based on internal myFICO analysis of actual applicant approvals, and having a FICO Score in a particular range does not guarantee you will be approved for credit cards recommended in that range. These ranges were not provided by any card issuer.

* For complete information, see the terms and conditions on the credit card issuer’s website. Once you click apply for this card, you will be directed to the issuer’s website where you may review the terms and conditions of the card before applying. While myFICO always strives to present the most accurate information, we show a summary to help you choose a product, not the full legal terms - and before applying you should understand the full terms of products as stated by the issuer itself.

Copyright ©2001-2015 Fair Isaac Corporation. All rights reserved.   | Terms of Use | Privacy Policy | Sitemap

IMPORTANT INFORMATION: All FICO® Score products made available on myFICO.com include a FICO® Score 8, along with additional FICO® Score versions. Your lender or insurer may use a different FICO® Score than the versions you receive from myFICO, or another type of credit score altogether. Learn more

FICO, myFICO, Score Watch, The score lenders use, and The Score That Matters are trademarks or registered trademarks of Fair Isaac Corporation. Equifax Credit Report is a trademark of Equifax, Inc. and its affiliated companies. Many factors affect your FICO Score and the interest rates you may receive. Fair Isaac is not a credit repair organization as defined under federal or state law, including the Credit Repair Organizations Act. Fair Isaac does not provide "credit repair" services or advice or assistance regarding "rebuilding" or "improving" your credit record, credit history or credit rating. FTC's website on credit.