Massive Equifax Data Breach - 140 Million Americans Affected

[SrslySirius]

They got everything. Socials, DL #s, addresses, tons of personal identifying information. This can be used to take out loans in your name and other life-destroying shit.

You can freeze your credit reports indefinitely to lock everything down and prevent anyone from pulling your report. I just went with the less drastic option of submitting a 90-day fraud alert with the reporting agencies, which requires lenders to call you before opening any new accounts.

Setting up a fraud alert with one credit reporting agency automatically applies it to all 3. This took me 5 minutes over the phone: Equifax - 1-888-766-0008

gl everyone

[SrslySirius]

btw, Equifax is trying to trick people into waiving the right to class action lawsuits, so don't sign up for any of their free "identity protection" offers. I also hear that their "hack checker" just spits out random results, so you're better off assuming you've been got.

I also read something about Equifax execs dumping their stock days before the announcement. The breach actually happened a few months ago. It would be nice if someone does time for this, but won't be pinning my hopes on it.

[Brittney Griner's Clit]

lmao bring it on.

[sonatine]

the class action lawsuit part seems to be fake news but im not biting regardless.

also the hackers arent even bothering to ransom the info, they are dumping the full monty on the 15th.

[sonatine]

other fun facts:

they are russian, and this is payback for trumps disloyalty

also they didnt even use a zeroday to pop equifax. the exploit was reported to them ages ago by a security researcher and equifax's response was to tell him to fuck off and ban him from their services.

[SrslySirius]

also the hackers arent even bothering to ransom the info, they are dumping the full monty on the 15th.

This must not be what you're referring to, as it is a ransom demand. Interesting that the dates match though.

Embedded Tweet

https://twitter.com/twt/status/906132690210091008

[sonatine]

they may have totally changed course, but earlier today (i think) a journalist emailed them and they emailed back saying they had no interest in ransoms.

non zero chance someone else popped their email account and is now pressing for payment as well.


also nothing says state-sponsored like not wanting a ransom, some meat on that bone right there.

[Avon Barksdale]

The breach actually happened a few months ago. It would be nice if someone does time for this, but won't be pinning my hopes on it.

Simmer down nerd

[FR1GHT]

btw, Equifax is trying to trick people into waiving the right to class action lawsuits, so don't sign up for any of their free "identity protection" offers. I also hear that their "hack checker" just spits out random results, so you're better off assuming you've been got.

They are offering one year of TrustedID credit monitoring, which they own so they aren't even paying a 3rd party for this protection. They charge around $30/month for this service. The shady part about it is that it if you are affected they give you a future date as your enrollment date for the protection. You don't get an enrollment date reminder email or anything.

Basically, they know that a large majority of the affected population won't take advantage of this, because they will forget or just be too lazy to go and enroll on their specified future date. You should be able to enroll immediately.

I checked yesterday and got this message:

Thank You
Your enrollment date for TrustedID Premier is:
09/13/2017
Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process.

For more information visit the FAQ page.

You really don't even need to pay for or sign up for their credit monitoring. I have a free account with creditkarma.com and they alert me of any changes to my credit report. I also have credit cards that provide this service for free.

[Mintjewlips]

I just saw their "identity protection" commercial literally like 2 hours ago.






Equifax donkdown??

[Dan Druff]

This is indeed pretty bad, but it's important not to panic, and to understand where the real danger lies.

The massive size of this breach actually helps you, if you're one of the victims.

It makes it fairly unlikely that your information will be used to establish phony credit accounts. It's simply a numbers game. If 140 million people's info got stolen, the chance of your info being used is small. They're not going to go out tomorrow and apply for 140 million new credit cards.

Could the data be sold to actual identity thieves? Yes. But again, given the massive amount of victims, you are again unlikely to find yourself impacted.

So where is the real danger?

If this stuff gets dumped on the web somewhere, this could be really, really bad.

Why? Because this leaves you vulnerable to anyone who wants to personally target you.

Let's take our friend SrslySirius here. Let's say he makes a video making fun of me, and I find myself highly insulted and wanting revenge. I can use the data breach to look up all of his info, and either sign up for various credit cards and loans in his name, or simply hand the info over to shady people who do this stuff and will be happy to have a new victim.

Or I could simply use his SSN to call up and turn off his electricity.

Or I could use his SSN to call up his cell provider, impersonate him, reset his online password, and get a full list of everyone he has ever called or texted.

The possibilities are endless.

Given that SSNs and driver's licenses are also used for identity verification on the phone, the possibilities for fucking with someone are endless, and all the info will be right there at everyone's fingertips.

A data dump is honestly what I fear here.

I guess we will have to see what happens.

Regarding credit monitoring, I'm probably going to pass on that offer, at least for now. In a perfect world, when you attempt to establish credit, the bank will call you and make sure it's really you. Unfortunately, that's often not how it works. In many cases, you are flat-out denied on the first attempt to apply, and then you are told if you wan to re-apply, you need to go through a ton of pain-in-the-ass hoops in order to prove you're you.

No thanks.

[Dan Druff]

I'm unclear right now whether the "signing up for monitoring opts you out of any lawsuit" thing is fake news, but either way, it doesn't matter.

A class action suit will net you very little (if anything), given the massive size of the breach. Even if Equifax settled for $1 billion AFTER the attorneys take their cut, each affected American would get about $7.

You might as well not bother giving a thought to any kind of class action windfall coming your way.

[Dan Druff]

Triple post tilt.

You might remember that I said years ago that private data collection companies are our real enemies when it comes to privacy, NOT the government.

When laws such as the Patriot Act are passed, everyone screams, "Omg muh privacy!", while ignoring the real threat coming from private data collection corporations.

I knew that eventually we would face a real issue when it came to either hacking of these companies, misuse of the collected data, or both.

Back in the 1980s, I learned from my days in the phone/computer hacking communities how powerful personal information was. I also learned that, once out there, you can't take information back. Therefore, you need to always be diligent in shielding your information as much as possible, even if it's a pain in the ass.

This is also why I am very wary of cloud-type storage services. Those will be next.

The more that our lives are stored online, the more we will be vulnerable to embarrassing and life-altering hacks.

[simpdog]

If there is a data dump we can get Todd's info and make ourselves moderators on PFA

[Dan Druff]

https://trustedidpremier.com/eligibi...igibility.html

Thank You

Based on the information provided, we believe that your personal information was not impacted by this incident.

Unless the hackcheck thing is really just spitting out nonsense, in which case never mind.

[SrslySirius]

So where is the real danger?

If this stuff gets dumped on the web somewhere, this could be really, really bad.

Maybe that would be the impetus to finally stop using SSNs, which were never designed to be secure or used for identification.

If that data goes public, how can the banks and the rest possibly handle all the ensuing fraud? I'd have to think there's no choice but to come up with a new, secure ID system. And fast.

[Dan Druff]

So where is the real danger?

If this stuff gets dumped on the web somewhere, this could be really, really bad.

Maybe that would be the impetus to finally stop using SSNs, which were never designed to be secure or used for identification.

If that data goes public, how can the banks and the rest possibly handle all the ensuing fraud? I'd have to think there's no choice but to come up with a new, secure ID system. And fast.

I was thinking about that, too. If it gets dumped, this would really be a fraud free-for-all for awhile.

Speaking of SSNs being used differently than intended, I suffered a consequence of that from like 1995-2003.

Around that time, companies checking credit (banks, phone companies, etc) thought they were clever by checking the year of birth of the applicant versus the SSN.

See, each SSN block is associated with both a geographic area and year of issue.

However, there are two problems with doing this. First off, some parents didn't bother getting their kid a social security number until years after they were born (or in some cases, the kid was born elsewhere and came into the US later.)

Second, the database with the years was not completely correct.

In 1971, there was an unexpected decrease in US births. This left the SSN block for 1971 partially unused, and the Social Security Administration decided to avoid "wasting" these numbers by issuing the remainder during the first few months of 1972. If you were born in early 1972 in a state where the birth rate was unexpectedly low in 1971, you got one of these numbers.

Well, I was one of those lucky 1972 babies who received a 1971 social security number.

From 1995-2003, I was repeatedly accused of identity theft, denied credit, denied cell phones, etc. In many cases, I ran into condescending or highly suspicious employees who either said I was scamming or that I simply didn't remember my SSN right. When I tried to explain what was going on (something I only learned after about 2 years of this), most didn't believe me. It was a huge pain in the ass.

Suddenly the problems stopped, as the databases must have been corrected at some point.

[sonatine]

https://trustedidpremier.com/eligibi...igibility.html

Thank You

Based on the information provided, we believe that your personal information was not impacted by this incident.

Unless the hackcheck thing is really just spitting out nonsense, in which case never mind.

majestic:~$ whois trustedidpremier.com
Domain Name: TRUSTEDIDPREMIER.COM
Registry Domain ID: 2157515886_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.amazon.com
Registrar URL: http://registrar.amazon.com
Updated Date: 2017-08-29T04:59:16Z
Creation Date: 2017-08-28T17:25:35Z

[Dan Druff]

https://trustedidpremier.com/eligibi...igibility.html





Unless the hackcheck thing is really just spitting out nonsense, in which case never mind.

majestic:~$ whois trustedidpremier.com
Domain Name: TRUSTEDIDPREMIER.COM
Registry Domain ID: 2157515886_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.amazon.com
Registrar URL: http://registrar.amazon.com
Updated Date: 2017-08-29T04:59:16Z
Creation Date: 2017-08-28T17:25:35Z

In case you're wondering, I got that link by going to this ftc.gov site: https://www.consumer.ftc.gov/blog/20...breach-what-do

... and followed it to the lol equifaxsecurity2017.com site, which looks and feels like a phishing expedition.

[sonatine]

black elephant cock rescinded if that came off the ftc site. i just took one look at the creation date and assumed it was yet another data harvester.