How to Protect Yourself from the Equifax Breach | Level One Techs

Krebs' Blog Article: https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpst...


This is a companion discussion topic for the original entry at https://level1techs.com/video/how-protect-yourself-equifax-breach
3 Likes

Thank you based wendell, though it does suck that beyond freezing your credit theres nothing else that can really be done

Its times like this that i remember why i dont want any form of credit

3 Likes

Reposting here to make sure everyone saw, if they missed the other thread. They’re taking this as a joke.

Now thats just even more disheartening. Its like stabbing someone then kicking them with a pointy shoe in their… VRM’s seriously what can you even do to protect yourself against THIS particular problem?

have fun buying a house or a new car

1 Like

She probably can. Only 11 countries use the whole credit score nonsense.

She lives in central united states, no

1 Like

Supposedly this has been corrected. At least I was able to set a custom pin anyway.

1 Like

Yeah, in that case it’ll be difficult to avoid indeed.

I really hope so. I haven’t done anything yet, because I wanted things to settle for a week or so before acting. I doubt any of the data will be used until at least tax season coming up.

does not mean i plan too to stay

This is handy easy to follow for how to freeze your credit guide for all three companies:

2 Likes

Were the SS numbers encrypted? Or do the hackers know the numbers?

Experian credit freeze, the online form will cost $5. There is mailing addresses and phone numbers to submit ID theft documents for freezing at no cost.

https://www.experian.com/freeze/center.html#content-01

Trans Union, same thing but you need to make an account. Currently down(ish)

https://www.transunion.com/credit-freeze/place-credit-freeze2

About that ‘has your info been stolen’-website: its only reason for existing is to get people to sign away their right to sue/join CALs, and to force them into arbitration; its dysfunction is by design, because its stated purpose (to provide transparency) is one Equifax could care less about.

While I commend L1T’s coverage of the issue, I’d recommend people to also listen to this interviewee, who has extensive experience making cases against financial fraudsters (from the S&L Crisis): https://www.nakedcapitalism.com/2017/09/bill-black-equifax-data-breach-10-10-scandal.html

About the context:

BILL BLACK: The experts in cybersecurity say on a scale of 1 to 10, where 10 is the worst, that this is a 10, and it’s almost comically bad. It’s another demonstration of our family rule that it’s impossible to compete with unintentional self-parody, and that’s certainly what the executives of Equifax have demonstrated in this scandal.

AARON MATE: How so?

BILL BLACK: First, this is the third major breach in about two years, so they had plenty of warning that their security, cybersecurity, was incompetent, and they obviously didn’t fix it. Second, they now say that the breach began in May and that they didn’t detect it ’til July, while they were, as you said, stealing at least 142 million people’s worth of
data, probably multiple times. Along the way, by the way, they said proudly, “Ah, but there was no breach of our core system.” Before you ever get to the core, 142 million customers are thrown under the bus. God only knows what the core is. Presumably their own personal data is what they consider the core.

Once they did discover, finally, the breach, the very first thing that happened, you mentioned part of it, which is three senior executives sold roughly $2 million-ish in shares, including the chief financial officer, who they’re now claiming wasn’t told of the breach. Now, this would be the number-two person, typically, or number-three person in the entire corporation. If they didn’t tell the senior ranks about the breach, when they discovered one of the largest and most
destructive breaches in history, you know, well, you can choose to believe that. No one else does.

On top of that, there was also an immediate … in the same time period that these senior executives were selling their stock, there was a massive increase in sales of stock options compared to the normal for Equifax, and that almost certainly was again because people had been tipped about what had happened in the breach.

And a few words about what to do:

AARON MATE: Finally, Professor Black, I’m wondering if you can offer us some guidance here on two levels. On a personal level, what you think someone out there should do if they’re concerned about their data being breached, what steps they should take, what they should be concerned about, and also on a broader level, what policy implications that you think this massive data breach has.
BILL BLACK: All right, let me start with the second one, because the danger … you read a publication like “Wired” about this, and it gives you the steps it suggests to take. Maybe 2 percent of the population would do that. We can’t fix this if we put the onus on 142 million Americans to become computer-literate and credit-literate and such. It will never work, so don’t let’s be pushed towards, “Well, you know, you should have taken care of it because, hey, I took care of it, and so screw the other 140 million people that were left unprotected.”

Again, to do that, you’re going to have to actually have regulatory disclosure requirements. You’re going to have to have an office at the federal level that is in charge of investigating these kinds of breaches, like when a plane crashes. Find out what the hell happened, publish it, so that people know and draw generalities in terms of here are the kinds of exposures to look at. Even if you breach a company, they should never be able to come away with the crown jewels as they did at Equifax, much less the crown jewels on 142 million Americans.

Now, beyond that, if you are savvy and such, you can put a hold on your credit rating system if you want. You can do that in these circumstances. You can put a fraud warning on it. You can post those things. Those protections are absolutely minimal, and if you freeze it and your credit would have been improving, then it may hurt you if you
have to turn around and buy a home.

The practical thing you can do is the usual stuff about identity fraud. Look at your statements. If you see things that you haven’t actually purchased, if you see withdrawals from your accounts that you didn’t make, immediately get in touch with the company. The best single thing you can do as a person is to really peruse your statements on a
monthly basis.


And here’s more about the (regulatory) back story, plus a bit about the legal liability:

it’s disingenuous to promote this impression, since if this security breach results in large-scale identity theft, Equifax could become an Arthur Andersen, done in by legal liability. It has a net worth of roughly $3 billion. It is exposed to private and government suits. Class action lawyers are already discussing multi-billion dollar litigation, although a complicating factor is that the best causes of action are likely to be under state law. On the government side, one example is that Equifax violated some states’ data breach notification laws. Vermont, a small state, is contemplating suing on behalf of more than 240,000 citizens, with penalties of up to $10,000 per violation.

@wendell @ 9:40 in the video: yes, these systems weren’t intended to be hooked to the internet; but the fact that they weren’t designed for it decades ago doesn’t explain why they still aren’t, when we’re dozens of (covered-up) scandals down the road. The root issue is that the companies involved have no reason to care about security, because regulatory agencies are captured (via the revolving door, expectations of payoff, and the people who go into politics for either of the two main parties by and large simply do not believe the govt should regulate “successful” businesses), and because not spending money on running the business allows for (more) straight-up looting/self-enrichment by upper mgmt.

that intro and outro music is absolutely awful. No sound at all would be better than this.

I had my identity stolen in 2013 on Easter weekend. Not a very funny thing to go through. However I use Credit Karma and have noticed nothing wrong with my score or the accounts I have open.

This should not have happened. They need to be held accountable.

Meh, I felt that it sounded very “news bulletin-y”. It did fit the kind of content.

PSA: