[psa] [off] Equifax security breach and credit hacking

[grodog]

In case you've not looked into this yet, it seems like nearly everyone in the USA with a credit card was hacked via the Equifax security breach.

Good summary details in this NYC article, but I'm sure there's other good sources out there too: https://www.nytimes.com/2017/09/08/your ... o-now.html. The FTC official response is at https://www.consumer.ftc.gov/blog/2017/ ... ch-what-do but I've not read through it yet.

If you haven't dug into this yet, you should. The Equifax web form process is simple and quick. From the NYT article:

In the meantime, here’s hoping that this breach is the nudge you need to finally sign up for permanent freezes on your credit files. I’ve used them for years, and here’s how they work. You sign up (and pay some fees, because you knew it wasn’t going to be free to protect data that you didn’t ask these companies to store, right?) at Equifax’s, Experian’s and TransUnion’s websites. Christina Bater, managing director at Barrett Asset Management in New York, suggests freezing your file at the little-known company Innovis, too. Hey, why not?

A credit freeze is different from a fraud alert, though you should also request one of those in the wake of the Equifax breach, for the longest possible time on offer, from Equifax, Experian and TransUnion as well. Once that free alert is in place, potential creditors should contact you for confirmation anytime you (or a thief) tries to open up a new account.

I check one of my credit reports for free every four months at www.annualcreditreport.com. That plus the permanent security freezes are enough to keep me sleeping well at night.

You should be looking into taking additional steps to protect yourself too:

- Set Up a 3-month fraud alert on your credit reports, which should prevent new credit reports going out without my OK, and thus new credit. You set it up with one credit bureau and it'll be at the two others quickly [ https://www.experian.com/fraud/center.html ]
- Set myself a quarterly TODO to to renew that, which I plan to do for the next year, by which time the credit system should have new protections in place to not give out credit based just on the (vast amounts of ) stolen information.
- Made sure that two-factor authentication is present on as many critical systems as possible: financial accounts, email accounts (used to recover passwords to other services), and password services, since black hats may now try to social engineer access to those accounts using the stolen information, but 2FA *may* prevent that access.(I actually had most of this in place already, but I reinvestigated financial accounts, which are grossly behind on this type of security ... but it's not like they're protecting large amounts of money or anything.)
- Put a yearly TODO item to get a free credit report and examine it.
- Take advantage of Equifax's free credit monitoring
- Jump on board all class-action lawsuits against them (and note that the ToS for the Equifax free credit monitoring does not force you to waive your right to participate in a class action lawsuit per http://www.snopes.com/equifax-credit-mo ... ss-action/ )

Allan.

[JCBoney]

Yeah, sounds like a good idea. Thanks for that.

[blackprinceofmuncie]

Setting up a credit freeze costs $10 per credit tracking company (30 if you do all 3), and can be annoying if you are trying to get a car or house loan. But if you don't expect to be getting a new loan or credit card anytime soon, it's a good move if you have been compromised.

[TRP]

It helps that Equifax dropped the BS language about "you agree to arbitration and not sue our asses over this" when signing up with their monitoring partner.

[garhkal]

My question is since it was equifax who GOT hacked, why would anyone set up a credit monitoring system with them???