Looks like Equifax was breached

Blue Collar Guy said:
One DA said "stop waving your arms all over the place when you talk, your distracting them". I told him "are you kidding me? Wake up they are eating out of the palm of my hand, they love me." End of trial: GUILTY.
Click to expand...

You volunteered to be the impartial arbitrator in the other thread and the key witness for the prosecution in this thread. Be careful they may revoke your retiree status. :LOL:
 
ShokWaveRider said:
If you have a credit freeze on all the agency, you should not worry.
Click to expand...

I'm guessing that very few of the 143 million people have their credit frozen. This is going to be chaos for years that will ultimately affect everyone. Plus, even if you are one of the few with a freeze, that won't stop a fraudulent tax return... nor will it stop someone from using this treasure trove of personal information to convince your brokerage's phone rep to reset the password on your login. DW and I have freezes in place, but I still think there's plenty to worry about.
 
I already have credit monitoring from Experian so it seems to me no point in signing up for the Equifax service, right?
 
flintnational said:
Agreed. IIRC, companies can blackout Execs from selling shares in this type of situation. Apparently EFX did not have a blackout in place when these Execs sold. EFX has also issued a statement indicating the Execs did not know. This stuff is to easy to check. And all will be deposed in various lawsuits. Dollars to donuts, the insider trading goes away.

But, lots of other stuff to complain about. And some of it is not going away. Rage on. :D

FN
Click to expand...
I have to agree with you. Those execs would have to be the stupidest morons in the world to try insider trading on this info! Especially for such piddling amounts.
 
Anybody else watching CNN for hurricane coverage today? I swear every other commercial is for something to do with credit protection, identity theft management, etc. I even saw one where they will search "the deep web" once for free (you pay for it after that) to see if your info is out there.
 
samclem said:
But when these companies start having to pay real fines (or try to get in$urance to cover the fine$/monetary damage$), then they'll get serious about protecting data.
Click to expand...



The way I see it customers and shareholders ultimately pay fines. Jailtime might be a better deterrent.

If the Execs sold without knowing of the hack, it's not illegal but it's actually worse as it indicates complete lack of responsibility by top management. It was their job to know.
 
Cobra9777 said:
I'm guessing that very few of the 143 million people have their credit frozen. This is going to be chaos for years that will ultimately affect everyone. Plus, even if you are one of the few with a freeze, that won't stop a fraudulent tax return... nor will it stop someone from using this treasure trove of personal information to convince your brokerage's phone rep to reset the password on your login. DW and I have freezes in place, but I still think there's plenty to worry about.
Click to expand...

I think it can go a long way to preventing these things as the IRS uses credit bureau info to verify identity - if no access due to freeze, no verification - in addition to things like two factor verification with your brokerage account.

It's hard for someone to fraudulently file in your name without having access to prior tax info. It's really tough to get that from the IRS if you have your credit frozen.

My broker doesn't do anything without notifying me by email, and requires two factor - sending me a verification text via my phone - for various sensitive actions and access from an unknown computer, and even from overseas access.
 
Last edited:
audreyh1 said:
I think it can go a long way to preventing these things as the IRS uses credit bureau info to verify identity - if no access due to freeze, no verification...
Click to expand...

I saw you make a similar statement in the credit freeze thread...

audreyh1 said:
...If a user claims they have lost the password, the credit freeze does not allow the bank to use credit bureau info to verify your identity...

...A credit freeze will prevent thieves from accessing your IRS records to commit tax fraud, and SS records if you haven't already set up online accounts with those agencies...

...it will prevent someone from claiming they have lost their password and an agency using credit bureau information from verifying your identity with the credit freeze in place...
Click to expand...

Can you elaborate on this? You seem to be suggesting that access to the credit bureau identity verification questions is blocked with the freeze (e.g., Which of the following 5 cars have you owned in the past?). If so, that's very good information. But I'm quite sure that DW and I have encountered those questions multiple times over the last few years even with our credit records frozen at all 3 bureaus.

Also, in 2014, I had a fraudulent tax return filed using my name, address, and SS#. I had my credit frozen at the time. I don't understand how a credit freeze would prevent that. I don't answer those identity-verification questions to file a return.

Also regarding lost password at a financial institution, if I click on "I forgot my password," I don't ever recall having to answer those questions. Just some personal information (like DOB or SS#) along with answer to a security question. Although it's been many years since I've done this because I use a password manager now. So things may have improved in that regard.
 
Ian S said:
I have to agree with you. Those execs would have to be the stupidest morons in the world to try insider trading on this info! Especially for such piddling amounts.
Click to expand...

Although that could work as a perfect defense and allow one to commit the perfect insider trading crime.
 
Also, according to the LA Times:

In some cases, Equifax says, the security questions and answers used on some websites to verify users’ identity may also have been exposed. Having that information in hand would allow hackers to change their targets’ passwords and other account settings.
Click to expand...
 
Cobra9777 said:
I saw you make a similar statement in the credit freeze thread...



Can you elaborate on this? You seem to be suggesting that access to the credit bureau identity verification questions is blocked with the freeze (e.g., Which of the following 5 cars have you owned in the past?). If so, that's very good information. But I'm quite sure that DW and I have encountered those questions multiple times over the last few years even with our credit records frozen at all 3 bureaus.

Also, in 2014, I had a fraudulent tax return filed using my name, address, and SS#. I had my credit frozen at the time. I don't understand how a credit freeze would prevent that. I don't answer those identity-verification questions to file a return.

Also regarding lost password at a financial institution, if I click on "I forgot my password," I don't ever recall having to answer those questions. Just some personal information (like DOB or SS#) along with answer to a security question. Although it's been many years since I've done this because I use a password manager now. So things may have improved in that regard.
Click to expand...
Lost or reset my password at a financial institution - did you have that password emailed to you? The email connection with your financial institution along with the specific security questions you had to answer are outside the purview of the credit bureaus so won't be impacted by this breach.

Those credit bureau questions are supposed to be blocked if you have a credit freeze. That's the whole point and is what prevents fraudulent opening of new accounts.

There are various ways someone can access info to commit tax fraud: stolen W2s, hacked Turbotax accounts, phishing the victim. If you had already been efiling and had passwords set up, it would be difficult for someone to fraudulently file on your information unless they had specific information about your prior return. But one major vulnerable area was the IRS using credit bureau questions to verify identity and allowing online access to tax records, and my understanding is that freezing your credit blocks that.

Name, address, SS# is not sufficient to eFile a Federal fraudulent tax return, and I don't think it was in 2014 either. You had to have prior year return AGI as well. Something that could only be obtained by someone hacking a online tax return account, hacking a tax preparer, getting a copy of an old return somehow, impersonating you to the IRS. The IRS has cleaned up their act a lot but credit freeze should have blocked the last scenario.
 
Biometrics are coming, folks, solely because they will make everyone perfectly safe.
 
audreyh1 said:
...Those credit bureau questions are supposed to be blocked if you have a credit freeze. That's the whole point and is what prevents fraudulent opening of new accounts...
Click to expand...

I thought the whole point was to prevent access to the credit report required by lenders before issuing a loan. From my experience, the identity-verification questions are not blocked by the freeze. If you have some specific information to the contrary, that would be very good information to have.

Regarding the fraudulent tax return, it was paper-filed with only my name, address, SS#, and a bunch of bogus data (large refund) on Form 1040EZ. It was accepted by the IRS and entered into my records. It wasn't until my own electronic filing was rejected that I became aware of the fraud. So again, the credit freeze did not prevent the fraudulent filing.
 
Cobra9777 said:
I thought the whole point was to prevent access to the credit report required by lenders before issuing a loan. From my experience, the identity-verification questions are not blocked by the freeze. If you have some specific information to the contrary, that would be very good information to have.

Regarding the fraudulent tax return, it was paper-filed with only my name, address, SS#, and a bunch of bogus data (large refund) on Form 1040EZ. It was accepted by the IRS and entered into my records. It wasn't until my own electronic filing was rejected that I became aware of the fraud. So again, the credit freeze did not prevent the fraudulent filing.
Click to expand...

Right, fraudulent paper filing does not require additional info. I think the IRS has gotten better about this and better about handling PINs for folks who have been victims in the past. A lot more fraudulent returns were efiled.

All the articles I've read on Krebs-on-Security indicated that using credit bureau information for identity verification was blocked by a freeze. For example - people reported that they could not open an SS.gov or IRS.gov account without unfreezing credit with a particular bureau. They even mentioned which bureau.
 
Last edited:
GrayHare said:
Unless you're behind a VPN, your IP address is revealed to each site you visit. There are even IP address echo sites that display your address back to you. One is at Current IP Check
Click to expand...

It's a lot more complex than that, for example everyone in a company office building will show the same IP addresses as they all go through the same set of routers. So until you got the logs of the company in question, if they kept them, you couldn't tell which employee went to a site on the outside.

If at home you have a static IP assigned by your provider, then it's easier.

If you have dynamic IP's assigned by your provider which is the common cheapest way then the IP used by me tonight, could be assigned to someone else 2 days from now.

Currently I'm on VPN and just looked up my location from your link, it's pretty funny really:
 

Attachments

  • 2017_09_09_22:45:31_001.png
    2017_09_09_22:45:31_001.png
    96.9 KB · Views: 32
Equifax has updated the advisory.
1). YOU CAN DETERMINE YOUR STATUS IMMEDIATELY
Some consumers who visited the website soon after its launch failed to receive confirmation clarifying whether or not they were potentially impacted. That issue is now resolved, and we encourage those consumers to revisit the site to receive a response that clarifies their status.

2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.
Click to expand...
 
Gumby said:
Someone is going to need expensive lawyers for this.
Click to expand...

Yes. Paid for by the company, not the executives. They may get fired, but will get a 8-figure parachute package. And be hired on to another 8 figure job by the end of the year.
 
Senator said:
Yes. Paid for by the company, not the executives. They may get fired, but will get a 8-figure parachute package. And be hired on to another 8 figure job by the end of the year.
Click to expand...

For exercising stock options? I doubt a company would pay for those legal expenses. I also doubt these individuals would find similar employment elsewhere. Golden parachute? Perhaps, but more often than not, the only real cash incentive open to a departing exec is vested options not yet exercised.

This may indeed be a case of bad timing, but they are plain SOL, and my guess is they will spend at least the entire proceeds from the stock sale on attorney fees.
 
easysurfer said:
The nightly news I was watching said about 50% of the US population got breached.

Haven't checked yet. Well, for me, my SSN already got hacked by the IRS hack a few years ago, so ... I've kinda been through this rodeo before :(.
Click to expand...

On a very small sampling population, I can concur with the 50% number. I was possibly compromised, DW was not.

I signed up for the "free" reporting service. I really don't expect much to come of it.
 
zedd said:
Free monitoring service?! What, proffered by the same folks that allowed the data breach to happen?
Click to expand...

Precisely. Why the data wasn't encrypted infuriates me. Data security 101.

Also, are we sure that the hacker got in through Experian's firewall? I could envision a scenario where one of Experian's "providers" (credit card companies, mortgage lenders, etc.) got hacked and the perp found their way into Experian - the real mother lode.
 
Ian S said:
I have to agree with you. Those execs would have to be the stupidest morons in the world to try insider trading on this info! Especially for such piddling amounts.
Click to expand...

It's amazing what stupid things many dishonest people do. Remember the story of the two guys who broke into a camera store, and took photos of each other with the Poloroid demo camera on the store shelf. Seeing nothing but a weird mess on the ejected photo they departed leaving the developing pictures behind.

I remember a policeman who told me that 'if half the criminals were as stupid as the other half, they would all be in jail'.
 
Trooper said:
Precisely. Why the data wasn't encrypted infuriates me. Data security 101.

Also, are we sure that the hacker got in through Experian's firewall? I could envision a scenario where one of Experian's "providers" (credit card companies, mortgage lenders, etc.) got hacked and the perp found their way into Experian - the real mother lode.
Click to expand...
IME You will find very little data at rest that's actually encrypted! While the technology works it severely limits the access.

The details I saw queries that tested equality were fine. Range queries generated table scans. That's a big deal with tables containing millions and billions of rows.
 
Last edited:
Trooper said:
Precisely. Why the data wasn't encrypted infuriates me. Data security 101.

.
Click to expand...

Most of my data is out in the wild thanks to an insurance company that couldn't be bothered to encrypt my personal data. Now they want me to sign up for their Medicare supplement plan. :nonono:

At the very least they should go on nationwide TV, take a deep bow, apologize to the American People for the damage done to them, and then donate 90% of their total compensation for the last five years to charities and other good causes. Hey, it beats ritual suicide.
 
You must log in or register to reply here.

Similar threads

cbo111
Equifax Data Breach Settlement (Credit Monitoring Instructions and Activation Code
Replies
14
Views
1K
djsander
D
MichaelB
Equifax data breach settlement
4 5 6
Replies
139
Views
14K
aja8888
aja8888
easysurfer
Have You Freezed/Unfreezed Your Credit Yet?
2 3
Replies
60
Views
11K
easysurfer
easysurfer
Chuckanut
  • Locked
Equifax Hacked - Be extra alert
Replies
1
Views
1K
W2R
W2R
R
Fun with Equifax
Replies
10
Views
2K
bUU
bUU

Latest posts

Back
Top Bottom