Identity Protection

[btdt22]

None of us open's an account at a credit bureau. The data they have is what they gathered from other institutions like banks, credit card companies, mortgage lenders, medical offices, department stores, etc. It is data that was already 'out-there' but is now being sorted, consolidated and tracked as to payment and transactions. The number of times I have had to give my address, driver's license, birthdate, etc I find mind-boggling.

That said, I will continue to keep my credit information frozen and monitor my transactions on my USAA banking web page. If someone steals a credit card , I know I will get my money back, as this has happened several times before. If the IRS pays the wrong person, that's their payment problem as my refunds are kept as close to zero as possible. While I hope I never suffer identity theft, at my age, I find my health more important, than someone trying to be me. Life is short! Don't waste it in constant 'what-ifs". My two cents and I'm probably overcharging

 

[Sunset]

So let's say my info has been compromised and somebody takes a loan in my name. Am I on the hook for it when I find out?

I think this is how it can play out, but have not had it happen yet.

The collection agencies will think you are responsible for your debts and they will trash your credit score by reporting you are not paying, they will send you letters and phone you constantly.

They or the person/company/bank owed may even sue you in court to get a judgment against you and then seize your assets to pay the judgment.

 

[MichaelB]

So let's say my info has been compromised and somebody takes a loan in my name. Am I on the hook for it when I find out?

No, you're not, but you have to prove you are not, and the process to do so is very cumbersome. Afterwards, the loan record will probably persist and continue to come up. The credit rating agencies are obligated to remove incorrect reports from your credit record, but they often do not. This is one of the top complaints to the CFPB.

 

[Big_Hitter]

won't locked credit prevent a new loan?

 

[Carol1862]

I had all my info frozen for years up until 3 months ago when I was filing for a car loan (didn't take it out though) and I had to unfreeze it. Never re-froze it again. I guess now I have to call the 3 credit bureaus (TransUnion, Experian, Equifax) and have a freeze put back on. Is this correct? Recommended?

 

[Big_Hitter]

I had all my info frozen for years up until 3 months ago when I was filing for a car loan (didn't take it out though) and I had to unfreeze it. Never re-froze it again. I guess now I have to call the 3 credit bureaus (TransUnion, Experian, Equifax) and have a freeze put back on. Is this correct? Recommended?

I unfroze mine last year when I was refinancing my houses. Two weeks later I got an e-mail from the ID protection service that someone tried opening a credit card in my name. I called the CC company and locked my credit again through the service.

so YES, refreeze it

 

[Corporateburnout]

won't locked credit prevent a new loan?

It should but then again we cannot be sure of anything anymore....

 

[Carol1862]

I unfroze mine last year when I was refinancing my houses. Two weeks later I got an e-mail from the ID protection service that someone tried opening a credit card in my name. I called the CC company and locked my credit again through the service.

so YES, refreeze it

Thank you. Looking into it right now.

 

[Carpediem]

Fyi - I just received the following from "TomsGuide" about the Equifax breach and a link to check if you may have been impacted.

https://www.tomsguide.com/us/equifax-breach-check-how-to,news-25804.html

It also allows you to sign up for their "free" monitoring, however, it appears you "may be subject to automatic renewal" (whatever that means).

MEMBERSHIP TERM. Unless terminated earlier pursuant to the terms and conditions of this Agreement, Your Product membership will continue for the period of time specified on TrustedID's website. If You receive the Product as a benefit of enrolling in, or purchasing, third-party products or services, Your Product membership may be terminated pursuant to the terms and conditions of Your agreement with the third party. As specified on the website, Your membership subscription may be subject to automatic renewal. TrustedID may, in its sole discretion, terminate this Agreement (or suspend, terminate, or otherwise restrict Your use of and access to the Product) at any time, without notice.

 

[audreyh1]

won't locked credit prevent a new loan?

Frozen credit should. That is the point of going to the trouble.

 

[audreyh1]

I unfroze mine last year when I was refinancing my houses. Two weeks later I got an e-mail from the ID protection service that someone tried opening a credit card in my name. I called the CC company and locked my credit again through the service.

so YES, refreeze it

You have the option of a temporary unfreeze for such needs.

 

[razztazz]

Thank you. Looking into it right now.

If they hacked essentially everybody's everything I cannot see how they wouldn't be able to unfreeze an account. They have everything they need to be a duplicate "You"

 

[Corporateburnout]

If they hacked essentially everybody's everything I cannot see how they wouldn't be able to unfreeze an account. They have everything they need to be a duplicate "You"

The only way for them to unfreeze your account with Equifax is if they got your pin number. You're still have some protection with the other two bureaus.

I did not hear if they were able to get that information.

 

[savory]

from today's NYT. A few articles about the Equifax breach.

https://www.nytimes.com/section/your-money?emc=edit_my_20170911&nl=your-money&nlid=67857910&te=1

 

[razztazz]

The only way for them to unfreeze your account with Equifax is if they got your pin number. You're still have some protection with the other two bureaus.

I did not hear if they were able to get that information.

Exactly. That's why I say nobody has any reason to think they are safe.

In the military the rule was: If you can't find the code book, conclude that your codes have been compromised. Only now, of course, we cannot get "new codes" without inventing a heretofore never-lived life to take the place of the life we have been living which is now being sold to many on the dark net

 

[audreyh1]

If they hacked essentially everybody's everything I cannot see how they wouldn't be able to unfreeze an account. They have everything they need to be a duplicate "You"

They can't without the PIN that was issued when you froze the account.

There has been no mention of PINs for unfreezing being compromised.

 

[harley]

If they hacked essentially everybody's everything I cannot see how they wouldn't be able to unfreeze an account. They have everything they need to be a duplicate "You"

Just like passwords, pins are/should be kept in an encrypted format. Just getting the database with the pins shouldn't give them the ability to unfreeze your account. They'd need to be able to duplicate the encryption algorithm in order to reverse engineer the pin. They don't have that. So unless Equifax (or whoever) was incredibly stupid enough to store this type of information in plain text, it shouldn't be possible to unfreeze your account. And storing it in plain text would be so egregiously irresponsible that they would be wiped out in the eventual lawsuit.

 

[cathy63]

Just like passwords, pins are/should be kept in an encrypted format. Just getting the database with the pins shouldn't give them the ability to unfreeze your account. They'd need to be able to duplicate the encryption algorithm in order to reverse engineer the pin. They don't have that. So unless Equifax (or whoever) was incredibly stupid enough to store this type of information in plain text, it shouldn't be possible to unfreeze your account. And storing it in plain text would be so egregiously irresponsible that they would be wiped out in the eventual lawsuit.

Encryption can be cracked, it's just a matter of time and CPU cycles; and if hackers were able to download an encrypted database then they have unlimited time to work on decrypting it. Encryption is not a silver bullet. That's why the best practice is to store PINs separately from the data they're protecting. We have no way of knowing whether Equifax uses best practices or whether the PINs were compromised, and I don't trust them to be forthcoming about this. I'm not convinced they even know.

Personally, I think it's likely that since hackers were able to get far enough into the network to steal personal data, then they probably had root or admin access via an exploit or misconfigured security setting and they got the encryption keys for that data as well. I really do not think we'll ever know exactly what was exposed, so it's best to assume that everything was.

 

[savory]

Encryption can be cracked, it's just a matter of time and CPU cycles; and if hackers were able to download an encrypted database then they have unlimited time to work on decrypting it. Encryption is not a silver bullet. That's why the best practice is to store PINs separately from the data they're protecting. We have no way of knowing whether Equifax uses best practices or whether the PINs were compromised, and I don't trust them to be forthcoming about this. I'm not convinced they even know.

Personally, I think it's likely that since hackers were able to get far enough into the network to steal personal data, then they probably had root or admin access via an exploit or misconfigured security setting and they got the encryption keys for that data as well. I really do not think we'll ever know exactly what was exposed, so it's best to assume that everything was.

This is our expectation or the hackers success.

 

[Cobra9777]

Has anyone ever tried to change their SS#? I've read that it's allowed under a specific list of circumstances, one of which is being a victim of identity theft. I had a fraudulent tax return filed using my SS# in 2014 and filed a police report. I think that technically makes me a victim of identity theft, although I doubt it meets the SSA requirement. Anyway, I'm sure there are plenty of downsides to this, but just curious if anyone has done this or thought about it. I bet a new DL number could be obtained as well.

 

[explanade]

The only way for them to unfreeze your account with Equifax is if they got your pin number. You're still have some protection with the other two bureaus.

I did not hear if they were able to get that information.

Turns out Equifax was generating PINs which were basically a date and time stamp.

That is the case with my Equifax freeze, which I've had before.

It will take awhile but Equifax will probably be sued out of existence.

Basically they didn't spend money for the top IT and data security people. They used server software which had known vulnerabilities and didn't promptly patch them.

 

[razztazz]

They can't without the PIN that was issued when you froze the account.

There has been no mention of PINs for unfreezing being compromised.

We have been repeated told in an endless list of situations that a "that" can't happen. But then it does. I used to work with a whole bunch of computer gurus, engineers etc in 1990s' We were talking about that new fangled internet thing. One of the non-computer engineers said he was afraid to "go online" because How does he know somebody out there isn't 'invading' his computer. The Guru Class regaled us with technical reasons why that wasn't possible. I knew it was a case of "Subject Matter Expert Failure." Like doctors telling Louis Pasteur it's evil spirits and divine punishment that causes disease. Two weeks later the new word was "cookie." Shortly after, "spyware later to be called "malware." If anyone has told you "They" can't do something nefarious because "it's protected," you are being lied to.

Yes. No mention of "pins" being lifted. Of course that could mean: They have been and they don't know it yet. They have been and they know it and are stalling waiting for this to drop off the front page.

If they broke in and stole all that data it's bordering on the merely hopeful to think they don't have or won't soon have the pins anyway.

 

[DEC-1982]

Yes. No mention of "pins" being lifted. Of course that could mean: They have been and they don't know it yet. They have been and they know it and are stalling waiting for this to drop off the front page.

I was thinking pretty much the same thing. If they knew of the hack problem and didn't tell the public for many weeks, they may choose not to tell the public about other things like PINs being hacked.

 

[razztazz]

I was thinking pretty much the same thing. If they knew of the hack problem and didn't tell the public for many weeks, they may choose not to tell the public about other things like PINs being hacked.

Ref this. A few years back, I believe, Target said they'd been hacked. It was one of the first super big hack jobs. But the thing was when they came out and said they had been hacked the actual loss of data had happened something like four years prior! So, all the people who started worrying about it had already been living life with their asses run up the flag pole for four years at that time without knowing it.

 

[razztazz]

Just like passwords, pins are/should be kept in an encrypted format. Just getting the database with the pins shouldn't give them the ability to unfreeze your account. They'd need to be able to duplicate the encryption algorithm in order to reverse engineer the pin. They don't have that. So unless Equifax (or whoever) was incredibly stupid enough to store this type of information in plain text, it shouldn't be possible to unfreeze your account. And storing it in plain text would be so egregiously irresponsible that they would be wiped out in the eventual lawsuit.

Lots of wishful thinking there. Lot o' "shoulds". The reality is at this time nobody knows what they did, how they did it, or what their capabilities are.

And storing it in plain text would be so egregiously irresponsible that they would be wiped out in the eventual lawsuit.

In pursuit of The Bottom Line it's a risk they might have been willing to take. They have their protections. You and me? Not so much, as history thus far has proven.