# Approximately 143 million in the U.S/Canada affected by breach into Equifax



## biffzinker (Sep 8, 2017)

Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, *credit card numbers* for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain *UK and Canadian residents*. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion.

https://www.equifaxsecurity2017.com/

Turns out I'm one of the compromised.



> Based on the information provided, we believe that your personal information may have been impacted by this incident.


----------



## FordGT90Concept (Sep 8, 2017)

Ugh...these credit reporting agencies shouldn't even exist.  They always were an accident waiting to happen and...well...Law of Inevitability.

...gossipers that only exist so those in power can keep the downtrodden down...




> Based on the information provided, we believe that your personal information was not impacted by this incident.


I avoid dealing with the credit reporting agencies like they are the plague...because they are.


----------



## remixedcat (Sep 8, 2017)

Abolish credit. Period. People should not live beyond their means. I never use credit. I'm 32 and still have "insufficient" credit. I prefer to keep it that way. I pay less for stuff bc lack of tacked on interest and Even though my house isn't as nice as most people's it's mine and fully paid off as well as my car. If you need credit to buy a house you need to rethink your life. Save like I do and find land contract places and fix em up. Yeah they might not be the nicest looking places and you'd have to put some work into, however it's more rewarding, you get a more custom house, and no red marks! (unless you get hurt during the rehab process! haha) Don't fall for the pretty house in the best ares where you'll be paying 1.5 million for a 300K house (bc interest and fees and HOA, etc) get a crappy house in a decent area on LC and fix it up and be debt free and you have more money to do stuff with.


----------



## R-T-B (Sep 8, 2017)

remixedcat said:


> Abolish credit. Period. People should not live beyond their means. I never use credit. I'm 32 and still have "insufficient" credit. I prefer to keep it that way. I pay less for stuff bc lack of tacked on interest and Even though my house isn't as nice as most people's it's mine and fully paid off as well as my car. If you need credit to buy a house you need to rethink your life. Save like I do and find land contract places and fix em up. Yeah they might not be the nicest looking places and you'd have to put some work into, however it's more rewarding, you get a more custom house, and no red marks! (unless you get hurt during the rehab process! haha) Don't fall for the pretty house in the best ares where you'll be paying 1.5 million for a 300K house (bc interest and fees and HOA, etc) get a crappy house in a decent area on LC and fix it up and be debt free and you have more money to do stuff with.



I don't agree with "abolish credit" but I agree credit is something pretty stupid to use in any way "beyond ones means," and sadly it's often set up that way.

And somehow I'm affected despite this philosophy.  Yay.


----------



## RCoon (Sep 8, 2017)

Half of the adult American population is affected. Basically if you have any form of credit, you probs got your information stolen.
*Do not use their "have I been bamboozled" website, because it's insecure.* It's using a run of the mill cert provided by the host and is in no way protecting the information you enter on that page. It's basically just another giant target protected by paper mache.


biffzinker said:


> Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion.


Well, they didn't. It took them 5 weeks to inform the correct authorities, and then the CEO and CFO's were allowed to sell their stocks for millions before it was made public knowledge, which I believe is insider knowledge, which is also illegal. They knew they were in the beans and decided to ensure their own financial safety should the company get roshambo'd.

They're also offering 1 years free credit monitoring, which is an empty gesture, since this information is now publicly available to fraudsters forever.


----------



## biffzinker (Sep 8, 2017)

How do you know so much @RCoon ?



RCoon said:


> Well, they didn't. It took them 5 weeks to inform the correct authorities, and then the CEO and CFO's were allowed to sell their stocks for millions before it was made public knowledge


I wondered about the long stretch of time between July 29th, and now announcing the breach. Figured there was more to it.


----------



## RCoon (Sep 8, 2017)

biffzinker said:


> How do you know so much @RCoon ?


https://arstechnica.com/information...ossibly-the-worst-leak-of-personal-info-ever/
As for the illegal insider trading:
http://www.marketwatch.com/story/eq...ata-breach-before-informing-public-2017-09-07


----------



## DRDNA (Sep 8, 2017)

if you think them sites are bad just imagine what happens when they hack the obamacare website that has EVERY SINGLE PERSON IN THE USA IN THAT DATABASE that has every single bit of info on you and everyone is in the database even if they have never had obamacare! I feel it was done on purpose like a one stop shop for hackers!


----------



## EarthDog (Sep 8, 2017)

Im part of the breach. 

How does the obama care site have your info if you didnt sign up????

Also i thought the news said 143 million...how is that half the adults?? US has what 700M people??


----------



## RCoon (Sep 8, 2017)

EarthDog said:


> US has what 700M people??


323million.  Children account for 25% of that number, the rest are adults 19+. Around 240million.


----------



## EarthDog (Sep 8, 2017)

Wooow... 700M... where the hell did i get that from???!!!!


----------



## StrayKAT (Sep 8, 2017)

remixedcat said:


> Abolish credit. Period. People should not live beyond their means. I never use credit. I'm 32 and still have "insufficient" credit. I prefer to keep it that way. I pay less for stuff bc lack of tacked on interest and Even though my house isn't as nice as most people's it's mine and fully paid off as well as my car. If you need credit to buy a house you need to rethink your life. Save like I do and find land contract places and fix em up. Yeah they might not be the nicest looking places and you'd have to put some work into, however it's more rewarding, you get a more custom house, and no red marks! (unless you get hurt during the rehab process! haha) Don't fall for the pretty house in the best ares where you'll be paying 1.5 million for a 300K house (bc interest and fees and HOA, etc) get a crappy house in a decent area on LC and fix it up and be debt free and you have more money to do stuff with.



I agree, and not to get controversial, but this is standard thinking in many belief systems. Much of the world did it once. Medival/Catholic Europe and Islam. It worked....except for their stupid protectionism...but that's another story. I don't think there's ever been free trade AND no usury though. Not sure why.


----------



## FordGT90Concept (Sep 8, 2017)

RCoon said:


> Half of the adult American population is affected. Basically if you have any form of credit, you probs got your information stolen.
> *Do not use their "have I been bamboozled" website, because it's insecure.* It's using a run of the mill cert provided by the host and is in no way protecting the information you enter on that page. It's basically just another giant target protected by paper mache.


It has a USERnet Trust SSL certificate and they're only asking for part of the social and last name.  It's also cross-linked with Equifax itself.  I'd say if you have been compromised, you'd be a fool not to enroll in their protection service.  It should at least expidite cleaning up and stopping any unauthorized transactions.



RCoon said:


> Well, they didn't. It took them 5 weeks to inform the correct authorities, and then the CEO and CFO's were allowed to sell their stocks for millions before it was made public knowledge, which I believe is insider knowledge, which is also illegal. They knew they were in the beans and decided to ensure their own financial safety should the company get roshambo'd.


Hopefully SEC and FTC would investigate if that's the case.  That said, I hope this triggers Congressional inquires into the necessity of these organizations to exist.



RCoon said:


> They're also offering 1 years free credit monitoring, which is an empty gesture, since this information is now publicly available to fraudsters forever.


The important thing is that the accounts get closed or transferred so the information the thieves obtained is no longer relevant.  Doesn't do much good in terms of hiding people's identity (social security #, address, name, etc.) but that can't really be helped anyway in the 21st century.


----------



## Sasqui (Sep 8, 2017)

RCoon said:


> They're also offering 1 years free credit monitoring, which is an empty gesture, since this information is now publicly available to fraudsters forever.



No kidding.  It really is a hollow gesture.  A local bank was a victim of hacking and offered the same thing... what happens after 1 year?

And, should I believe this?


----------



## FordGT90Concept (Sep 8, 2017)

Within one year, you'll probably get your identity exposed by someone else and have different coverage because of that. 

Seriously, there's no pot of gold at the end of this rainbow.  Welcome to the 21st century.


----------



## Vayra86 (Sep 8, 2017)

Inevitable, but that doesn't make it any less horrible.

Over here in NL we can also see leaks raining left and right. Government and business are way, way too late with proper data protection measures, because hey, it costs money and the returns on investment are questionable or hard to quantify. Tin foil hats aren't even in this discussion anymore, it's reality; no less than 10 years ago, I remember 'we' were being laughed at for saying this.

About abolishing credit... can't say I agree, nor can I agree with the statement that 'if you can't live without credit something's wrong'... At the same time, I do believe one should have as little debt as humanly possible, but some expenses just require credit, a house being one of them, or perhaps a car or a study of some sort. But its a fine line that many people don't even know of, especially in the US the stance towards credit and debt is so unhealthy, its unreal and it even echoes from the very bottom of society all the way through government and top-end incomes. But also here, the amount of people that end up in special programs to clear debt is tremendous, the growth is massive year -over-year and in my line of work, I've gotten to speak to more and more people with payment problems over the past years.

In the end both these leaks and the % of population with credit registrations are perfect examples of what's wrong with the world, and its no coincidence that you generally find both of them in the same spot.


----------



## CAPSLOCKSTUCK (Sep 8, 2017)

EarthDog said:


> Wooow... 700M... where the hell did i get that from???!!!!




You made the correct adjustment to allow for illegal immigration.


----------



## dorsetknob (Sep 8, 2017)

EarthDog said:


> Wooow... 700M... where the hell did i get that from???!!!!



Genuine Facebook Statistic


----------



## DRDNA (Sep 8, 2017)

EarthDog said:


> How does the obama care site have your info if you didnt sign up????



Because the Federal Government was kind enough to have it created for you, remember obanger made it mandatory.


----------



## remixedcat (Sep 8, 2017)

What is a good credit monitoring site tho? In case of ID theft... the one my mom used was crap so...


----------



## DRDNA (Sep 8, 2017)

remixedcat said:


> What is a good credit monitoring site tho? In case of ID theft... the one my mom used was crap so...


there are three and you know them and one just had the shit hacked out of them causing a huge problem for millions of people. Which how and why this threaded got started.


----------



## FordGT90Concept (Sep 8, 2017)

remixedcat said:


> What is a good credit monitoring site tho? In case of ID theft... the one my mom used was crap so...


https://www.annualcreditreport.com

Congress forced them to make that site and make it free.  It's the only one I have ever used and doesn't give them anything they don't already know.  Only caveat is that you can only use it once per year.


----------



## Frick (Sep 8, 2017)

biffzinker said:


> https://www.equifaxsecurity2017.com/
> 
> Turns out I'm one of the compromised.




Here's what you agreed to:



> AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.



Likely not upholdable (and I think it'll soon be removed), but still. That is one classy company.

https://arstechnica.com/tech-policy...im-you-must-give-up-right-to-sue-to-find-out/


----------



## FordGT90Concept (Sep 8, 2017)

That won't stand in court if people are damaged by Equifax's negligence.

And yeah, credit reporting agencies are worse than scum.  They will do everything they can to try to weasel out of it.


----------



## R-T-B (Sep 8, 2017)

EarthDog said:


> How does the obama care site have your info if you didnt sign up????



They don't.  It's also a state differentiated insurance market IIRC, meaning per state databases.


----------



## FordGT90Concept (Sep 8, 2017)

Major media outlets have caught wind of Equifax not being...equitable...
[CNN]If you want help from Equifax, there are strings attached
[Reuters]Criticism of Equifax data breach response mounts, shares tumble
[CBSN]Equifax executives sold $1.8 million in stock after breach

Yeah...I think Equifax is done for.  That last one is criminal (securities fraud).  The first two are breach of public trust.


----------



## DRDNA (Sep 8, 2017)

R-T-B said:


> They don't.  It's also a state differentiated insurance market IIRC, meaning per state databases.


Yeah okay believe what you want. I worked several projects on the AHC and when an end user goes to create an account its really more akin to activating the account. I feel very comfortable disagreeing with you. The projects I worked were not just in NY. Every states is pretty similar and that's based on Federal regulations.

Edit: I get 9 weeks vacation a year and I did (Contract work) on four different States AHC during 2 years About 4 weeks in each of the States , 3 were State run a one was Federal and there is next to no difference.


----------



## R-T-B (Sep 8, 2017)

DRDNA said:


> Yeah okay believe what you want. I worked several projects on the AHC and when an end user goes to create an account its really more akin to activating the account. I feel very comfortable disagreeing with you. The projects I worked were not just in NY. Every states is pretty similar and that's based on Federal regulations.
> 
> Edit: I get 9 weeks vacation a year and I did (Contract work) on four different States AHC during 2 years About 4 weeks in each of the States , 3 were State run a one was Federal and there is next to no difference.



I'm really not willing to continue this very political line of discussion.


----------



## DRDNA (Sep 8, 2017)

R-T-B said:


> They don't.  It's also a state differentiated insurance market IIRC, meaning per state databases.





R-T-B said:


> I'm really not willing to continue this very political line of discussion.


Nothing political about it and the market end of it has nothing to do with anything.


----------



## Rehmanpa (Sep 8, 2017)

As someone who has yet to get a credit card (due to US age restrictions), where would I want to look to get one? Seems like I choose the wrong place and then, BAM! My Identity Is stolen. I don't want my identity stolen 

Was this credit place some kind of bank or credit union thing? Also, what on earth are they doing about it and why the hell did they wait so long to tell people?


----------



## R-T-B (Sep 8, 2017)

DRDNA said:


> Nothing political about it and the market end of it has nothing to do with anything.



Fair enough.  Perhaps social media has me paranoid.


----------



## dorsetknob (Sep 8, 2017)

Rehmanpa said:


> Was this credit place some kind of bank or credit union thing?



Information amalgamation and clearing business 
Supposed to be Secure except to those they sell the info too
The information being Customer Details and Credit Rating as established by themselves and others


----------



## DRDNA (Sep 8, 2017)

dorsetknob said:


> Information amalgamation and clearing business
> Supposed to be Secure except to those they sell the info too
> The information being Customer Details and Credit Rating as established by themselves and others


Well put....you been on the study of your friends across the pond?


----------



## dorsetknob (Sep 8, 2017)

DRDNA said:


> Well put....you been on the study of your friends across the pond?


they tend to be multinational
USA acquires info on credit Ratings and worthiness  from all over the world ( often from Subsiderys ) we got those B**T**ds here as well.

ps no she turned her cam off


----------



## biffzinker (Sep 8, 2017)

Rehmanpa said:


> Was this credit place some kind of bank or credit union thing?


Neither of those, say you want to buy a car but don't have enough so while at the dealership you find a car, and contact the sales minion about purchasing car. They check for you about securing a loan with any local or out of state credit union/banks but in order to do such they also contact the three credit reporting agencies to find out your credit score which has an effect on you procuring said loan.

It's one of three big names involved in the breach. There's also Transunion - http://www.transunion.com/, and Experian - https://www.experian.com/

Don't be late on paying your any of your bills say from smartphone carrier or else it will be reported as a negative towards your credit score same for a loan from major bank.


----------



## Rehmanpa (Sep 8, 2017)

biffzinker said:


> Neither of those, say you want to buy a car but don't have enough so while at the dealership you find a car, and contact the sales minion about purchasing car. They check for you about securing a loan with any local or out of state credit union/banks but in order to do such they also contact the three credit reporting agencies to find out your credit score which has an effect on you procuring said loan.
> 
> It's one of three big names involved in the breach. There's also Transunion - http://www.transunion.com/, and Experian - https://www.experian.com/
> 
> Don't be late on paying your any of your bills say from smartphone carrier or else it will be reported as a negative towards your credit score same for a loan from major bank.


Thanks for the explanation. Idk why these people have all this information like that so unsecured. Not to mention it seems quite criminal they waited so long to report on it


----------



## biffzinker (Sep 8, 2017)

Aquinus said:


> As for credit, I needed a new car and a reliable car was only going to be had with a loan because most of us don't have the financial backing to buy something that's 20k outright.


How about that, it wasn't just me that needed the loan for transportation to and from work the main purpose of said debt.


----------



## Aquinus (Sep 8, 2017)

biffzinker said:


> How about that, it wasn't just me that needed the loan for transportation to and from work the main purpose of said debt.


I have a credit card but, I always keep the balance low and pay it off every month. However, my car gets me to my job that pays me money. My one other set of loans are for my degree in computer science which also enables me to earn more money. Those who are smart about it look at it as what kind of return do you get on your investment and if it's worth the total cost of having said loan.


----------



## Divide Overflow (Sep 8, 2017)

What did I win?!


----------



## TheoneandonlyMrK (Sep 9, 2017)

biffzinker said:


> Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
> 
> The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, *credit card numbers* for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain *UK and Canadian residents*. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
> 
> ...


Apparently you need to be careful finding out if you're affected because the terms you sign to find out included signing away your right to sue them.


----------



## biffzinker (Sep 9, 2017)

theoneandonlymrk said:


> Apparently you need to be careful finding out if you're affected because the terms you sign to find out included signing away your right to sue them.


*Update (3:40p ET, 9/8)*: While New York Attorney General Eric Schneiderman said the forced arbitration terms of service are "unenforceable" and should be removed, Equifax has added language to its "FAQs for Consumers" that the arbitration clause in the "Terms of Use" does not apply to "the cybersecurity incident."
https://arstechnica.com/tech-policy...im-you-must-give-up-right-to-sue-to-find-out/
https://arstechnica.com/tech-policy...im-you-must-give-up-right-to-sue-to-find-out/


----------



## Frick (Sep 9, 2017)

Aquinus said:


> As for credit, I needed a new car and a reliable car was only going to be had with a loan because most of us don't have the financial backing to buy something that's 20k outright.



Ideally I'd go to the bank first in that situation.

But car dealers are the literal scum of the earth and they have deep relationships with various entities giving loans so they make less money if you pay the car in cash, therefore it is very hard buying a new car in cash now. At least at a fair price, which in itself is a byzanthian nightmare of a concept.


----------



## FordGT90Concept (Sep 9, 2017)

Rehmanpa said:


> As someone who has yet to get a credit card (due to US age restrictions), where would I want to look to get one? Seems like I choose the wrong place and then, BAM! My Identity Is stolen. I don't want my identity stolen


You'll get offers in the mail when you're eligible and they really never stop coming.  That said, it's like everything else: you have to shop around to find the card that's the best deal for you (interest rate versus reward programs) and also secure (I've had no security problems with Chase).  I think the error most people make is they open too many credit accounts (lots of stores give you a discount if you apply for their card and use it at their store).  It's important to prevent that by choosing a good one then sticking to it.


----------



## R-T-B (Sep 9, 2017)

Frick said:


> which is that you are not too smart.



So if you do not want kids or credit, you are "not too smart?"

Ah, nvm.  It's Frick.


----------



## Rehmanpa (Sep 9, 2017)

Seems like a credit card can be good in case of emergencies, like a small instant loan. That said it's a loan and you always have to pay the balance off immediately/asap.


----------



## FordGT90Concept (Sep 9, 2017)

Recommended, yes, because credit cards usually have a >10% interest rate after the grace period.  It's a line of credit which basically means a bank has authorized you to spend up to that amount of their money on the condition you repay it.  It's more like a perpetual, fluid loan that doesn't end when the balance is zero.

Most traditional loans (automotive, house, education, etc.) have an interest rate below 10%.

Back on topic: the credit rating agencies are informed of and keep record of all credit offered to you.  That includes loans and cards.


----------



## P4-630 (Sep 12, 2017)

*Equifax's credit report monitoring site is also vulnerable to hacking*

http://www.zdnet.com/article/equifax-freeze-your-account-site-is-also-vulnerable-to-hacking/


----------



## bogmali (Sep 12, 2017)

Thread cleansed......Please stay within the scope of the topic.


----------



## lexluthermiester (Oct 22, 2017)

This is an interesting and related article. And I agree.
https://www.wired.com/story/equifax-deserves-the-corporate-death-penalty/


----------



## StrayKAT (Oct 22, 2017)

Dude... that's a huge chunk of the population. 

Not sure why I missed this number before.


----------



## lexluthermiester (Oct 22, 2017)

StrayKAT said:


> Dude... that's a huge chunk of the population. Not sure why I missed this number before.


A little over half. And there are rumblings of information giving indication that the breach of data was not limited to citizens of the USA. Having already been the victim of identity fraud in the past, my advice to everyone stateside is to refuse to give out your SSN or other personal information to anyone who does not have a legal requirement to have it. I'm already a privacy "Guru" of sorts and am well prepared for this. Not everyone is however.

If you are a US citizen, I'd check to see if you might be effected here; https://www.equifaxsecurity2017.com/am-i-impacted/
It's down for an update ATM, but should be back up in a few hours. For everyone who's already checked, you might want to recheck as this update will include more information of those who might/will be affected.


----------



## StrayKAT (Oct 22, 2017)

lexluthermiester said:


> If you are a US citizen, I'd check to see if you might be effected here; https://www.equifaxsecurity2017.com/am-i-impacted/
> It's down for an update ATM, but should be back up in a few hours. For everyone who's already checked, you might want to recheck as this update will include more information of those who might/will be affected.



I don't use credit cards actually.. which is why I sort of ignored this news and missed that large number. I'd be royally pissed off though. I've had ATM Mastercard numbers stolen 4 or 5 times.


----------



## lexluthermiester (Oct 22, 2017)

StrayKAT said:


> I don't use credit cards actually.. which is why I sort of ignored this news and missed that large number. I'd be royally pissed off though. I've had ATM Mastercard numbers stolen 4 or 5 times.


I don't think you understand, it wasn't just credit card numbers stolen. It's EVERYTHING! Your FULL name, every address you've lived at, every phone number you've ever had, every bank account, employment records, your social security number[!!!], EVERYTHING! This data breach is the biggest and most impactful in US history, perhaps[and very likely] world history. The people affected by this includes government and military personnel, leaders of industry etc. etc.. Few over the age of 35 are immune. This one breach has the potential to be the most serious data security problem ever known.


----------



## StrayKAT (Oct 22, 2017)

lexluthermiester said:


> I don't think you understand, it wasn't just credit card numbers stolen. It's EVERYTHING! Your FULL name, every address you've lived at, every phone number you've ever had, every bank account, employment records, your social security number[!!!], EVERYTHING! This data breach is the biggest and most impactful in US history, perhaps[and very likely] world history. The people affected by this includes government and military personnel, leaders of industry etc. etc.. Few over the age of 35 are immune. This one breach has the potential to be the most serious data security problem ever known.



Damn OK. Will look more into it. Thanks.


----------



## lexluthermiester (Oct 22, 2017)

StrayKAT said:


> Damn OK. Will look more into it. Thanks.


No worries. Hope I didn't come off too aggressive. Simply wanted to stress the scope and seriousness of this problem.


----------

