Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Equifax Data Breach Was an Unconscionable Mistake
I’ve been waiting for someone else to post about Equifax so I could vent my wrath in a comment, but as I haven’t seen much yet, I can no longer contain myself. I cannot believe that a company charged with holding the most sensitive information about us — information that we neither asked for nor wanted to be held on our behalf — has been breached. The information of half of American adults may have been stolen. Bad enough, but they didn’t even bother to tell us about it for over a month. Never mind their executives selling nearly 2 million dollars in stock in the meanwhile. Never mind the anemic apology from their CEO:
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes.”
This is the type of apology we’ve become accustomed to when someone uses an incorrect gender pronoun, not when the lives of 148 million people are potentially wrecked. My cousin lived through identify theft and it is awful. No doubt Mr. Smith has an army of lawyers and admins who will clean up the mess should his identify be stolen. But for the rest of us, it is time taken away from work and family, hours on the phone, loss of the ability to travel and sometimes worse. I have already had to spend $20 freezing my credit. They’ve offered free credit monitoring for a year (did you hear that identify thieves, you have to wait a year!), after which, no doubt, we’ll be stuck automatically with their $29.99 a month service. But even if it were free for the rest of my life, how can we trust their credit monitoring service? So that will be another $300 per year for the mess they created.
I hope Equifax goes down for this. The money will go to the law firms and not to the victims, but right now, I just want blood. God help me, I may even want Elizabeth Warren.
Thank you for letting me vent. It seems churlish to do so with Irma bearing down on Florida. My prayers to all of you in her path.
Published in General
I doubt it. Dave Ramsey is probably impacted as well, since these bureaus have information on anyone who has had a credit check run, regardless of if they have any open credit accounts or not. This includes anyone who has opened a post-paid account such as a cell phone contract, satellite or cable service, or an insurance policy. Also anyone who has ever had a background check run on them is likely to have their information stored in Equifax’s database.
Of course, Dave has a an identity theft specialist from his insurance sponsor standing by to address any identity theft that might happen to him.
Ha! Ha! Ha
They are an appropriately named company that shares fax documents equitably with anyone who wants them…especially when those documents contain very private personal financial information.
Unless the announcement of the data loss were delayed until after the scheduled stock sale.
I agree. Remember that a SSN began as the number of the fake “account” into which the federal government pretends to deposit the funds it collects from our payroll taxes, so how did it morph into some kind of super-password that allows people to open new lines of credit in our names?
It seems to me if there’s a legal/policy remedy here, perhaps we need to shift the burden of proof in cases of “identity theft” away from individuals and towards financial institutions. That is, if a credit card issuer claims you opened a new account and ran up thousands of dollars in charges, they better have iron-clad proof it really was you, saying “well someone filled out an online application with your address and SSN so it must have been you!” shouldn’t cut it. This would force them to take more steps to verify your identity, perhaps even require you to show up in-person at a bank (remember those?) in order to open a new line of credit.
Social Security numbers are a joke…on us. Everyone wants your SS # on their application forms, drivers licenses, etc. I have been refusing to put mine on a form for a number of years now. I always wondered whether that form could end up on the corner of someone’s desk while they are away in the bathroom or on a break. Anyone could walk by and retrieve the number. They are ubiquitous. And yet they are supposed to be our unique Federal ID.
https://www.wired.com/story/how-to-protect-yourself-from-that-massive-equifax-breach/
143 million people have had their major personal data stolen including credit card numbers and social security numbers.
From the above article:
There are some things you can do to protect yourself. Equifax is offering a website—
https://www.equifaxsecurity2017.com/ where you can check whether you are one of the 143 million people whose data have been compromised. (A small number of citizens in the United Kingdom and Canada may also be affected.)
Currently, the website doesn’t give you a simple answer about whether or not your data may have been affected, but it seems to tell you if it wasn’t. Equifax is also offering a year of free credit monitoring and identity theft insurance that you can (and should)
sign up for on that site if you’re a US resident. Of course, if your information could have been compromised in the breach, the hackers may have better luck abusing the leaked data in earnest after the initial one year expires…
SNIP
The company maintains, though, that its core credit reporting databases were unaffected—cold comfort given the scale of the breach that did occur. “It begs the question, if 143 million people could be affected and this does not touch your core, where were you keeping this data?” McGeorge says. “Where does this data live that’s not your core?”
####
I guess I’ll be taking my business elsewhere!
Oh wait….
Look, you’re all just wrong to think this is an outrage. We all rely on Equifax and other companies to share information with banks when it suits us. A lot of us probably pride ourselves on our immaculate credit ratings, which enable us to do apparently simple and easy things like pay by credit card. But Equifax is absolutely critical to the whole process of credit management, which is what keeps it all going. If any of us have never paid for anything by credit card, let him or her throw the first stone.
For the entirety of human history, until the twentieth century, it was extremely difficult for any “ordinary” person to get a loan from a bank. Even being able to prove one had a job with reasonably consistent earnings was not sufficient, because nobody knew who you were, really, and you could run away and avoid paying back the loan.
But now they know who you are, and now we have a system where people can be held much more accountable for their debts. Equifax is a major part of that. It has enabled people to raise huuuge amounts of money over its history, and has doubtless helped more than a few of us — perhaps in ways we don’t like to mention, or are even unaware of.
Spare a thought for Equifax. (But yes, I’m pissed off too; and no I am not an employee or shareholder of Equifax.)
The bottom line is: if your details were on Equifax’s system, you used their service. And you would have had to give permission in such form as “you agree that we may share your information with credit reference agencies [etc.] …”.
Consider that.
And if you want to go back to a world where there is no credit referencing, then God help us all.
This is one of the most galling things whenever these breaches happen: “we screwed you, now let us sell you an additional service.” And i don’t believe for a second that there are no kick-backs taking place for these services.
As for this part:
They claim to have removed that stipulation after the initial announcement, but, still, the idea that they would even try to slip that in is sleazy.
For years we had only three credit agencies that collected, correlated and held all this information on everyone. Whether you liked it or not, even when not seeking credit as such, but instead, buying life insurance or applying to rent an apartment.
Your data was provided to enquiring minds, in the form of a “score” but that did not provide any private information like your Social Security number — which you had already given voluntarily to the party so they could make the inquiry.
But now, thanks to hacking, there are an unlimited number of repositories (some on the “dark” web, others in Russia, or Macedonia if it’s Hillary’s info) for all your most sensitive financial data. Obviously, this disclosure is our own fault for doing things like asking for insurance or an apartment. Right.
Isn’t progress grand?
Not sure what point you’re trying to make. The whole point of Equifax was to make credit referencing data available: we’ve all benefited from that, except a few cave-dwellers. You’re surprised that they had a data breach? Welcome to the 21st Century. When people complain that they want their mortgage (as approved through Equifax) rescinded because of the data breach, I’ll take it seriously.
Rats. I should have read the fine print.
If someone hasn’t mentioned it, don’t go to their “check if I’m affected” site.
Thursday nights, baby!
Hey, now. Even cave-dwellers have mortgages these days.
Why not?
Sorry, forgot about you guys ;-)
(How are you affected by the latest data breach? Knock your flint against the wall and grunt “ugh!” three times to register your discontent…)
I’d recheck it. There’s a post above that indicates that they may have removed the mandatory arbitration provision after complaints.
Me too.
Plus their site for doing that is somewhat insecure. And they ask you for 6 digits of your social. These guys are something else. Who needs russian hackers when you have Equifax?
https://www.axios.com/equifax-security-check-website-strips-users-of-legal-rights-2483000146.html
http://www.foxbusiness.com/politics/2017/09/08/equifax-hack-victims-could-be-disqualifying-themselves-from-class-action-claims-heres-how.html
If this is true, and if it is not related to structured programmatic selling, it sure likes like classic insider trading. People should go to jail. This is likely to stir national rage, unless we’ve all become used to being violated. Sending some execs to jail for insider trading is one thing the government can do.
This is incredibly stupid and reprehensible. I expect they will get calls from their customers (i.e. the businesses that use them) reaming them out for this.
Good thing Og live in cave and never go out.
I can think of a lot of ways to make it inconvenient for all those nice credit card companies to have a peek at my credit report or any other entity out there. Yes, it is nice to have the ability when you want a mortgage to have the finance company have the ability to check on your credit, but I am not sure why it is unfettered. Every time someone takes a peek at my credit I should be notified. There should be levels of how locked down your account is. We could have the “Wild West” level, the one we currently have where I have no say who submits information to the agencies and who can take a look, and then an “Over My Dead Body” level where you better have my permission to look at my account or open credit in my name. I know that is what we have now but it is by default. As a consumer I have no say whatsoever in something as important as this. There should be notifications of everything that goes on with my account if that is the level of information I want. It is like being a taxpayer at the negotiating table between government unions and congress. The people with skin in the game are not a party to the outcome. If I open a credit card account, I should be able to tell the bank whether or not they can report to the credit agencies. If I want better credit score, then maybe I say they can report it, but otherwise forget it. All they need to know is how I behave with their credit card.
I may be part Neanderthal, but do I have high-speed Internet.
Og remember good ole’ days when could buy cave for just two woolly mammoth pelts…
People people people, haven’t you heard? Privacy died at least a decade ago. Heck, you can find out more about someone today from Facebook and LinkedIn alone than was ever dreamt of 50 years ago.
This would indeed be a reasonable level of security that, I hope, everyone could agree with. Unfortunately, this is also an incredibly grand, almost an impossible-seeming vision of the future that I, as a tech-guy, find difficult to foresee in the near future.
The fact is that, the free market be as it will, humans are not that intelligent, and (dare I say it?) programmers are lazy, stupid and incompetent like the rest of us. And hackers are smart, ingenious and devious.
Yes, the possibility is there. But no, you’ll have to wait for it. Yet… absolutely it is possible… given unbeatable retina scans, DNA identification, etc. Until someone fakes that.
There is no sure-fire solution. Welcome to the 21st Century.