Credit Service Equifax Reports Massive Data Breach: Names, DOBs, Social Security Numbers, And Addresses

CNBC reports:

Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States.

Equifax said it discovered the breach on July 29. “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company said. Shares of Equifax fell more than 5 percent during after-hours trading.

Equifax said exposed data includes names, birth dates, Social Security numbers, addresses and some driver’s license numbers, all of which the company aims to protect for its customers.

The company added that 209,000 U.S. credit card numbers were obtained, in addition to “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”

  • Tulle Christensen

    I long for the days of leased lines

  • Scott Fitler

    Is this going to affect THEIR credit score?

    • clay

      “Shares of Equifax fell more than 5 percent during after-hours trading.”

      Already equal to the percent of US residents [whose credit cards] they compromised. It ought to be compounded to equal how landlords, employers, and lenders use the data.

      • Miji

        Wouldn’t that be more like 40%? Actually if you discounted children and those too poor to have any credit history, that 143 million would be an even bigger percentage.

        • clay

          Yeah, I saw the number of US credit card consumers who also got their CC numbers lifted.

      • SockMikey

        Meanwhile, Bloomberg reported that three senior Equifax executives sold a combined $1.8 million worth of company shares in the four days following the discovery of the breach, before it was made public. None of the trades were pre-scheduled, the news agency noted, citing regulatory filings.

        https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack

        • clay

          so . . . insider information?

          • JulieRPatton

            Google is paying 97$ per hour! Work for few hours and have longer with friends & family!!!
            On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it
            !ql86:
            ➽➽
            ➽➽;➽➽ http://GoogleFinancialJobsCash86HomeAll/GetPay$97/Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★:::::!ql86t..,……..

    • Darrel Cj

      THIS.

    • Todd20036

      Luckily for me I don’t have an identity worth stealing.

      • Scott Carpenter

        This will be the sixth time that I know of that my information has been stolen. My favorite was the OPM hack, since that went so much deeper than anything a credit bureau would have. At this point, hackers probably know more about me than I do.

      • RaygunsGoZap

        You shush

      • wds

        Actually, you do … any info is info that can [“and will”] be used.

      • FAEN

        I doubt that.

      • Grumpy Old Man

        The tax fraud schemes do not care about anything but your name and SS# – they make everything else up. They can make your identity worth even less, sigh.

    • RaygunsGoZap
      • ted-

        WTF! Assholes

      • netxtown

        Pue and simple insider trading. C’mon feds – take ’em down!

  • bkmn

    And this is what we have been made aware of. I expect the news will get worse

  • The_Wretched

    Why weren’t the files encrypted? This is 2017, any company with customer privacy data should keep it encrypted.

    • Cuberly

      Oh come on now, all profits are reserved for the share holders and CEO & sure as fuck aren’t for shoring up security in these challenging times. What are you a commie? /s

    • ben

      Encrypting files on a server is sort of pointless. You could have full disk encryption and there’s still a service running waiting for other pieces in the platform to query it.

      • Bad Tom

        That’s true. Full disk encryption protects you except when the system is powered on.

        • abqdan

          They would need to be encrypting at the file level, and creating trust relationships with the applications/third party vendors allowed to access those files. Whole disk encryption is not useful for data shared across various APIs; it’s more a defense against physical theft.

      • abqdan

        That would be true of a data breach carried out through an existing API. They are saying a ‘web server’ hack was used, which most likely means some access to root. If the files were encrypted, and not accessed through a trusted API, then the hackers would have nothing of value. Of course, we’re all sort of guessing, without seeing the actual code … 🙂

        • John30013

          The article said “U.S. website application” vulnerability, so I’m thinking something along the lines of a SQL injection or privilege escalation vulnerability, allowing the attacker to access data via the web site that they shouldn’t have been able to access.

  • Tulle Christensen

    Don’t some states have laws about quickly notifying people about data breaches within a few days after it happens? They discovered this 6 weeks ago

    • Tatonka

      Yes. Yes they do.

  • Paula

    I signed up for Lifelock in March when my iPad was stolen in Paris. I was going to cancel it, I guess that I’ll keep it a while longer. 🤢🤢🤢🖕🏻🖕🏻🖕🏻🖕🏻🖕🏻🖕🏻Equifax

    • Anastasia Beaverhousen

      They will have to provide you free service.

      • Xiao Ai: The Social Gadfly

        Sure, for about a year. And, with that data, and no freeze on all three reporting agencies they can still open credit under your name. Maybe Lifelock freezes your credit for you through all three agencies though. Without hesitation, I’ll pay for the freeze, and pay each time I want someone to have access. I busted my ass to get my credit back in workable order and don’t want to have to work through that utter hell ever again if it’s avoidable.

    • bkmn

      I avoid lifelock since the CEO is a major GOP donor. I opted to use the monitoring service through Costco and liked who they used to have and have been much less impressed since they changed vendors but they seem to be slowly getting up to speed and catching up with the competition.

  • Xiao Ai: The Social Gadfly

    Jesus Fucking Christ -_-

  • Tread

    Oh for fuck’s sake. Can everyone now understand why these assholes shouldn’t be in charge of our credit ratings?

  • Rebecca Gardner

    You’ve got to be fucking kidding me! Will we be notified if it is our data that was stolen?

    • Anastasia Beaverhousen

      Take this as notification.

      • Miji

        Yes, with 143 million, your odds are much better than Vegas. You could be a winner!

        • Bad Tom

          Or loser. Whatever.
          (Attitude by Equifax.)

    • bkmn

      And will they provide credit monitoring free of charge to those affected? With over a month since the hack the SS#’s and CC #’s are probably already being used by the crooks

      • customartist

        This is the same remedy provided to the residents of South Carolina a few years back. No cost to the company of course

      • netxtown

        Not sure they would be the right people to monitor credit. I mean – they can’t even monitor their won fucking website.

    • Dagoril

      When you go to apply for credit the next time, you’ll find out right away!

    • That_Looks_Delicious

      My experience is that 2 to 3 months after the breach has been made public (which is often months after the breach actually happened), you will get a form letter in the mail from Company X stated that “we value your privacy” and “we are very concerned” and “we are working to blah blah blah.”

      My bank (not Chase) actually issued everybody new debit cards after the Home Depot/Target/JP Morgan Chase data breaches in 2014, even though there wasn’t any indication that my card was compromised, just to be safe.

      • William

        I went to my credit union for a new card after the Home Depot breach. The employee didn’t know a thing about it and said there were no plans to issue everyone new cards. I insisted on a new one. The next day, the CU emailed all members about the data breach and said new cards would be in the mail.

        • customartist

          Comforting, huh?

    • customartist

      Back on July 29th that is/was

    • SockMikey

      To check if you’ve been affected & can receive some free credit reports, yada, yada, yada – these companies should have the BEST security.

      Check if your credit was exposed per Equifax
      https://www.equifaxsecurity2017.com/potential-impact/

      • kelven

        My computer is warning me about the equifax link as an information harvester. If you put your cursor over the link you’ll see it is not going to an equifax file.

  • Mike_in_the_Tundra

    This is bad. If one has any type of credit, it has been reported to Equifax. It was never our decision.

  • clay

    not good

  • Ninja0980

    Guess I’d better check my bank accounts ASAP.

  • That_Looks_Delicious
    • Bryan

      …….AAAANNNNNND IT’S GONNNE! Please move along people this line is for paying customers who have business with the bank ONLY!

  • Lars Littlefield

    Adjacent to this, I’ve been receiving email notifications from Amazon.com acknowledging my recent orders for merchandise and telling me I have to click to confirm the order. The email is always sent to a name that has a first letter the same as my first name followed by my last name. It’s never absolutely accurate. It is a ruse. By clicking the confirm button I would be sending a confirmation from my actual email address associated with my Amazon account. Then all hell would break loose.

    If any of you receive similar e-mails, call Amazon on their toll-free customer line and have them flag your account for possible fraud.

    • SoCalGal20

      Ooh nice! A phishing scam. If you use google email I believe you have the option of reporting those directly to google in you want.

      • Nowhereman

        Yes–you ca’t block them entirely, but I always report unusual emails as phishing ventures. There’s a “LinkedIn” scam, too.

        • vorpal 😼

          I get tons of scam emails claiming to be from Apple as well, to an email address that I don’t use for any of my Apple transactions / registrations.

          You can generally tell immediately by the sender email address or the recipient list, or by looking at the actual URL you’d go to if you clicked on the link in the message.

          • Todd20036

            And you can always call the actual 800 number (not listed on the suspicious email) and ask if there is a problem.

            It’s how I was able to confirm that some attempted contacts about my account were complete fraud

          • William

            I like the phone calls from the “Windows Technical Department”, saying my computer is sending error messages.

            I told one guy that I set my computer on fire and threw it out the window.

          • vorpal 😼

            LOL. I would love one of those, given that I haven’t even used a Windows computer since around 2007.

            I also love the ones you get from banks you don’t use that begin with a vague, “Dear esteemed customer,” or something like that… because clearly the preferred way for a bank to contact a customer about a data breach or some fraudulent account activity is via email. =eyerolls=

          • So many companies want to thank me with free gifts for my orders.

          • vorpal 😼

            Ha! Reminds me of when I got my first Nigerian scam email.

            I sat there reading it multiple times, thinking to myself, “This isn’t spam, since it’s not trying to sell me anything, and it doesn’t seem like phishing, but it’s obviously some type of scam: where the hell does the catch come in?”

            I love the sites where someone chronicles baiting the Nigerian scammers, getting them invested and doing all sorts of ridiculous things.

          • Amazon emailing me on a non-linked account was a dead give way.

          • vorpal 😼

            It always amazes me that people get suckered into those fraudulent emails, but then I think of someone like my grandmother who can barely turn the computer on and access her email and Scrabble, and I can see how the scammers do manage to trick some people.

            Now, that being said, the Nigerian scams are so ridiculously over-the-top that I really can’t see how anyone would fall for one of them.

          • lattebud

            i have made a habit to answer my phone with “Fraud Department.” If I get one of those push 1 to talk to an operator, I turn on some whip cracking or other loud, but distinct, porn, place the phone down and walk away for a few minutes

          • Phillip in L.A.

            Nice! I go with, “Law Office, how may I direct your call?” You’d be surprised how many hang-ups I get! 🙂

          • Bad Tom

            What was the response?
            Prolly

          • Joe in PA

            You would be surprised (maybe not) but a lot of people fall for that. Unbelievable.

          • Grumpy Old Man

            I just laugh at them and say “you are lying, no, no, you are lying” – the guy eventually realizes that he can’t change my script and hangs up.; it took one guy 15 minutes to realize he was not getting through to me. https://uploads.disquscdn.com/images/1335ea68510a30be056533210b42132f067ca5e6202a9cb27c815092a1517833.gif

          • Joe in PA

            I’ve been working on hubs for years to be careful. He is learning fortunately.

            For me the dead giveaway is when the “TO:” field is to themselves. Somewhere I’m in the BCC.

          • Beagle

            Another giveaway — the “FROM:” field is not from the business that’s supposed to be sending the email.

          • Nowhereman

            Once you get on somebody’s list, it never ends. I try to be careful.

          • vorpal 😼

            Agreed, although with Bayesian filtering and other advanced techniques, I’ve been surprised at how great the spam / fraud detection algorithms have gotten. The address that I post publicly to avoid spam at my main accounts is now almost 20 years old (and ha – still a hotmail address), and while about 10 years ago, was always rife with trash, is now properly filtered by Microsoft so well that if I get one spam a day, it’s surprising.

          • Ray Taylor

            I still use hotmail for my main ac. I hardly ever get a spam in my inbox. If I do its usually something about an account i’ve never heard of.

          • Nowhereman

            Hah! My landlords still have Hot Mail. My Gmail account is pretty clean right now–I occasionally get obviously suspicious emails from a guy I exchanged emails with about 10 years ago.

        • ben

          check out the video on youtube made by the guy who created a spam bot to make bulk calls to an Indian call center lol

      • Xiao Ai: The Social Gadfly

        I cut out the middle man and just use Yahoo. 😛

        • Joe in PA

          LOL.

    • Nowhereman

      Thanks for the heads up!

    • bambinoitaliano

      I remember getting those awhile ago. Like any notification that require me to click the link to input my info, I declined. It’s just a different version of Nigeria Prince wanting to give you millions.

    • That_Looks_Delicious

      I cancelled my Amazon account precisely because of worries about stuff like this.

      • Joe in PA

        And give up Amazon Prime? Gasp!

    • Bad Tom

      ALWAYS always always look to see where the links really go.

      It’s also helpful to know the procedures at Amazon, so you instantly know that they never send such emails.

    • customartist

      I have gotten those several times over the last couple of months. CLEARLY they are fraud

  • Cuberly

    So what the fuck are we to do then?

    Do they know where the attack originated from?

  • KevInPDX

    Way to go Equifax! My PPI has been harvested quite a few times (OPM, Chase Bank, Target) now and we were directed to this outfit and other similar ones to monitor our credit histories and information and now these douche bags leave themselves vulnerable and here we go again.

    • safari

      Jimmie Johns, Wendy’s, Home Depot, my University

      At a certain point the local credit union just replaced everyone’s cards.

  • William

    Don’t worry, Equifax will find a way to get people to pay for protection.

    • Xiao Ai: The Social Gadfly

      And the Government will give ’em a pass and say, it’s to protect “all of us”. Especially with Cheeto and the Cheatettes in office.

  • SoCalGal20

    Great. Anybody who does the once a year free credit report thing required to be made available to consumers by law is potentially affected by this along with anybody who has ever applied for any credit. I see a huge class action suit coming.

    • clay

      (anyone who’s applied for a lease, for a job, or for graduate education might also be in the same boat)

      • johncAtl

        Hmmm… in the last two months I have bought a new car; moved into an apartment so I can have my condo remodeled; took out a loan with Home Depot to finance the remodeling; and changed jobs. But I’m not worried because I pay Equifax for their credit monitoring service – OH SHIT!

      • Bryan

        Just had that third problem when SL.gov got finnicky about summer financing. Equifax played a prominent role in getting the matter resolved, I’m probably on both those lists.

  • Todd

    Even though it won’t stop information being stolen from the reporting agencies, the credit freeze is the way to go. Even if someone does get hold of the information, they won’t be able to apply for credit in your name.

    https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

    • Joe in PA

      Thanks for the link…a ton of info to be digested. Always great to be reminded.

      • Todd

        I also have alerts for any charges over $0 on my credit cards and bank account, just so I know if something is going on. That came in handy in late August when I started seeing random $1 and $2 charges on a credit card. I figured someone was “testing” the card number to see if it was good so I locked the card through the bank. Sure enough, about 3 hours later I got an alert that a much larger had been declined due to the card being locked. Someone either stole my card number from the security “experts” at some place like Equifax or lifted the number at one of dozens of places I used it on a road trip the week before.

        • William

          Card skimmers have been found at a bunch of gas pump card readers here. The safest say to pay for gas is inside the store or at the little booth.

          • Joe in PA

            Ugh, I hate dealing with people. 🙂

        • Joe in PA

          We are down to one credit card between us, and no ATM cards. And our checking account is with the same credit union (Pentagon Federal), they do a pretty good job monitoring and call us when they see something unusual. But I like your idea about an email with each credit car use. AND I can keep an eye on Hubby’s spending. 🙂

          Thanks again for the “credit freeze”, I’m pretty sure we are going to do that.

  • Do Something Nice

    They were careless is what happened. Shame on them.

  • Joe in PA

    I can’t remember exactly, but there was a huge data breach with a government agency a while back (I think the VA?)…anyway they provided a “free” Life-Lock-type service. When I went to sign up…they fucking asked every security question you could imagine. I’m supposed to turn over all kinds of sensitive information so this private company could “monitor” for one year. FFS, I don’t think I lasted a minute on that site. I googled and a lot of other people had the same concern. Well duh.

    • safari

      US Office of Personnel Management had a breach of 21+M.

      • Joe in PA

        Good memory, thanks! I remember now that it was anyone that had every applied for a security clearance (and more I suppose), so of course all military people, that’s what made me think VA. Thanks.

      • jerry

        Yes, I was a little shocked with the multiple notifications…as I left Treasury in 1991.

        • safari

          My university had to contact all employees since 1973 and all students since c1991, so I get it.

      • jmax

        My sister works for the CDC and had her SSN used by someone to file their taxes and stole her return. She is sure it was because of that breach. And unsurprisingly, the IRS wasn’t at all helpful.

    • roadtripboy

      South Carolina did something similar when someone breached their income tax records.

  • JWC

    Squirrel Squirrel

  • Lars Littlefield

    I suspect that Pornhub.com is more secure with user information than Equifax.

    • edrex

      god i hope so.

      • That_Looks_Delicious

        LOL.

    • bambinoitaliano

      Josh Duggar disagree with you.

      • crewman

        That wasn’t pornhub. It was ashleymadison.com.

    • Bad Tom

      Customers have only Pornhub’s reputation to guide them. You have to deal with Equifax or one of its two buddies.

  • Mark Née Fuzz

    Dumb shits at Equifax had better keep this in mind when some bad guy takes out loans or opens credit cards in your name.

  • Michael R
  • ben

    Just wait until someone breaches iCloud or ApplePay. It’s coming. People really need to think about whether all of this convenience of apps and IOT devices is worth the risk

    • safari

      I’d rather those than gmail.

      • ben

        oh gmail is coming too.

      • ben
        • safari

          I think my ex was caught in this. Someone bought a $5k bedazzled iPhone and some sewing equipment that were both shipped to a manufacturer because he reused a password with Amazon.

          • safari

            Oh, wait, no, the was an earlier breach.

      • johncAtl

        I guess you prefer to be the consumer rather than the product that is being sold.

        • safari

          I don’t mind being sold only because it is so ubiquitous. Existentially it is terrifying.

          • ben

            Just don’t use a smart phone. that’s a good start 🙂

          • safari

            We’re well beyond that being a safeguard.

          • ben

            still worth doing!

          • Ray Taylor

            At least dont do any banking or bill pay from your phone. I’ve never given my phone any card numbers or bank accts.

          • Ray Taylor

            Just do all that on one computer that I can shut off.

    • canoebum

      I keep nothing in the cloud. No one thing. I unplug my external drive backup whenever it’s not actually writing a new back up. I have one debit card, one credit card. That’s it. I do not own a smartphone nor do I have any intention to acquire one in the future. Saturday is PC hygiene day; all the security scans get run and a new back up is saved. I have OnStar in my car and although I have declined all of their add-on services, I still wonder if they can secretly hear me singing along with my iPod. I sure hope not.

    • That_Looks_Delicious

      E-commerce is the devil.

  • RJ Tremor

    Oh JOY. Guess I better keep an eye on Karma and watch my usual sites for any strange activity. Bluh. I wanted to pay one card off and snip it, now I have good reason.

  • LovesIrony

    the credit bureaus have purchased many congressmen.

  • Ragnar Lothbrok

    Pretty much effects everyone and some pets.

  • JWC

    Now what a fine mess did Russfax hack this to??

  • Ragnar Lothbrok

    Just set everyone’s score to 800 now.

  • safari

    Do we get a handicap on our credit scores because the credit agencies fucked up?

  • Bad Tom

    HILLARY. CLINTON’S. DAMN. EMAIL. SERVER. WAS. NEVER. FUCKING. HACKED.

    Why can’t Equifax have security at least as good?

    • safari

      Tom, you know that modern systems are made of literally millions of man-years of work and operated by humans…

      • Bad Tom

        And I will bet real money that this system breach was due to carelessness. Probably not a ZDF.

        All of the serious breaches documented recently COULD have been prevented.

        • Tread

          Oh, no doubt it’s laziness on the company’s part. CEOs don’t care to understand anything about technology, therefore employ the lowest common denominator when it comes to system security.

          • bambinoitaliano

            More like cost cutting to preserve their bonus.

          • Bad Tom

            Yes, and yes.

          • Bad Tom

            Which translates to lowest cost.

        • ben

          yup – most of these breaches are because of developer stupidity. I remember when Rudy Giuliani’s website was found to have port 22 open to the world and was running a version of wordpress vulnerable to SQL injection lol

          • Bad Tom

            I bet Equifax was running an unpatched database.

          • ben

            Who knows. Maybe someone left their username and password on a sticky note on their monitor at work and someone saw it.

          • safari

            I’d like to think the person bought their target a cocktail or five first.

          • Bad Tom

            See, that’s social engineering at it’s most relaxing.

          • Bad Tom

            The article states it was a DB exploit.
            DB exploits tend to be either SQL injection, directory walks, or CLI injection.

      • Bad Tom

        I’ve seen deployed security appliances with default well known security certificates installed at major credit card issuers. I had to debug them.

        It took a fair amount of screaming from me, a development engineer, to convince them it was a potentially serious vulnerability.

        Until these companies start to pay a price, they won’t change their behavior, and take security seriously.

        • safari

          But Tom, how can they push out the next buggy product if they have to fix the current one?

          • Bad Tom

            Exacto.
            They should be liable.
            Then they would fix the bugs.

          • Bad Tom

            I always attended whenever Larry Ellison gave an address to the employees at Oracle. Some of my colleagues blew them off. I considered that a mistake.

            Ellison once said he didn’t care how many bugs a product had when it shipped, if the customers were happy.

            That’s a good business POV. It’s a lousy security POV.

            And Oracle has good security.

    • ben

      it was a smaller target. this is a site which is known to have sensitive data and it has systems which are internet-facing. it’s not even an apples-to-apples comparison.

      • Bad Tom

        Why did Target’s CIO lose his job?

      • ECarpenter

        Well, except that one of the reasons she and her Republican predecessors used private email servers was that the security on government servers is so bad.

        • ben

          No, they used their own servers because the security on the government email systems was to GOOD. They wanted to be able to access their emails without being on VPN or using two factor authentication.

          http://www.politico.com/magazine/story/2016/09/hillary-clinton-emails-2016-server-state-department-fbi-214307

          The interviews—taken together and reconstructed for this article into the first-ever comprehensive narrative of how her email server scandal unfolded—draw a picture of the controversy quite different from what either side has made it out to be. Together, the documents, technically known as Form 302s, depict less a sinister and carefully calculated effort to avoid transparency than a busy and uninterested executive who shows little comfort with even the basics of technology, working with a small, harried inner circle of aides inside a bureaucracy where the IT and classification systems haven’t caught up with how business is conducted in the digital age. Reading the FBI’s interviews, Clinton’s team hardly seems organized enough to mount any sort of sinister cover-up. There’s scant oversight of the way Clinton communicated, and little thought given to how her files might be preserved for posterity—MacBook laptops with outdated archives are FedExed across the country, cutting-edge iPads are discarded quickly and BlackBerry devices are rejected for being “too heavy” as staff scrambled to cater to Clinton’s whims.

          In Clinton’s early days in office, there were various conversations among Clinton, her team and career State Department officials about her preferences and how to set up communications to aid her. There was a crucial complication: BlackBerrys—the tools that Clinton and her aides had come to rely upon in the Senate and on the campaign trail—weren’t allowed inside Mahogany Row. This section of the State Department was technically considered a “Sensitive Compartmented Information Facility,” government-speak for an eavesdropping-proofed room. The assistant secretary of state for diplomatic security, Eric Boswell, later stated he never received any complaints about Clinton using her personal BlackBerry inside the secure area, but that among the State Department team there was some “general concern” that Clinton’s team might use the BlackBerrys that they’d relied on so heavily during the campaign. His team made clear that the devices were prohibited.

    • Lumpy Gaga

      We’ll be happy to tell you in exchange for your name, address and SS Number…..

  • Ragnar Lothbrok

    Oh oh, Looks like Donnie will need his Credit Score to rebuild :

    https://twitter.com/liamstack/status/905904305122705409

  • Just fucking great…

  • CraigNJ

    “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” translation “Our crappy website developers didn’t know what they were doing and left our files open to whoever wanted them.”

  • CJAS

    Could that CNBC report be any more vague: “could have potentially affected 143 million [of its customers] consumers.

    • Natty Enquirer

      Or maybe not, right? Equifax is quite happy for the cloud of confusion at this point to keep its stock from sliding further. Some lawyers are going to become very, very, very rich in a few years.

      • Do Something Nice

        And it happened in July. If they haven’t notified people, I smell a lawsuit.

  • JustDucky

    So umm… class action lawsuit?

  • Natty Enquirer

    “Hey Herbie, I’ve got a new applicant called ‘1=1; select name, dob, ssn, address, dl from customer.’ What kind of crazy name is that?”

  • Lazycrockett
    • safari

      With it having 175mph winds and expecting to increase back up to its max or higher as it enters warmer waters.

    • Johnny Wyeknot

      And Orlando

    • Tomcat

      That is right on top of me Tuesday. Can’t be any worst than the three tornadoes that hit a few years ago now. Or the blizzard of 93 or the ice storm two years ago or the drought that hit last year. I am sure it will die down by then.

      • Tomcat

        Those Smokey mountains south of me are going to break it’s spirit for sure.

        • johncAtl

          Mountains? There was (at least) one episode of Dexter where they were on the beach in Miami and you could see high cliffs in the background. But hey, the beach in Southern California looks just like the beach in South Florida.

          • Tomcat

            Yeah, the high cliffs of Miami are very hard to find.

  • ben

    it isn’t said enough, so let’s just say it again:

    – Don’t reuse passwords. EVER. Cryptographically, a long password full of english words is more secure than a short more random one containing weird characters. Don’t use a password manager – if their sites are ever breached you are screwed. Change your passwords frequently on sites you care about.

    – Update your software ALWAYS as soon as updates are available. MacOS system updates, Adobe Reader updates, iPhone updates, Windows updates. Immediately as soon as you see them.

    – Encrypt all your devices. On windows the easiest way is BitLocker, on Mac FileVault.

    – Use a VPN all the time. It will hurt your network performance a little, but it’s worth it. Not perfect, but a good step.

    – ENABLE TWO-FACTOR AUTHENTICATION WHENEVER POSSIBLE! Major email platforms support this – google and microsoft among others. Lots of banks as well.

    – Purchase your own router and cable modem and make sure the security settings are good.

    – Try and limit the number of apps or sites you use that permit third-party authentication. Things like “log in through facebook!” If someone gets your facebook account they can access any of those sites if they have a session cookie for facebook under your account.

    • Tomcat

      Or just have your card tell you of any charges over $20.00 immediately and stop worrying.

      • ben

        Won’t help if someone opens up a new account with your information without your knowledge 😉

        • Tomcat

          Best of luck to them. I am old and not going to worry about that.

          • ben

            You should worry. Charging a bunch of stuff on cards they open without your knowledge can cause your interest rates to go up on your mortgage and other cards and have all kinds of bad effects. No matter how old you are, identity theft is no joke.

          • Tomcat

            Who is joking, I just choose not to let criminals control my mind or my life. I still check my credit rating regularly.
            I just don’t worry about it.

  • That_Looks_Delicious

    This website is cool. It graphically represents size and method of hacks year-by-year. You can see that the data breaches really exploded in 2011 and have been growing ever since.

    http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

  • Pip

    It’s not even like we get a choice about them collecting and holding our data, they just get it and hold it and use it.

    The fact that this happened in July and we’re just now hearing about it is ridiculous.

  • JustDucky

    Tech Crunch and Business Insider have both linked to this site to check if your data was stolen:

    https://www.equifaxsecurity2017.com

    You go to “potential impact” and it redirects you to a different page that asks you to enter your name and the last 6 digits of your social security number.

    Anyone know if this is legit?

    Edit – from their site: “In addition to the website, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.”

    So… not sure if their website will even tell you if your name, date of birth, and/or social security number was stolen. It might just be to check to see if your credit card number was swiped.

    • johncAtl

      I went there earlier. It’s linked from the Equifax web site as well. But I stopped when I saw it wanted six digits. Six digits is asking for a little too much given the way SS numbers are assigned.

      • safari

        Do SSNs have a checksum?

        • johncAtl

          No. It’s the historical way the first three digits were assigned that makes having the last six too much info.

          https://en.wikipedia.org/wiki/Social_Security_number#Historical_structure

          • ECarpenter

            Even the last 4 digits are too much in some cases. The rest can be found by location and year the card was issued.

          • Tomcat

            Since the medical field has had your info for your entire life and it is full of minimum wage workers and foreign contract workers that should really make everyone feel like their info has been protected very well./s

          • Natty Enquirer

            I never put my SSN on a patient application. If they insist, I say, “Unless you are going to be paying ME and reporting to the IRS, you don’t need my number.”

          • Phillip in L.A.

            Good idea! SS# is also very useful to a provider trying to collect a judgment against you for non-payment (although I’m sure YOU would never do that….) 😉

        • Tor

          Last week I ran across my Webster’s New Collegiate Dictionary 1973. On the front leaf are my signature and SSN. I was so ignorant then. Maybe I still am. I should tear the page out and shred it, but I don’t want to deface the book.

        • mdub in Puyallup
    • Tomcat

      Nothing is legit anymore. Hacking is the latest state of the art for criminals.

  • Tomcat

    July 29 and they tell us now. Maybe this is why my neighbor has has one of his cards hijacked 2 time in the last month.

  • TheManicMechanic

    In other news, Equifax executives will likely receive bonuses and raises as they blame the lowest rungs of employees for the breach.

  • Jonathan Smith

    when do we start fining these people for breach’s?
    You COULD have secured servers, you DID NOT.

    • safari

      Are you saying there should be a business regulation? How dare you.

      • Jonathan Smith

        don’t know WHAT i was thinking…….

      • William

        Next you’ll be wanting chemical plants in Texas to disclose what things they have on site.

        • Tomcat

          Or allow you to require fire detection and prevention in nursing homes.

        • Joe in PA

          Job killers!

    • Tomcat

      Our military is having problems keeping theirs secured, how can every business keep theirs secure. The internet is going to destroy more in the end than it helps.

  • WarrenHart

    This sounds more like it’s meant for shareholders than consumers.

  • abqdan

    There is ZERO excuse for any company storing this type of information unencrypted. The files should be useless to hackers without the appropriate keys. That major companies continue to experience this type of data loss shows that they DO NOT take data security seriously until their own company is hacked. There response to date includes links to three different domains – there’s very little a consumer can do to verify they are really accessing the Equifax ‘response’ website, rather than some malware site thrown up to capture even more data from worried consumers. This is NOT a lesson in how to respond to such a massive data breach; it is quite the opposite.

  • That_Looks_Delicious
  • djcoastermark

    Equifax Rick says they will offer free identity protection for every US citizen free for a year. After that , what 99.95 per month ? And first off, why would I trust Equifax to safeguard my identity when they seem to have a bit of trouble with safeguarding themselves ?

    • Jefe5084

      should be for life. Many times this stolen information is passed on to (sold) to other countries, it may be years before they start using it.

    • CharlestonDave

      The damage is permanent. Lifelong. One year of “credit monitoring” doesn’t provide much help.

  • bkmn
    • Lumpy Gaga

      They are evil to the core. No accident.

  • That_Looks_Delicious

    OT – I gotta give her credit. That’s a pretty ballsy move sneaking an inmate into the back seat of her car for hot sex. Aaaah, l’amour, l’amour….

    https://twitter.com/thedailybeast/status/905905579826323456

    • -M-

      The shocking part is that the Trump Organization has an ethics lawyer. 😳

      • David Gervais

        Her job was to find legal ways to avoid ethics. /s

  • Lumpy Gaga

    I know this event alone won’t do it, but I want to see this company go down in flames before I die. Like the little girl in that house-on-fire meme.

    Anyway, think you’ve got nothing to worry about because you’ve never given them your information, applied for a credit card, or gotten a credit report? Wrong. If you’ve ever had a short outpatient procedure, they (or one of their two big competitors) probably performed a complete data collection on you on behalf of the medical service providers.

    Who want to make sure there isn’t medical identity theft going on with the person showing up for services at their door. LOLz.

    Years and years later, I decided to take advantage of my free Obama Credit Report rights, and of the three companies, they were the only ones with information wrong – wrong in a completely inorganic, unnatural “we MADE this wrong” way so that one would feel compelled to “take this opportunity to correct any information” on the included form.

    Die. Just die.

  • Michael R

    someone probably already posted this but …

    Equifax executives dumped $1.8M in stocks before news of their hack went public

    http://www.rawstory.com/2017/09/equifax-executives-dumped-1-8m-in-stocks-before-news-of-their-hack-went-public-report/

    • Tempus Fuggit

      The purest coincidence, I’m sure.

  • ArchiLaw

    I guess he couldn’t find a tie.

    • SDG

      It’s to make him look humble, and less corporate, nothing is EVER by accident!

  • Tom000

    “…names, birth dates, Social Security numbers, addresses…”

    All you need to open a NEW account in someone else’s name. You just use a different address for the new account until the credit is cut off, then bye-bye. The person associated with that social security number will find it almost impossible to prove it wasn’t them.

  • Jack

    Like we’re customers.

  • leastyebejudged

    Foreign governments have our personal information and OUR government is incompetent.

  • JCF

    Is it FINALLY time for

    “From each, according to their abilities.
    To each, according to their needs”

    ????