3
   

Equifax

 
 
gollum
 
Reply Fri 8 Sep, 2017 06:24 pm
I guess the party who hacked Equifax will sell the social security numbers and other data to persons who will use it to commit fraud by pretending to be the person whose data was stolen.

Why don't all companies block this by when they receive a request to change their records of customers' addresses, etc., first sending a notice to the old addresses?
 
jespah
 
  2  
Reply Fri 8 Sep, 2017 06:34 pm
@gollum,
There's a lot going on with the Equifax breach. The company knew about it for 6 weeks before telling consumers, plus 3 executives (including the CFO) dumped their stocks 3 days after they learned of the breach.

The company is also trying to add fine print for anyone who agrees to get the offer of a free year of credit monitoring by rival Experian, that they have also just agreed not to sue Equifax. Yeah, that won't last 5 minutes in court, particularly given the magnitude of the breach, which is hitting some 143 million Americans plus some Brits and Canadians.

This is going to get ugly for a lot of people.
gollum
 
  0  
Reply Fri 8 Sep, 2017 07:23 pm
@jespah,
jespah-

Thank you.

I think everything in your Post is accurate.

But it is not responsive to my query.

I think the hacker (A) sells the data to another party(ies) (B) who uses it to assume people's identities and use those identities to fraudulently obtain money.

I think B needs to instruct a company to change its records of a customer's address, etc. If the company would send the notice to the customer's old address, it might stop the fraud.
jespah
 
  2  
Reply Fri 8 Sep, 2017 07:34 pm
@gollum,
Well, not necessarily.

Identity thieves do like to mail out change of address forms as that makes it take longer for their victims to notice the fraud being perpetrated on them. However, they don't always do this.

Part of the Equifax breach was credit card numbers for I believe it was about 200,000 individuals. The thieves don't need a change of address form for that.

As for having the companies follow up with every change of address notification, many companies will throw up their metaphorical hands and claim that's impractical. After all, Visa has how many million customers?

It might work for them to have a two step-process for verifying a change of address - perhaps a code given to the customer at the beginning, which he or she must give to the credit card company (or any other company) before filing a change.

A weak link in all of that is the post office. They're ground zero for address changes, but they've also got a paper-thin budget. They wouldn't have the manpower or the money to investigate every address change, so they rubber stamp them.

PS I realize my responses are long but I work in business credit and this is a HUGE story in the industry.
PUNKEY
 
  1  
Reply Fri 8 Sep, 2017 09:16 pm
@jespah,
Well, what should we be doing niw?
jespah
 
  2  
Reply Sat 9 Sep, 2017 04:57 am
@PUNKEY,
1) Pull your credit reports or at least check your scores, which you can do with CreditKarma for free. Reports are for details, but scores will alert you to trends. If your score is normally 690 and it dips to 685, I wouldn't panic. But if it plummeted to 610 I would be pulling the reports to see what was going on.
2) Make sure the banks, etc. know your correct snail mail address. Change of address forms are often the first place identity thieves start, because that gives them more time to fleece you before you figure out what's going on. If you are getting services (oil, cable, etc.) or bank usage, but not the invoices and statements that go with them, that can be a sign that ID theft is starting.
3) If you have more than just a data breach but an actual ID theft, go to the IRS's website and fill out their identity theft form. This is because you'll need this form for step 4, but also because ID thieves might do otherwise legit work with your name and address on their W-2. With online work and Paypal, they can do this and no one's the wiser until you get the 1099 in the mail for that tax year. This protects you from being audited. The IRS will look at your returns more closely but it will be for ID theft patterns and not for the purposes of an audit.
4) Go to the cops and have them open a file. Take everything with you that's proof of ID theft (in my case - yes, I've done this - it was a 1099); they'll copy that stuff and make it a part of their file and they will give you a copy. In step 3, the IRS will give you access to their ID theft website. When you get the police report, copy that information (case number, etc.) into the online record. That site will also show give you tips on what you might want to do, like put a credit alert or a credit freeze (or both) on your file.
5) Consider a credit monitoring service. However, they are costly, and if you get CreditKarma and you can also read a credit report well enough to determine if it's wrong and/or if there are suspicious charges, then you might not need one.

Also - Equifax is trying to pull a fast one. They are offering one year of free credit monitoring from their competitor, Experian. Except the fine print says that if you accept that service, you are forever waiving your right to sue them about the breach.

This is highly unethical and it won't hold up in court. Judges hate covenants not to sue, and they interpret them extremely narrowly and nearly always strike them down. When they don't, it's because of (a) transparency and (b ) more or less equal bargaining positions between the parties. Neither of those factors are at play here, plus the consequences of this breach could be staggering and long-lasting, and the company's failure to even report the breach for 6 weeks seems like negligence on its face. So the courts will not look kindly upon that kind of nonsense.

This kind of breach (which is easily more than all of the adults in the US - the breach affects 143M people and the US only has 126M adults) can be used for fraud on a grand scale, including vote fraud. Talk to your local politicians about trying to set up some way of making sure the people who are voting are who they say they are.
gollum
 
  1  
Reply Sat 9 Sep, 2017 05:23 am
@jespah,
jespah-

How about issuing a credit freeze order filed with each of the 3 credit reporting agencies?
jespah
 
  2  
Reply Sat 9 Sep, 2017 05:24 am
@gollum,
You could if you want to. That won't fix other issues (like a W-2 in your name), but it would remove one issue.
0 Replies
 
tibbleinparadise
 
  2  
Reply Sun 10 Sep, 2017 01:18 am
@gollum,
I'd love for somebody to steal my infos, my credit is so terrible they won't get very far 😁
0 Replies
 
PUNKEY
 
  1  
Reply Sun 10 Sep, 2017 06:56 am
My credit number dropped from 745 to 620 in May 2016. I had moved in the previous March and a $2.35 Macy's late fee got lost in the mail. That's the only thing I could track it to until I found out my nephew used my address to purchase a car. He has bad credit anyway. My credit # has come back up to 729.
0 Replies
 
InfraBlue
 
  2  
Reply Sun 10 Sep, 2017 10:35 am
I logged in on their website and, sure enough, it says that my "personal information may have been impacted by this incident." So, I signed up for their free ID monitoring service.

I had been wondering how long it would be until the credit reporting services fell to the hackers.

Motherf'k.
0 Replies
 
jespah
 
  3  
Reply Sun 10 Sep, 2017 12:47 pm
A credit freeze is a good way to go. Here's what I know (and I have done, I might add):

Equifax (free):
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian (site kept crashing but I was able to take care of RP; I'll have to call to take care of my own account):
https://www.experian.com/freeze/center.html

TransUnion ($5 or free, depending on your state; you have to open a free account with them first):
https://www.transunion.com/credit-freeze/place-credit-freeze

Innovis (you must snail mail the document in):
https://www.innovis.com/assets/InnovisSecurityFreezeRequest-f77aade600faab215c64ce801278a260.pdf

A credit freeze means that every time someone (including you) wants to open up another credit account or get a loan, you need to use your PIN to temporarily unlock your account. Obviously, you don't unlock for thieves (duh!). Keep your PINs safe and secret, of course. You can take off the freeze permanently if you want to, and some of the services allow you to preemptively remove a freeze on a credit inquiry, which you might want to do if you're buying a car or the like and know which company will be making the inquiry.

All of these were fast but they are all overloaded right now by people doing this very thing, so be patient.
InfraBlue
 
  2  
Reply Sun 10 Sep, 2017 11:09 pm
@jespah,
Thanks for the tip!
0 Replies
 
tsarstepan
 
  2  
Reply Mon 11 Sep, 2017 06:12 am
@jespah,
jespah wrote:

A credit freeze is a good way to go. Here's what I know (and I have done, I might add):

Equifax (free):
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian (site kept crashing but I was able to take care of RP; I'll have to call to take care of my own account):
https://www.experian.com/freeze/center.html
Very Happy Very Happy Very Happy
TransUnion ($5 or free, depending on your state; you have to open a free account with them first):
https://www.transunion.com/credit-freeze/place-credit-freeze

Innovis (you must snail mail the document in):
https://www.innovis.com/assets/InnovisSecurityFreezeRequest-f77aade600faab215c64ce801278a260.pdf

Did the first two (Equifax and Experian) and will be doing the Transunion right now. So far, no problems with getting the freeze. Took less than ten seconds to perform the first two ones.

What is Innovis? I never heard of that credit agency? Is it relatively new? A European credit agency? Something completely different?

PS: Very Happy Really appreciate the link drop Jespah. Very Happy
tsarstepan
 
  1  
Reply Mon 11 Sep, 2017 06:20 am
@tsarstepan,
Can't get the freeze directly from Transunion because I can't remember my exact answer to my secret question to my old Transunion account.
0 Replies
 
jespah
 
  2  
Reply Mon 11 Sep, 2017 11:16 am
@tsarstepan,
Innovis is #4 in the US. I'm only suggesting them because that one is pretty easy.

I am currently on hold hell with Experian....
tsarstepan
 
  2  
Reply Mon 11 Sep, 2017 11:30 am
@jespah,
Just printed up the Innovis PDF all filled out. Stuck it into an envelope with the appropriate postage and mail it out from work.
jespah
 
  2  
Reply Mon 11 Sep, 2017 11:32 am
@tsarstepan,
Woot - Experian is understandably swamped - but they also charged me but didn't give me a freeze PIN.

PS their hold music sucks.
tsarstepan
 
  2  
Reply Mon 11 Sep, 2017 11:44 am
@jespah,
I just got off the phone by setting up a Credit Alert Warning for Transunion.
jespah
 
  2  
Reply Mon 11 Sep, 2017 12:41 pm
@tsarstepan,
I gave up on Experian after the phone was answered (after about 35 minutes) and they dropped the call. I'll try again in the AM. I realize they're swamped and they have to soothe panicked people. But I don't love wasting all that time (I made and ate lunch while listening to their hold music).
0 Replies
 
 

Related Topics

 
  1. Forums
  2. » Equifax
Copyright © 2021 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 09/27/2021 at 02:29:06