Posted by William Charles on September 7, 2017
Misc

Published on September 7th, 2017 | by William Charles

109

Equifax Data Breach: May Have Affected 143 Million Consumers

Equifax has released a statement announcing that 143 million U.S. consumers may have had their personal data compromised. Equifax state the following:

  • Unauthorized access occurred from mid-May through July 2017
  • No evidence of any unauthorized activity on Equifax’s core consumer or commercial credit reporting databases
  • Information accessed includes:
    • Names
    • Social Security numbers
    • Birthdates
    • Addresses
    • In some instances driver licenses numbers
  • Credit card numbers were accessed for 209,000 U.S. consumers
  • Dispute documents with personal identifying information for approximately 182,000 U.S. consumers were also accessed
  • They have set up the following website: http://www.equifaxsecurity2017.com/ where consumers can see if their information is at risk and also the option to sign up for complimentary credit monitoring and identity theft protection. Update: This isn’t working at all currently as made up information comes back with positive results.
    • There is some concern that signing up for TrustedID will waive your rights to participate in a class action lawsuit. More on this at TechCrunch. They have now updated the terms to indicate this is not the case.

This is obviously a pretty massive data breach with some potentially serious repercussions for people if their data has been breached. To make matters worse for Equifax it looks like three of their managers sold stock before the data breach was announced. Discover also offers free social security number alerts and new account alerts that might also be of some use if your data was compromised (or just as a general safeguard). I’ve long argued that the fines and punishments for data breaches aren’t in line with the damage down to individuals if their identity or data is stolen. I also think it’s ridiculous that Equifax can use a subsidiary company (TrustedID) to provide the credit monitoring and identity theft protection.



109 Responses to Equifax Data Breach: May Have Affected 143 Million Consumers

  1. Ferris says:

    Stock price is down 13% after hours, wow.

    Information isn’t private anymore, all you can do is have credit monitoring/check your reports. Criminals will always be able to steal information in the future.

  2. NinjaX says:

    so kids, this is why cyber security is damn serious…

    we dont even know the scope yet and this happened over several months ago too.

  3. Alex says:

    Insider trading?

  4. Todd says:

    I checked the potential impact with my information but it simply took me to an enrollment page that said I could enroll a week from now. It did not tell me if I was affected though. What a dumb process.

    “Thank You
    Your enrollment date for TrustedID Premier is:
    09/11/2017
    Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process.”

  5. Spencer says:

    Earlier this year, both my wife and I had several attempts (each with hard pulls) from hackers trying to open Amazon.com Chase signature visa’s. Each time Chase flagged them as suspicious and never opened the new accounts. We’re both way over 5/24 so that might have helped… Chase also had the hard pulls removed from our reports. We froze our credit with all 3 and just pay the $10 fees now for temporary lifts for AoR’s. New price of this game. Our info will forever be available to the black market, you cannot ever make it private again.

    • 5/24 doesn’t apply to the Amazon cards so that wouldn’t have been the issue.

      • NinjaX says:

        haha. its OK Will. i have tried tirelessly to educate people. it doesnt work.

        i still always see:

        “DP: Applied CapOne Venture and Barclay A+ same time to combine HP. Instant approval even though im way way over 5/24.”

        SMH…

      • Spencer says:

        I should have left the joke about 5/24 out of my post, it detracts from my comment. Chase did a good job of blocking the attempts because “some info” was slightly different than their records. In our cases, the SSN was correct, but address / phone / email did not match according the backline reps we talked to. Kudo’s to Chase. She did imply that had we not had active Chase accounts not matching the applications, it might have gone through.

        1) Your name, SSN, birth date and address will leak.
        2) See #1 and use the credit freeze feature of all 3 (TU / EQ / EX) The 6-10 digit pins will be far more secure and allow you the control you should have to release your credit reports only when appropriate.

  6. MoreSun says:

    Checked to see if I was “potentially impacted” (who the hell wasn’t though?), it skipped Step #2 (so no message on whether or not I was potentially impacted like it had said it would) and right away popped up with my enrollment date. Forget that! How nice that TrustedID is a subsidiary of Equifax- they get to pay themselves to “fix” their mess.

    • AL says:

      Who’s gonna fix the mess when some enterprising individual figures out that the database that TrustedID uses has the password “private123”?

      • MoreSun says:

        I can!! I can operate email, PowerPoint and most recently Reddit! Totally qualified as apparently you don’t really have to know anything about IT to manage this stuff anyway.

      • MoreSun says:

        Ohmygod you are a genius. Someone on Twitter pointed out inputting “Test” in the name and “123456” yields the you may have been breached result! I got an enrollment date of 9/11 when I tried that combo. Gosh, I’m an actual human and my date was like 9/16 or something…

  7. Vic says:

    Wow, this could potentially be the worst data breach ever in the U.S.?

    Also, I tried enrollment page and my conclusion is:
    1. If it can’t locate your credit profile, it tells you you’re not affected.
    2. All real inputs I tried and DP I saw so far are responded with a date, with no language regarding impact or not.

    https://imgur.com/zueyRJ4

    • Karen says:

      Mine went straight to an enrollment date of 9/11. Less than 5 min later I did my mom’s and got a message that she wasn’t affected and an enrollment date of 9/14. Not sure if that means no message = affected or not.

    • P says:

      I got the no message, just an enrollment of 9/12
      But my sister’s message when she checked said she’s not impacted.
      So, I’m now hoping for the best.

  8. larry says:

    So how do they notify you if your personal data was at risk?

  9. joE says:

    Has anyone actually received a message saying their information was or was not compromised? When I follow their instructions it only gives me a date when i can enroll but no word what so ever if my data was compromised or not.

    What a crock of shit!

  10. Lrdx says:

    A class action for 143 million Americans will make a few lawyers set for life..

    • And each individual will end up with about $0.01

      • cc says:

        Yep. At least three of those crooks will most likely be going to jail for insider trading as selling stocks before news became public and knew about breach. What a mess

        • P says:

          But they’re going to jail – if they do – for insider trading, not this data breach mess. None of them will go to jail for not protecting our data enough.

          • CC says:

            What I meant. Sorry if post wasn’t clear.

          • Superchurn says:

            Equifax should be forced to pay for credit monitoring services for the life of the SSN disclosed, or the IRS needs to start issuing replacement SSN’s for ID breach victims.

            that’s the only way to re-establish safety.

      • Superchurn says:

        That’s the bullshit part of class actions, and why I will be proactively opting out of this one. I want to retain my rights to pursue private litigation against these Experian motherfuckers for all the future damages, time, and financial headaches this will cause for me. I’d advise everyone to opt out of any class action over this, because you’re right, they’ll get utterly boned for signing away their rights.

        I agree their “1 year credit monitoring…” bullshit is nowhere near adequate to compensate people for this sort of negligence.

        And those managers that sold their stock need to go to prison, not only for insider trading, but also for knowing about this a month ahead of time and not telling anyone.

        • Ben L. says:

          Good luck on your individual lawsuit against a massive corporation. It’s been a couple years since I practiced law, but if I can offer some unsolicited legal advice: try to sue to right company. You’ve listed the wrong one in your comment.

  11. CM says:

    I was just looking for a way to lock my reports! It looks like they provide premium identity monitoring as part of this, which spans all 3 reports! Hopefully, free freezing is part of it! Fingers crossed!

    • Superchurn says:

      for a year…a single year. 1000% inadequae, and frankly insulting. its nearly worthless. the fraudsters will just wait out the year then its fair game on your identity

  12. Roman says:

    Oh wow, these credit agencies make a lot of money from our personal information and on top of that make it sometimes a hassle to deal with them, I hope they have to pay their full net profit for the following years to make amendments after this ridiculous breach.

  13. Gadget says:

    I can sign up on the 11th, SO’s the 13th. Really convenient .

  14. gene says:

    If someone accept the free credit protection for a year are they giving up legal rights to sue for reimbursement due to the date breach or is the offer of the free monitoring…unconditional?

    • Lrdx says:

      12 months of free monitoring in these cases are mandated by the FCRA. I’m quite sure (IANAL..) you won’t waive any rights if you accept.

      Although you can just monitor your accounts for free at Credit Karma and co.

    • Superchurn says:

      i’m wondering this too…i’d be very careful not to agree to anything without reading through all the fine print. i wouldn’t put it past them to try to sneak some bullshit into the agreement about you releasing them from liability or agreeing to arbitration or some other bad thing.

      no thanks, i’ll keep doing what i do anyway, and retain my rights to a private lawsuit

  15. TVM says:

    TechCrunch is reporting that signing up for TrustID might waive our rights to any class action lawsuits.

    ‘Conveniently (for Equifax) those who sign up for TrustID might waive their right to any class action lawsuit against the company, as stated at the bottom of TrustID’s terms of service.’

    I think using one of their own companies (TrustID) is an elaborate plan by Equifax.

    A**holes.

    http://tcrn.ch/2xSvbDH

    • Lrdx says:

      The arbitration clause is only mentioning disputes between you and TrustID Inc. Owners and subsidies of TrustID inc. are not mentioned..

      Well, I’m asking the company’s lawyers tomorrow.

    • Roman says:

      Well I expect lawyers already noticed that the website established to tell us if we’re affected is instead tricking people into some kind of automatic enrollment without confirmation.

  16. John says:

    Signing up for Equifax’s credit monitoring service means you agree to forced arbitration in the event of legal action – see their ToS- cheap and convenient for them, expensive for you to apply. Plus it may not even help you if your existing accounts are compromised.

  17. Rena says:

    9-11 to enroll for me – the date…

  18. Tim says:

    Uhh. I got 9/12.

    What does that mean?

  19. Klad says:

    I got 9/13 without a message whether I am affected or not.. I think at this time we shouldn’t be speculating anything just based on date..

  20. Attila says:

    So, the company that collected our information without our consent, then was “hacked,” is now expecting everyone to enroll in their service? Really?

  21. stacker says:

    I got 9/14 and it did not say if I am affected or not.

  22. Abey says:

    I got 9/12 and gf and 2 friends 9/13
    It didnt say affected or not.

  23. Sam says:

    It told me to come back on September 12.. so what does that mean for me? Am I affected or not?

  24. Lisa says:

    Wait a year. Equifax will be using this as a marketing opportunity to sell us this service.

    Equifax profited off of *OUR* data, not theirs. Equifax failed to keep *OUR* data safe. They have their own credit monitoring service. Shouldn’t equifax at least provide free lifetime credit monitoring service? Even that wouldn’t make us whole. Anything less speaks for itself.

    • Lrdx says:

      Even the idea of “monitoring” by a credit reporting agency is insulting of people’s intelligence.

      You don’t need to MONITOR changes, you KNOW when changes happen because YOU MAKE THOSE CHANGES.

    • Superchurn says:

      mandatory lifetime indemnity against fraud for those affected i say

  25. Alicia says:

    I got this:

    “Based on the information provided, we believe that your personal information may have been impacted by this incident.

    Click the button below to continue your enrollment in TrustedID Premier.”

    when I went to the link to enroll, it asked for name/add/email and said to wait for verification and a verification email, also not to worry if this took more than a day due to load and number of enquiries.

    Checked one other family member, site gave the enrollment date of 9/13 and a message to go back to site at that date to enroll. Note this family member previously had free credit monitoring from equifax (which had expired). Also this family member had a fraudulent credit card transaction (CapitalOne) only last week – first time we ever had a CapitalOne fraud attempt, probably a coincidence since it came after a business trip but we’ll probably never know for sure.

    Both of us have previously used equifax.com to buy credit reports previously but not for at least a couple of years – just adding this data point in case it affects how the form works.

  26. Chris F. says:

    I have a date of 9/13, no message on affected or not.

    My wife, who has a much shorter history due to just recently moving to the US, received a message that she was likely not affected. Her date for enrollment is 9/14.

  27. Don B. says:

    If you legitimately (or even reasonably thought) had your identity stolen, you should immediately complete IRS Form 14039 for the Identity Theft Affidavit (see link). This form gives you a special tax id number in addition to your SSN when filing taxes to prove your identity.

    You should also file your taxes electronically and as soon as humanly possible (early February). The long you wait to file, the more time you give some thief to take your tax refund. You want to prevent duplicate filing.

    IRS Form 14039 – Identity Theft Affidavit:
    https://www.irs.gov/pub/irs-pdf/f14039.pdf

    Taxpayer Guide to Identity Theft:
    https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft

  28. Steph says:

    A wired.com article says 44% of the population could be affected. I got “Thank you” enroll 9/13. My husband got a message that specifically says he is not affected and a button to “enroll”. The article also said once the year is up the attackers will have better luck using the info. This will be a problem for years. https://www.wired.com/story/how-to-protect-yourself

  29. Debt Hater says:

    Oh yay, more free credit monitoring for only a year. And then when that’s up and the hackers finally decide to use my SSN?

    Also: https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack

  30. David says:

    “In order to help those that have been affected by the data breach, we will provide you with a free year of Equifax credit monitoring service!”

    – I kid I kid

  31. TomT says:

    The US Census Bureau data says there are just under 250 million adults in the US as of 2017. I would bet that the 143 million “may have been” affected consumers is their count of everyone in the Equifax database. It don’t see how a subset would have been spared from the 3 month long data breach. So if you’ve ever had an inquiry that went through Equifax, I would ignore their website stating you were unaffected.

  32. R says:

    i got 9/10, weird

  33. John Doe says:

    Looks like John Doe with SSN ending is 123456 is affected too.

  34. TheMonkeyTech says:

    I am not going to sign up for their crappy monitoring. I don’t want to waive the right to join a class action lawsuit. I will freeze all my reports for my family for now.

    I hope we’ll be able to do a class action lawsuit that’ll really hit them hard. I don’t even care that lawyers take the bulk of the cash, only hope that Equifax feels some pain for this.

    • Superchurn says:

      same here…no waiving of any rights. i think i’m going to contact a private lawyer and see what my legal remedies are. class actions, while painful for the company, don’t result in meaningful moneys for class members..i think i’ll take my chances ith a private suit for damages.

  35. Dalo says:

    Online I got ‘enroll on the 13th’ so I called the 866 447 7559 number . “Why do I have to wait until 13th?” “So many people’s information must be examined.” How do I find out if my info has been exposed ?” ” We don’t have access to your personal information” ” What questions can you answer ?””I’m sorry ” I’m not sure why they give this phone number if they can provide no answers.
    Jail time sounds appealing but unlikely , Equifax paying huge fines sounds good but that probably won’t happen either . Okay , how about a slap on both wrists ?
    These people have been arrogant and dictatorial . Now that they have failed miserably it sounds like they want to just give people the run around and make things worse . I have no sympathy for them . Equifax deserves to go bankrupt .

    • Superchurn says:

      they have failed miserably. i agree. not only should they be liquidated and their entire assets paid out to the victims, but those responsible for not telling the public about it for 3 months should be in prison for criminal negligence resulting in fucking 1/2 the country over.

  36. Wyle says:

    I think a hacker already checked to see if I’m affected and signed me up for the monitoring. 😉
    (no, I’m not serious).

  37. Gayle says:

    I can’t even get into the site to check – keeps saying Deceptive Site Ahead ??????

  38. Pijanec Ordiner says:

    So Will, do you have any advice on what to do? Freeze all?
    Maybe link to other posts if you have already covered credit monitoring? Thanks

  39. JP says:

    Everyone in my family got the message of potentially affected. Lol wut??

    So is this free trusted id monitoring is no good?

  40. stampman says:

    Another data breach added to my personal Wall of Shame. This one is number 6. I’ve got 3 different free credit monitoring services going.

    The List:

    Target
    Anthem Insurance
    SC Department of Revenue
    Office of Personnel Management
    University of CT Engineering Dept
    Equifax

  41. stacker says:

    My status changed since I checked yesterday. Now it says my info may have been compromised and an option to enroll immediately in the their TrustedID scam so they can avoid getting sued.

  42. sidgray says:

    Hang those crooks! The najarian brothers just said someone profited from this event by buying put options in large quantities for $.60 each costing about $160k and today those same options are worth over $4 million!! They talked about the timing of the trade to very suspicious like a couple of days after those crooked equifax sold stock. Anybody else mad as hell?

  43. Craig says:

    I continue to maintain a credit freeze on all three agencies. I will now inquire and refuse to do business with lenders who check equifax reports.

  44. bemywife says:

    I checked again just now. The status has changed into “may have been impacted” although it was “9/11” yesterday. Fxxk it.

  45. looks like the card approval depts will be taking longer breaks as no one will apply for cards for awhile until the dust settles from this mess.

  46. Jeff H says:

    CAUTION: I have received TWO SPAM emails that look like the read deal. Appears to look like similar formating to the webpage you get linked to by Equifax.

  47. Prem says:

    I checked and it says my info “may have been impacted”.

    What the hell does it mean and what should i do?

  48. Donald Trump says:

    Welcome to our Russian “Night King” !!!

  49. Dan says:

    It’s very likely that the Russians and North Korean hackers and governments have all of our Social Security numbers and other personal info now.

Leave a reply

Your email address will not be published. Required fields are marked *. Please do not share your referral links/codes unless the post specifically states it's allowed. If the post states it is allowed please follow the rules carefully. If you'd like an image next to your comments please create a gravatar. Most of all please be kind and respectful to each other. 

Back to Top ↑