Posted by William Charles on September 7, 2017
Misc

Published on September 7th, 2017 | by William Charles

109

Equifax Data Breach: May Have Affected 143 Million Consumers

Equifax has released a statement announcing that 143 million U.S. consumers may have had their personal data compromised. Equifax state the following:

  • Unauthorized access occurred from mid-May through July 2017
  • No evidence of any unauthorized activity on Equifax’s core consumer or commercial credit reporting databases
  • Information accessed includes:
    • Names
    • Social Security numbers
    • Birthdates
    • Addresses
    • In some instances driver licenses numbers
  • Credit card numbers were accessed for 209,000 U.S. consumers
  • Dispute documents with personal identifying information for approximately 182,000 U.S. consumers were also accessed
  • They have set up the following website: http://www.equifaxsecurity2017.com/ where consumers can see if their information is at risk and also the option to sign up for complimentary credit monitoring and identity theft protection. Update: This isn’t working at all currently as made up information comes back with positive results.
    • There is some concern that signing up for TrustedID will waive your rights to participate in a class action lawsuit. More on this at TechCrunch. They have now updated the terms to indicate this is not the case.

This is obviously a pretty massive data breach with some potentially serious repercussions for people if their data has been breached. To make matters worse for Equifax it looks like three of their managers sold stock before the data breach was announced. Discover also offers free social security number alerts and new account alerts that might also be of some use if your data was compromised (or just as a general safeguard). I’ve long argued that the fines and punishments for data breaches aren’t in line with the damage down to individuals if their identity or data is stolen. I also think it’s ridiculous that Equifax can use a subsidiary company (TrustedID) to provide the credit monitoring and identity theft protection.



Leave a Reply

109 Comments on "Equifax Data Breach: May Have Affected 143 Million Consumers"

Notify of
avatar
 

Sort by:   newest | oldest
Ferris
Ferris

Stock price is down 13% after hours, wow.

Information isn’t private anymore, all you can do is have credit monitoring/check your reports. Criminals will always be able to steal information in the future.

NinjaX
NinjaX

so kids, this is why cyber security is damn serious…

we dont even know the scope yet and this happened over several months ago too.

NinjaX
NinjaX

btw. wonder how Drop is doing…

Alex
Alex

Insider trading?

Mike M
Mike M

Definitely insider trading. That bothers me more than anything else about this mess.

Todd
Todd

I checked the potential impact with my information but it simply took me to an enrollment page that said I could enroll a week from now. It did not tell me if I was affected though. What a dumb process.

“Thank You
Your enrollment date for TrustedID Premier is:
09/11/2017
Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process.”

NinjaX
NinjaX

wait. so you used this link: https://www.equifaxsecurity2017.com/potential-impact

and it made you enroll in the useless TrustID?

Todd
Todd

It didn’t let me enroll yet. It said I can to come back later to enroll.

NinjaX
NinjaX

i see. that that link was really stupid. EQ didnt even tell u if u got pWned or not.

Lrdx
Lrdx

They either tell you that you’re not affected by the breach or they tell you this TrustID enrollment thing.

Meaning Todd *is* affected by the breach.

Lrdx
Lrdx

William Charles: Treat that with a bit of salt, that might not be exactly true. I based this on reports from coworkers; the site might had hiccups after the first rush, so..

Still, what I saw so far is in-line with this.

Even if you are affected, they don’t really tell you what is affected. If they only know your name + SSN last 4 digits, there is no need to panic…

What I find amusing is that affected people are covered from NEXT MONDAY, not immediately..

Spencer
Spencer

Earlier this year, both my wife and I had several attempts (each with hard pulls) from hackers trying to open Amazon.com Chase signature visa’s. Each time Chase flagged them as suspicious and never opened the new accounts. We’re both way over 5/24 so that might have helped… Chase also had the hard pulls removed from our reports. We froze our credit with all 3 and just pay the $10 fees now for temporary lifts for AoR’s. New price of this game. Our info will forever be available to the black market, you cannot ever make it private again.

MoreSun
MoreSun

Checked to see if I was “potentially impacted” (who the hell wasn’t though?), it skipped Step #2 (so no message on whether or not I was potentially impacted like it had said it would) and right away popped up with my enrollment date. Forget that! How nice that TrustedID is a subsidiary of Equifax- they get to pay themselves to “fix” their mess.

AL
AL

Who’s gonna fix the mess when some enterprising individual figures out that the database that TrustedID uses has the password “private123”?

MoreSun
MoreSun

I can!! I can operate email, PowerPoint and most recently Reddit! Totally qualified as apparently you don’t really have to know anything about IT to manage this stuff anyway.

MoreSun
MoreSun

Ohmygod you are a genius. Someone on Twitter pointed out inputting “Test” in the name and “123456” yields the you may have been breached result! I got an enrollment date of 9/11 when I tried that combo. Gosh, I’m an actual human and my date was like 9/16 or something…

Vic
Vic

Wow, this could potentially be the worst data breach ever in the U.S.?

Also, I tried enrollment page and my conclusion is:
1. If it can’t locate your credit profile, it tells you you’re not affected.
2. All real inputs I tried and DP I saw so far are responded with a date, with no language regarding impact or not.

https://imgur.com/zueyRJ4

Karen
Karen

Mine went straight to an enrollment date of 9/11. Less than 5 min later I did my mom’s and got a message that she wasn’t affected and an enrollment date of 9/14. Not sure if that means no message = affected or not.

P
P

I got the no message, just an enrollment of 9/12
But my sister’s message when she checked said she’s not impacted.
So, I’m now hoping for the best.

larry
larry

So how do they notify you if your personal data was at risk?

Lrdx
Lrdx

They don’t.

MoreSun
MoreSun

That’s the lol of it. Even the LA times has this to say “But a form on the website purportedly offering to “check potential impact” instead just gives users a date on which they must return to Equifax’s website to enroll in credit monitoring.” (http://www.latimes.com/business/technology/la-fi-tn-equifax-data-breach-20170907-story.html)
I’m thinking if you’re in their system at ALL you get offered their credit monitoring because as pointed out by Vic, fake people don’t get offered the monitoring.

MoreSun
MoreSun

Correction: they do get offered it, but not automatically.

joE
joE

Has anyone actually received a message saying their information was or was not compromised? When I follow their instructions it only gives me a date when i can enroll but no word what so ever if my data was compromised or not.

What a crock of shit!

Lrdx
Lrdx

If they tell you the enrollment date, then you’re affected.

Karen
Karen

My mom got a message that she wasn’t affected and still got an enrollment date, but of 9/14. They say they will let anyone enroll whether they were affected or not. I didn’t get a message and got 9/11.

CM
CM

Wrong, they claim to offer free premium monitoring to everyone as part of this fiasco.

Lrdx
Lrdx

Sorry, yes. If they *don’t* tell you first you’re not affected, chances are you are.

BN
BN

They might have made some changed as I checked this morning, but it stated that I was affected … and then told me to come back next Wednesday.

Lrdx
Lrdx

A class action for 143 million Americans will make a few lawyers set for life..

CM
CM

I was just looking for a way to lock my reports! It looks like they provide premium identity monitoring as part of this, which spans all 3 reports! Hopefully, free freezing is part of it! Fingers crossed!

Superchurn
Superchurn

for a year…a single year. 1000% inadequae, and frankly insulting. its nearly worthless. the fraudsters will just wait out the year then its fair game on your identity

Roman
Roman

Oh wow, these credit agencies make a lot of money from our personal information and on top of that make it sometimes a hassle to deal with them, I hope they have to pay their full net profit for the following years to make amendments after this ridiculous breach.

Gadget
Gadget

I can sign up on the 11th, SO’s the 13th. Really convenient .

gene
gene

If someone accept the free credit protection for a year are they giving up legal rights to sue for reimbursement due to the date breach or is the offer of the free monitoring…unconditional?

Lrdx
Lrdx

12 months of free monitoring in these cases are mandated by the FCRA. I’m quite sure (IANAL..) you won’t waive any rights if you accept.

Although you can just monitor your accounts for free at Credit Karma and co.

Superchurn
Superchurn

i’m wondering this too…i’d be very careful not to agree to anything without reading through all the fine print. i wouldn’t put it past them to try to sneak some bullshit into the agreement about you releasing them from liability or agreeing to arbitration or some other bad thing.

no thanks, i’ll keep doing what i do anyway, and retain my rights to a private lawsuit

TVM
TVM

TechCrunch is reporting that signing up for TrustID might waive our rights to any class action lawsuits.

‘Conveniently (for Equifax) those who sign up for TrustID might waive their right to any class action lawsuit against the company, as stated at the bottom of TrustID’s terms of service.’

I think using one of their own companies (TrustID) is an elaborate plan by Equifax.

A**holes.

http://tcrn.ch/2xSvbDH

Lrdx
Lrdx

The arbitration clause is only mentioning disputes between you and TrustID Inc. Owners and subsidies of TrustID inc. are not mentioned..

Well, I’m asking the company’s lawyers tomorrow.

Roman
Roman

Well I expect lawyers already noticed that the website established to tell us if we’re affected is instead tricking people into some kind of automatic enrollment without confirmation.

John
John

Signing up for Equifax’s credit monitoring service means you agree to forced arbitration in the event of legal action – see their ToS- cheap and convenient for them, expensive for you to apply. Plus it may not even help you if your existing accounts are compromised.

Superchurn
Superchurn

i suspected as much. no monitoring, no agreement, no arbitration. yes private lawsuit

Rena
Rena

9-11 to enroll for me – the date…

Tim
Tim

Uhh. I got 9/12.

What does that mean?

Superchurn
Superchurn

it means you’re breached according to other DP above. i am too.

Klad
Klad

I got 9/13 without a message whether I am affected or not.. I think at this time we shouldn’t be speculating anything just based on date..

Lrdx
Lrdx

It’s not the date, rather the message about not being affected.

If you don’t see that, you can assume you are. The number of affected people is too high.

Klad
Klad

Hmm might be.. let’s wait and watch..

Attila
Attila

So, the company that collected our information without our consent, then was “hacked,” is now expecting everyone to enroll in their service? Really?

Sam
Sam

welcome to America

MoreSun
MoreSun

Yep. The ultimate Pharma company fantasy. Create the plague and provide the cure…

Superchurn
Superchurn

thats about right

Superchurn
Superchurn

its a trap. don’t do it. they’re looking out for #1, and couldn’t give 2 shits about us.

stacker
stacker

I got 9/14 and it did not say if I am affected or not.

Abey
Abey

I got 9/12 and gf and 2 friends 9/13
It didnt say affected or not.

Sam
Sam

It told me to come back on September 12.. so what does that mean for me? Am I affected or not?

Lisa
Lisa

Wait a year. Equifax will be using this as a marketing opportunity to sell us this service.

Equifax profited off of *OUR* data, not theirs. Equifax failed to keep *OUR* data safe. They have their own credit monitoring service. Shouldn’t equifax at least provide free lifetime credit monitoring service? Even that wouldn’t make us whole. Anything less speaks for itself.

Lrdx
Lrdx

Even the idea of “monitoring” by a credit reporting agency is insulting of people’s intelligence.

You don’t need to MONITOR changes, you KNOW when changes happen because YOU MAKE THOSE CHANGES.

Superchurn
Superchurn

mandatory lifetime indemnity against fraud for those affected i say

Alicia
Alicia

I got this:

“Based on the information provided, we believe that your personal information may have been impacted by this incident.

Click the button below to continue your enrollment in TrustedID Premier.”

when I went to the link to enroll, it asked for name/add/email and said to wait for verification and a verification email, also not to worry if this took more than a day due to load and number of enquiries.

Checked one other family member, site gave the enrollment date of 9/13 and a message to go back to site at that date to enroll. Note this family member previously had free credit monitoring from equifax (which had expired). Also this family member had a fraudulent credit card transaction (CapitalOne) only last week – first time we ever had a CapitalOne fraud attempt, probably a coincidence since it came after a business trip but we’ll probably never know for sure.

Both of us have previously used equifax.com to buy credit reports previously but not for at least a couple of years – just adding this data point in case it affects how the form works.

Chris F.

I have a date of 9/13, no message on affected or not.

My wife, who has a much shorter history due to just recently moving to the US, received a message that she was likely not affected. Her date for enrollment is 9/14.

Don B.
Don B.

If you legitimately (or even reasonably thought) had your identity stolen, you should immediately complete IRS Form 14039 for the Identity Theft Affidavit (see link). This form gives you a special tax id number in addition to your SSN when filing taxes to prove your identity.

You should also file your taxes electronically and as soon as humanly possible (early February). The long you wait to file, the more time you give some thief to take your tax refund. You want to prevent duplicate filing.

IRS Form 14039 – Identity Theft Affidavit:
https://www.irs.gov/pub/irs-pdf/f14039.pdf

Taxpayer Guide to Identity Theft:
https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft

M
M

I’m usually due to pay some taxes at filing time. Can IRS bill that to the faker? 😉

Steph
Steph

A wired.com article says 44% of the population could be affected. I got “Thank you” enroll 9/13. My husband got a message that specifically says he is not affected and a button to “enroll”. The article also said once the year is up the attackers will have better luck using the info. This will be a problem for years. https://www.wired.com/story/how-to-protect-yourself

Superchurn
Superchurn

a problem for the rest of your life, actually, unless the IRS starts letting people request new SSNs

Debt Hater

Oh yay, more free credit monitoring for only a year. And then when that’s up and the hackers finally decide to use my SSN?

Also: https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack

David
David

“In order to help those that have been affected by the data breach, we will provide you with a free year of Equifax credit monitoring service!”

– I kid I kid

TomT
TomT

The US Census Bureau data says there are just under 250 million adults in the US as of 2017. I would bet that the 143 million “may have been” affected consumers is their count of everyone in the Equifax database. It don’t see how a subset would have been spared from the 3 month long data breach. So if you’ve ever had an inquiry that went through Equifax, I would ignore their website stating you were unaffected.

R
R

i got 9/10, weird

R
R

did it for my wife and got message that we believe your information is not impacted

John Doe
John Doe

Looks like John Doe with SSN ending is 123456 is affected too.

TheMonkeyTech
TheMonkeyTech

I am not going to sign up for their crappy monitoring. I don’t want to waive the right to join a class action lawsuit. I will freeze all my reports for my family for now.

I hope we’ll be able to do a class action lawsuit that’ll really hit them hard. I don’t even care that lawyers take the bulk of the cash, only hope that Equifax feels some pain for this.

Superchurn
Superchurn

same here…no waiving of any rights. i think i’m going to contact a private lawyer and see what my legal remedies are. class actions, while painful for the company, don’t result in meaningful moneys for class members..i think i’ll take my chances ith a private suit for damages.

Dalo

Online I got ‘enroll on the 13th’ so I called the 866 447 7559 number . “Why do I have to wait until 13th?” “So many people’s information must be examined.” How do I find out if my info has been exposed ?” ” We don’t have access to your personal information” ” What questions can you answer ?””I’m sorry ” I’m not sure why they give this phone number if they can provide no answers.
Jail time sounds appealing but unlikely , Equifax paying huge fines sounds good but that probably won’t happen either . Okay , how about a slap on both wrists ?
These people have been arrogant and dictatorial . Now that they have failed miserably it sounds like they want to just give people the run around and make things worse . I have no sympathy for them . Equifax deserves to go bankrupt .

Superchurn
Superchurn

they have failed miserably. i agree. not only should they be liquidated and their entire assets paid out to the victims, but those responsible for not telling the public about it for 3 months should be in prison for criminal negligence resulting in fucking 1/2 the country over.

Wyle
Wyle

I think a hacker already checked to see if I’m affected and signed me up for the monitoring. 😉
(no, I’m not serious).

Gayle
Gayle

I can’t even get into the site to check – keeps saying Deceptive Site Ahead ??????

Pijanec Ordiner
Pijanec Ordiner

So Will, do you have any advice on what to do? Freeze all?
Maybe link to other posts if you have already covered credit monitoring? Thanks

JP
JP

Everyone in my family got the message of potentially affected. Lol wut??

So is this free trusted id monitoring is no good?

stampman
stampman

Another data breach added to my personal Wall of Shame. This one is number 6. I’ve got 3 different free credit monitoring services going.

The List:

Target
Anthem Insurance
SC Department of Revenue
Office of Personnel Management
University of CT Engineering Dept
Equifax

stacker
stacker

My status changed since I checked yesterday. Now it says my info may have been compromised and an option to enroll immediately in the their TrustedID scam so they can avoid getting sued.

sidgray
sidgray

Hang those crooks! The najarian brothers just said someone profited from this event by buying put options in large quantities for $.60 each costing about $160k and today those same options are worth over $4 million!! They talked about the timing of the trade to very suspicious like a couple of days after those crooked equifax sold stock. Anybody else mad as hell?

MoreSun
MoreSun

Would take too much energy and we peons can’t do anything about it anyway.

Craig
Craig

I continue to maintain a credit freeze on all three agencies. I will now inquire and refuse to do business with lenders who check equifax reports.

bemywife
bemywife

I checked again just now. The status has changed into “may have been impacted” although it was “9/11” yesterday. Fxxk it.

JT
JT

Says I’m compromised. They want me to enroll, but I have misgiving in enrolling with these guys when they’re responsible for the whole problem in the first place.

MoreSun
MoreSun

That’s new, yesterday they just threw us straight to an enrollment date if you might have been compromised.

Dan Humana
Dan Humana

Equifax is worse than 9/11

The Value Traveler

looks like the card approval depts will be taking longer breaks as no one will apply for cards for awhile until the dust settles from this mess.

Jeff H
Jeff H

CAUTION: I have received TWO SPAM emails that look like the read deal. Appears to look like similar formating to the webpage you get linked to by Equifax.

Prem
Prem

I checked and it says my info “may have been impacted”.

What the hell does it mean and what should i do?

MIKE OKELLY

how do i get in

Donald Trump
Donald Trump

Welcome to our Russian “Night King” !!!

Dan
Dan

It’s very likely that the Russians and North Korean hackers and governments have all of our Social Security numbers and other personal info now.

Back to Top ↑