Ask Slashdot: What's a Practical Response To the Equifax Breach?

In response to the massive Equifax cybersecurity incident impacting approximately 143 million U.S. consumer -- making it possibly the worst leak of personal info ever -- Slashdot reader AdamStarks asks: What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).

Two Words....

[Zurkeyon3733]

CLASS ACTION!

Re:Two Words....

[acvh]

Why? So a handful of law firms can score big dollars while you and I get a check for $15 and 2 years of free credit monitoring? Class action suits rarely (never?) help the actual victims.

Re:Two Words....

[Zurkeyon3733]

No, but that several billion dollar judgement hit sure hurts The Credit Mongers! They HATE to lose money. Maybe a couple billion in THEIR losses, might make them a bit more cautious about not caring about OUR losses when they allow BS like this to happen.... Hmmm? Maybe? :-P

Re:Two Words....

[Ritz_Just_Ritz]

Actually, if you agree to their free credit monitoring, you get it for a year...and then you're on the hook to pay for it if you don't cancel. One would almost think this was engineered to boost subscriptions to their credit monitoring service....nah....

https://www.cnbc.com/2017/09/0...

And it's not like you have the option to tell creditors to NOT share your data with these asshats.

Pay cash for everything and leave these jackals twisting in the wind.

Bend over

The average person is not an Equifax top exec that was able to cash out before the news got out.

What not to do...

[BenJeremy]

...don't respond to the breach by forcing users to go to a phishy-sounding "equifaxsecurity2017.com" web site (I've actually had phishing e-mails directing me to go to "paypal2017.com" and such. Worse, don't direct them to a THIRD site that doesn't even have a valid certificate, causing Chrome, Firefox and other browsers to scream "Dangerous and Deceptive Site!!!!" with a big red warning screen.

Lastly, don't force them to join your crappy credit monitoring site in order to find out if they are part of the breach... and thereby forcing them to renounce their ability to sue you.

The clueless executives need to be fired, and probably anybody on their IT staff with "security" in their title or job requirements.

Political change

[manu0601]

That sad story could be used to ask for political change.

There are countries where knowing someone's SSN is not enough to get a credit on his behalf, why US residents could not enjoy similar protection by law?

Basically everyone is affected

[netsavior]

basically everyone with a bank account or water bill is affected. This is an industry altering breech. There is no reason to believe you have any ability to do anything about it.

I am not being defeatist, this will cause necessary change in the entire industry.

Re:First thing: request a credit freeze

And how exactly does a freeze help, if the next credit bureau hack obtains all those freeze PINs?

There's nothing you can realistically do to protect yourself against these attacks. The entire business model of storing a bunch of sensitive information about literally everyone in a single place is fundamentally fucked from the beginning. Especially when they have very little incentive to safeguard data about us peasants.

Corps and Govt stop treating the SSN as a Secret

[williamyf]

The SSN, passport number, or, for all practical intents and purposes any government issued number is NOT a secret. There are ways to get those numbers, be it through breaches like this one, or other means.

The SSN is not a Secret. Is just a number issued by the government to identify you more easily to the Social Security.

Again, the SSN is not a secret. Nurses, Doctors, Clerks see the number as a matter of routine...
Your passport number is not a secret. Clerks, security guards and border patrol agents, both in your country and abroad see it on a regular basis.
Driver license numbers are not a secret.....
ID Numbers (for countries which issue ID Cards) are not a secret....
You get the drift....

Maybe, just maybe, the Goverments and companies will stop treating these numbers (be it the SSN in the USoA, the Cedula or DNI, or what have you ) as a "Secret", and recognize that these are just ID numbers, not secrets, and we move towards a real secret when needed, in the form of, perhaps PIN+SmartCard, or some other mechanism.

I know, is a loooooong shot, but dreaming is free....

Re:Two other words

The problem with freezing your credit is that you have to pay for the privilege of not being spied on and exploited. And you have to pay this fee to each reporting agency. Then you have to pay again if you need to unfreeze it. For example to change insurance companies or buy something expensive. Since Obama Care, insurance changes are a yearly thing now. Then you pay again to freeze it afterwards. Pay, pay, pay!

It's just another scam to nickle and dime us to death for things that shouldn't exist in the first place.

Because money is involved to unlock

[SuperKendall]

And how exactly does a freeze help, if the next credit bureau hack obtains all those freeze PINs?

SSN's you can use in bulk. But even knowing a freeze PIN you still have to pay real money - either to unlock it temporarily, or for good. That makes it less likely attackers would make use of it.