Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What's a Practical Response To the Equifax Breach?

Posted by BeauHD on from the cause-and-effect dept.

In response to the massive Equifax cybersecurity incident impacting approximately 143 million U.S. consumer -- making it possibly the worst leak of personal info ever -- Slashdot reader AdamStarks asks: What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).

28 of 217 comments (clear)

  1. Two Words.... by Zurkeyon3733 · · Score: 4, Insightful

    CLASS ACTION!

    1. Re:Two Words.... by acvh · · Score: 3, Insightful

      Why? So a handful of law firms can score big dollars while you and I get a check for $15 and 2 years of free credit monitoring? Class action suits rarely (never?) help the actual victims.

    2. Re:Two Words.... by Zurkeyon3733 · · Score: 5, Insightful

      No, but that several billion dollar judgement hit sure hurts The Credit Mongers! They HATE to lose money. Maybe a couple billion in THEIR losses, might make them a bit more cautious about not caring about OUR losses when they allow BS like this to happen.... Hmmm? Maybe? :-P

    3. Re:Two Words.... by MightyMartian · · Score: 2

      There isn't a cancer horrible enough for you.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Two Words.... by Ritz_Just_Ritz · · Score: 3, Insightful

      Actually, if you agree to their free credit monitoring, you get it for a year...and then you're on the hook to pay for it if you don't cancel. One would almost think this was engineered to boost subscriptions to their credit monitoring service....nah....

      https://www.cnbc.com/2017/09/0...

      And it's not like you have the option to tell creditors to NOT share your data with these asshats.

      Pay cash for everything and leave these jackals twisting in the wind.

    5. Re:Two Words.... by interkin3tic · · Score: 2

      Class action suits rarely (never?) help the actual victims.

      Sure, and locking drunk drivers up rarely (never?) brings back people killed by drunk drivers.

      Stop thinking of class action lawsuits as something the individuals "win" to make things all better.

      Class action lawsuits ARE an effective tool in preventing otherwise omnipotent mega-corporations from trampling all over consumers, and they're one of the very few that don't depend on bribable politicians or idiotic voters.

      Don't think they're effective in instilling fear in corporations? Then explain to me why equifax is so desperately trying to avoid them that they tried the laughably bad tactic of forcing people to give up their right to it to know if they had been hacked? Just as an extra "LOL fuck you"?

      Class action lawsuits aren't to make everything right again, legal punishments never do.

    6. Re:Two Words.... by ichimunki · · Score: 2

      Since the breach happened at Equifax, it would be utterly bizarre if a lawsuit made Experian go out of business.

      --
      I do not have a signature
  2. Bend over by Anonymous Coward · · Score: 3, Insightful

    The average person is not an Equifax top exec that was able to cash out before the news got out.

  3. Shut it down and fine the executives! by Anonymous Coward · · Score: 2, Interesting

    Class-action will only transfer additional costs on to the consumers.

    I vote to shut it down, have the FTC or somebody step in, and force a direct payout to the consumers, bypassing all the fucking lawyers.

  4. Per Brian Krebs... by jddj · · Score: 5, Informative

    Don't waste your time or money on their monitoring "services", which don't do much. Instead, freeze your credit with each of the agencies.

    Krebs' "Dumpster Fire" post on the Equifax debacle is worth reading.

    https://krebsonsecurity.com/20...

  5. First thing: request a credit freeze by sandbagger · · Score: 5, Informative

    The security freeze prevents anyone, even you, from opening a credit account or getting a loan in your name, including yourself, until you lift the freeze.

    You never know about a identity theft until after the fact and weird bills start coming in. Basically you agree to a PIN number. No new loans can take place in your name unless the applicant knows the number.

    It's close to free but there may be a few $10 fees depending on where you do it: https://www.transunion.com/cre...

    The credit reputation agencies don't offer it by default because their business model is to sell you fraud alert monitoring services. Logically, if there's a freeze, there's nothing for them to monitor. This is the cheapest and best solution.

    Second, stop giving Equifax your money.
    Third, class action suit.

    PS: Krebs on Security has a great piece that's now a few years old but shows why credit freezes are good and the other crap sold by Equifax and their peers are more or less useless in comparison: Transition and Experien promote have little value: https://krebsonsecurity.com/20...

    --
    ---- The above post was generated by the Turing Institute. Maybe.
    1. Re:First thing: request a credit freeze by Anonymous Coward · · Score: 5, Insightful

      And how exactly does a freeze help, if the next credit bureau hack obtains all those freeze PINs?

      There's nothing you can realistically do to protect yourself against these attacks. The entire business model of storing a bunch of sensitive information about literally everyone in a single place is fundamentally fucked from the beginning. Especially when they have very little incentive to safeguard data about us peasants.

  6. What not to do... by BenJeremy · · Score: 4, Insightful

    ...don't respond to the breach by forcing users to go to a phishy-sounding "equifaxsecurity2017.com" web site (I've actually had phishing e-mails directing me to go to "paypal2017.com" and such. Worse, don't direct them to a THIRD site that doesn't even have a valid certificate, causing Chrome, Firefox and other browsers to scream "Dangerous and Deceptive Site!!!!" with a big red warning screen.

    Lastly, don't force them to join your crappy credit monitoring site in order to find out if they are part of the breach... and thereby forcing them to renounce their ability to sue you.

    The clueless executives need to be fired, and probably anybody on their IT staff with "security" in their title or job requirements.

  7. panic, you are fucked by Osgeld · · Score: 2

    Seriously, besides the waving the right to participate in a class action lawsuit, which might net you a fucking nickel in a decade, you are fucked, and what's the response, sign up for security?

    cause security obviously works

    how bout you actually watch and keep up with your shit, like you should be doing anyway ... I dunno about you, but I am not so filthy rich that I dont keep track of what I buy, and check on the card (yes card not cards) at least once a week to make sure everything is as it should be

    1. Re:panic, you are fucked by nnet · · Score: 2

      its good you check on the card you know about.

    2. Re:panic, you are fucked by Swave+An+deBwoner · · Score: 4, Informative

      When I experienced identity theft it wasn't through bogus charges on my credit card (which my bank normally picks up on right away) but through about a dozen newly-opened store-specific credit card purchases and utility bills in places between 1,000 and 4,000 miles away from where I live.

      That's not something I could have easily monitored by just checking my bank's website.

      In my case the perpetrator was caught by police in another state within a day or two of my first learning about the first bogus account. Not everybody is so lucky.

  8. Political change by manu0601 · · Score: 5, Insightful

    That sad story could be used to ask for political change.

    There are countries where knowing someone's SSN is not enough to get a credit on his behalf, why US residents could not enjoy similar protection by law?

  9. Two other words by El+Cubano · · Score: 5, Informative

    CREDIT FREEZE

    What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).

    Here is a good guide on freezing your credit: http://clark.com/personal-fina...

    There is no reason for the vast majority of people to leave their credit open. Seriously, most people apply for new credit maybe once every few years, if that. Leaving your credit open is simply asking for trouble.

    As they say, an ounce of prevention is worth a pound of cure (or their SI equivalents if you don't like conventional weights and measures).

    1. Re:Two other words by somenickname · · Score: 3, Interesting

      I agree that it should have been free but, a stable adult rarely needs to do anything related to credit checks. Even beyond that, I am 100% willing to give up convenience for palpable online security. I've never had my identity stolen, never had a virus on my computer, never had a website password breach compromise another account, etc. And the reason for that is that I'm cautious and willing to inconvenience myself to avoid a threat. As soon as I read about credit freezes (on this website!) I decided that the threat was much, much larger than any inconvenience I would invoke by freezing my credit. The Experian breach is a Big Deal and the adults in the room are inoculating themselves against it regardless of the hassle.

    2. Re:Two other words by interkin3tic · · Score: 2

      Since Obama Care, insurance changes are a yearly thing now.

      If you think that's something that only started with Obamacare, you probably have all your money in that Rush Limbaugh gold coin scam and really don't need to worry about people stealing from your bank account anyway.

    3. Re:Two other words by gumbi+west · · Score: 3, Interesting

      Wait, there has to be a PIN recovery system. And guess who would now have all the data needed to reset the PIN.

    4. Re:Two other words by Bitmanhome · · Score: 2

      A credit freeze just freezes your credit reports, not the actual credit. Since all your info is leaked, this is probably pretty useless.

      --
      Not that this wasn't entirely predictable.
    5. Re:Two other words by zeugma-amp · · Score: 2

      It depends largely upon where you live. Went to transunion earlier today and they wanted to charge me $10.50 for a credit freeze. They didn't even state how long it was good for. I'd guess a year. So, if I want to freeze my credit report at all 3 agencies, it would likely cost me more than $30/year.

      --
      This is an ex-parrot!
  10. Basically everyone is affected by netsavior · · Score: 4, Insightful

    basically everyone with a bank account or water bill is affected. This is an industry altering breech. There is no reason to believe you have any ability to do anything about it.

    I am not being defeatist, this will cause necessary change in the entire industry.

  11. Re:Lifelock by sexconker · · Score: 3, Informative

    I'm not a security guard. I'm a security monitor. I let people know when there's a robbery.

    There's a robbery.

  12. Corps and Govt stop treating the SSN as a Secret by williamyf · · Score: 4, Insightful

    The SSN, passport number, or, for all practical intents and purposes any government issued number is NOT a secret. There are ways to get those numbers, be it through breaches like this one, or other means.

    The SSN is not a Secret. Is just a number issued by the government to identify you more easily to the Social Security.

    Again, the SSN is not a secret. Nurses, Doctors, Clerks see the number as a matter of routine...
    Your passport number is not a secret. Clerks, security guards and border patrol agents, both in your country and abroad see it on a regular basis.
    Driver license numbers are not a secret.....
    ID Numbers (for countries which issue ID Cards) are not a secret....
    You get the drift....

    Maybe, just maybe, the Goverments and companies will stop treating these numbers (be it the SSN in the USoA, the Cedula or DNI, or what have you ) as a "Secret", and recognize that these are just ID numbers, not secrets, and we move towards a real secret when needed, in the form of, perhaps PIN+SmartCard, or some other mechanism.

    I know, is a loooooong shot, but dreaming is free....

    --
    *** Suerte a todos y Feliz dia!
  13. Re:Leave Equifax? by Narcocide · · Score: 2

    LOL, on what grounds? The DMCA?

  14. Re:Freeze the reports, bill equifax for the costs by PPH · · Score: 2

    1) Freeze all three agencies

    Or just freeze Equifax. If enough people do this, banks and lenders will have to take their business elsewhere.

    --
    Have gnu, will travel.