Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What's a Practical Response To the Equifax Breach?

Posted by BeauHD on from the cause-and-effect dept.

In response to the massive Equifax cybersecurity incident impacting approximately 143 million U.S. consumer -- making it possibly the worst leak of personal info ever -- Slashdot reader AdamStarks asks: What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).

17 of 217 comments (clear)

  1. Two Words.... by Zurkeyon3733 · · Score: 4, Insightful

    CLASS ACTION!

    1. Re:Two Words.... by acvh · · Score: 3, Insightful

      Why? So a handful of law firms can score big dollars while you and I get a check for $15 and 2 years of free credit monitoring? Class action suits rarely (never?) help the actual victims.

    2. Re:Two Words.... by Zurkeyon3733 · · Score: 5, Insightful

      No, but that several billion dollar judgement hit sure hurts The Credit Mongers! They HATE to lose money. Maybe a couple billion in THEIR losses, might make them a bit more cautious about not caring about OUR losses when they allow BS like this to happen.... Hmmm? Maybe? :-P

    3. Re:Two Words.... by Ritz_Just_Ritz · · Score: 3, Insightful

      Actually, if you agree to their free credit monitoring, you get it for a year...and then you're on the hook to pay for it if you don't cancel. One would almost think this was engineered to boost subscriptions to their credit monitoring service....nah....

      https://www.cnbc.com/2017/09/0...

      And it's not like you have the option to tell creditors to NOT share your data with these asshats.

      Pay cash for everything and leave these jackals twisting in the wind.

  2. Bend over by Anonymous Coward · · Score: 3, Insightful

    The average person is not an Equifax top exec that was able to cash out before the news got out.

  3. Per Brian Krebs... by jddj · · Score: 5, Informative

    Don't waste your time or money on their monitoring "services", which don't do much. Instead, freeze your credit with each of the agencies.

    Krebs' "Dumpster Fire" post on the Equifax debacle is worth reading.

    https://krebsonsecurity.com/20...

  4. First thing: request a credit freeze by sandbagger · · Score: 5, Informative

    The security freeze prevents anyone, even you, from opening a credit account or getting a loan in your name, including yourself, until you lift the freeze.

    You never know about a identity theft until after the fact and weird bills start coming in. Basically you agree to a PIN number. No new loans can take place in your name unless the applicant knows the number.

    It's close to free but there may be a few $10 fees depending on where you do it: https://www.transunion.com/cre...

    The credit reputation agencies don't offer it by default because their business model is to sell you fraud alert monitoring services. Logically, if there's a freeze, there's nothing for them to monitor. This is the cheapest and best solution.

    Second, stop giving Equifax your money.
    Third, class action suit.

    PS: Krebs on Security has a great piece that's now a few years old but shows why credit freezes are good and the other crap sold by Equifax and their peers are more or less useless in comparison: Transition and Experien promote have little value: https://krebsonsecurity.com/20...

    --
    ---- The above post was generated by the Turing Institute. Maybe.
    1. Re:First thing: request a credit freeze by Anonymous Coward · · Score: 5, Insightful

      And how exactly does a freeze help, if the next credit bureau hack obtains all those freeze PINs?

      There's nothing you can realistically do to protect yourself against these attacks. The entire business model of storing a bunch of sensitive information about literally everyone in a single place is fundamentally fucked from the beginning. Especially when they have very little incentive to safeguard data about us peasants.

  5. What not to do... by BenJeremy · · Score: 4, Insightful

    ...don't respond to the breach by forcing users to go to a phishy-sounding "equifaxsecurity2017.com" web site (I've actually had phishing e-mails directing me to go to "paypal2017.com" and such. Worse, don't direct them to a THIRD site that doesn't even have a valid certificate, causing Chrome, Firefox and other browsers to scream "Dangerous and Deceptive Site!!!!" with a big red warning screen.

    Lastly, don't force them to join your crappy credit monitoring site in order to find out if they are part of the breach... and thereby forcing them to renounce their ability to sue you.

    The clueless executives need to be fired, and probably anybody on their IT staff with "security" in their title or job requirements.

  6. Political change by manu0601 · · Score: 5, Insightful

    That sad story could be used to ask for political change.

    There are countries where knowing someone's SSN is not enough to get a credit on his behalf, why US residents could not enjoy similar protection by law?

  7. Two other words by El+Cubano · · Score: 5, Informative

    CREDIT FREEZE

    What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).

    Here is a good guide on freezing your credit: http://clark.com/personal-fina...

    There is no reason for the vast majority of people to leave their credit open. Seriously, most people apply for new credit maybe once every few years, if that. Leaving your credit open is simply asking for trouble.

    As they say, an ounce of prevention is worth a pound of cure (or their SI equivalents if you don't like conventional weights and measures).

    1. Re:Two other words by somenickname · · Score: 3, Interesting

      I agree that it should have been free but, a stable adult rarely needs to do anything related to credit checks. Even beyond that, I am 100% willing to give up convenience for palpable online security. I've never had my identity stolen, never had a virus on my computer, never had a website password breach compromise another account, etc. And the reason for that is that I'm cautious and willing to inconvenience myself to avoid a threat. As soon as I read about credit freezes (on this website!) I decided that the threat was much, much larger than any inconvenience I would invoke by freezing my credit. The Experian breach is a Big Deal and the adults in the room are inoculating themselves against it regardless of the hassle.

    2. Re:Two other words by gumbi+west · · Score: 3, Interesting

      Wait, there has to be a PIN recovery system. And guess who would now have all the data needed to reset the PIN.

  8. Basically everyone is affected by netsavior · · Score: 4, Insightful

    basically everyone with a bank account or water bill is affected. This is an industry altering breech. There is no reason to believe you have any ability to do anything about it.

    I am not being defeatist, this will cause necessary change in the entire industry.

  9. Re:Lifelock by sexconker · · Score: 3, Informative

    I'm not a security guard. I'm a security monitor. I let people know when there's a robbery.

    There's a robbery.

  10. Corps and Govt stop treating the SSN as a Secret by williamyf · · Score: 4, Insightful

    The SSN, passport number, or, for all practical intents and purposes any government issued number is NOT a secret. There are ways to get those numbers, be it through breaches like this one, or other means.

    The SSN is not a Secret. Is just a number issued by the government to identify you more easily to the Social Security.

    Again, the SSN is not a secret. Nurses, Doctors, Clerks see the number as a matter of routine...
    Your passport number is not a secret. Clerks, security guards and border patrol agents, both in your country and abroad see it on a regular basis.
    Driver license numbers are not a secret.....
    ID Numbers (for countries which issue ID Cards) are not a secret....
    You get the drift....

    Maybe, just maybe, the Goverments and companies will stop treating these numbers (be it the SSN in the USoA, the Cedula or DNI, or what have you ) as a "Secret", and recognize that these are just ID numbers, not secrets, and we move towards a real secret when needed, in the form of, perhaps PIN+SmartCard, or some other mechanism.

    I know, is a loooooong shot, but dreaming is free....

    --
    *** Suerte a todos y Feliz dia!
  11. Re:panic, you are fucked by Swave+An+deBwoner · · Score: 4, Informative

    When I experienced identity theft it wasn't through bogus charges on my credit card (which my bank normally picks up on right away) but through about a dozen newly-opened store-specific credit card purchases and utility bills in places between 1,000 and 4,000 miles away from where I live.

    That's not something I could have easily monitored by just checking my bank's website.

    In my case the perpetrator was caught by police in another state within a day or two of my first learning about the first bogus account. Not everybody is so lucky.