Slashdot Mirror
Ask Slashdot: What's a Practical Response To the Equifax Breach?
In response to the massive Equifax cybersecurity incident impacting approximately 143 million U.S. consumer -- making it possibly the worst leak of personal info ever -- Slashdot reader AdamStarks asks: What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).
CLASS ACTION!
Don't waste your time or money on their monitoring "services", which don't do much. Instead, freeze your credit with each of the agencies.
Krebs' "Dumpster Fire" post on the Equifax debacle is worth reading.
https://krebsonsecurity.com/20...
The security freeze prevents anyone, even you, from opening a credit account or getting a loan in your name, including yourself, until you lift the freeze.
You never know about a identity theft until after the fact and weird bills start coming in. Basically you agree to a PIN number. No new loans can take place in your name unless the applicant knows the number.
It's close to free but there may be a few $10 fees depending on where you do it: https://www.transunion.com/cre...
The credit reputation agencies don't offer it by default because their business model is to sell you fraud alert monitoring services. Logically, if there's a freeze, there's nothing for them to monitor. This is the cheapest and best solution.
Second, stop giving Equifax your money.
Third, class action suit.
PS: Krebs on Security has a great piece that's now a few years old but shows why credit freezes are good and the other crap sold by Equifax and their peers are more or less useless in comparison: Transition and Experien promote have little value: https://krebsonsecurity.com/20...
---- The above post was generated by the Turing Institute. Maybe.
...don't respond to the breach by forcing users to go to a phishy-sounding "equifaxsecurity2017.com" web site (I've actually had phishing e-mails directing me to go to "paypal2017.com" and such. Worse, don't direct them to a THIRD site that doesn't even have a valid certificate, causing Chrome, Firefox and other browsers to scream "Dangerous and Deceptive Site!!!!" with a big red warning screen.
Lastly, don't force them to join your crappy credit monitoring site in order to find out if they are part of the breach... and thereby forcing them to renounce their ability to sue you.
The clueless executives need to be fired, and probably anybody on their IT staff with "security" in their title or job requirements.
That sad story could be used to ask for political change.
There are countries where knowing someone's SSN is not enough to get a credit on his behalf, why US residents could not enjoy similar protection by law?
CREDIT FREEZE
What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).
Here is a good guide on freezing your credit: http://clark.com/personal-fina...
There is no reason for the vast majority of people to leave their credit open. Seriously, most people apply for new credit maybe once every few years, if that. Leaving your credit open is simply asking for trouble.
As they say, an ounce of prevention is worth a pound of cure (or their SI equivalents if you don't like conventional weights and measures).
basically everyone with a bank account or water bill is affected. This is an industry altering breech. There is no reason to believe you have any ability to do anything about it.
I am not being defeatist, this will cause necessary change in the entire industry.
The SSN, passport number, or, for all practical intents and purposes any government issued number is NOT a secret. There are ways to get those numbers, be it through breaches like this one, or other means.
The SSN is not a Secret. Is just a number issued by the government to identify you more easily to the Social Security.
Again, the SSN is not a secret. Nurses, Doctors, Clerks see the number as a matter of routine...
Your passport number is not a secret. Clerks, security guards and border patrol agents, both in your country and abroad see it on a regular basis.
Driver license numbers are not a secret.....
ID Numbers (for countries which issue ID Cards) are not a secret....
You get the drift....
Maybe, just maybe, the Goverments and companies will stop treating these numbers (be it the SSN in the USoA, the Cedula or DNI, or what have you ) as a "Secret", and recognize that these are just ID numbers, not secrets, and we move towards a real secret when needed, in the form of, perhaps PIN+SmartCard, or some other mechanism.
I know, is a loooooong shot, but dreaming is free....
*** Suerte a todos y Feliz dia!
When I experienced identity theft it wasn't through bogus charges on my credit card (which my bank normally picks up on right away) but through about a dozen newly-opened store-specific credit card purchases and utility bills in places between 1,000 and 4,000 miles away from where I live.
That's not something I could have easily monitored by just checking my bank's website.
In my case the perpetrator was caught by police in another state within a day or two of my first learning about the first bogus account. Not everybody is so lucky.