Equifax Says 2.5 Million More Americans May Be Affected By Hack

According to Reuters, Equifax said about 2.5 million additional U.S. consumers may have been impacted by a cyber attack at the company last month. Last month, the company disclosed that personal details of up to 143 million U.S. consumers were accessed by hackers between mid-May and July.

As for what led to the breach, Ars Technica reports it was "a series of costly delays and crucial errors." From the report: Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability.

Mail your creditors.

[John+Meacham]

Your personal information is being shared by your creditors/bank with equifax. That is the only way they collect information.

Write your creditors and say you no longer consent to your information being sent to equifax due to their ongoing security issues. There are two other reporting agencies they can use, tell them you only want information shared with experian and transunion until further notice. Even if they say no, say you will hold them legally responsible for information shared with equifax after equifax has been shown to be an immediate and clear security risk.

It is pretty much the only way to hurt equifax. Gets companies to stop using them. Convince companies that no matter how strong their own privacy policies are, they don't work if they are not transitive to everyone they share your information with.

Heck, make this idea popular enough that credit card companies start listing "wont share your information with equifax." as a selling point and it will hurt them bad and make everyone take security more seriously.

Re:I understand I won't get a penny

[lucm]

They fucked up the rest of my life

I work daily with credit reports and I will tell you this; even as a legitimate customer of credit agencies we are struggling to use their data. It's basically garbage.

You would think they have a carefully crafted database with data integrity up the pooper, but in fact it feels more like they're having nonchalant clerks punch in notepad a boatload of data collected from forms submitted by gas station attendants.

There's truncated fields, overlapping codes, conflicting date formats, unclear buckets with meaningless labels. Sometimes the street address and street name are in the same field, sometimes the creditor name and the amounts are in the same field but their phone number and area code are in two different fields. I've seen first name and last name concatenated in the first name field (with no space), or different spelling for the same financial institution appearing twice in the same customer report.

So don't worry too much. Your credit file is basically "encrypted" by sheer indifference and lack of concern for data quality.