Equifax Cybersecurity Incident

BTW: If you read the fine print in the Equifax agreement to sign up for TrustedID credit protection, you agree to binding arbitration and give up the right to be part of any class action against them for damages.  And you know those actions will be coming, fast and furious.  :emotion-5:

Peeps in Congress are upset about the arbitration clause, and want it removed from the agreement, but who knows if that will ever happen, short of passing a Federal law to force its removal. But can they force its removal retroactively, eg after somebody has already agreed to arbitration in order to get credit protection started...??

I'm also "at risk". Not sure whether to sign up or not. Gives a start date to sign up, but no stop date as far as I could tell.

Let me get this straight:

A credit reporting agency that gets hacked and loses vital ID info, is now asking people to enrol in its "Trusted" protection plan?

Let me get this straight: A credit reporting agency that gets hacked and loses vital ID info, is now asking people to enrol in its "Trusted" protection plan?

Ironic isn't it!  :emotion-4:

Guess they want a second chance to lose your data. Or if you're really cynical (and I am), they want you to sign up so you agree to arbitration and give up all rights to join any class actions against them, thereby saving Equifax TONS of $$$.

Since there's no end date for signing up once you get a start date, I'm going to hold off for a while to see if they remove the arbitration clause from the agreement. Your experience may differ and I take no responsibility if your data gets used if you also delay signing up.  :emotion-5:

Irony is exactly the word I was thinking of.

In the case of Equifax, I'm seeing conflicting reports as to my own risk. Your link says the breach is confined to the USA, but up here I'm seeing reports that unspecified Canadians are affected as well. Requests for clarification from the news media to Equifax Canada are not being answered.

When I go to your link for assessing my status, I'm asked for my last name and last 6 six numbers of my Social Security number. This seems to imply only Yanks are affected, since we use Social Insurance Numbers. In any event, I'm not giving them mine (they probably have it anyways).

It does not surprise me that these agencies can leak personal data that one probably never gave them personally in the first place. If they can get it freely, how secure can it be? Every time you use a bank or credit card, your info ends up in who knows how many databases?

Far be it from me to give specific advice in this matter, other than to keep a close eye on your bank and credit card statements.

They interviewed a security pundit on the radio here yesterday about this Equifax issue.

He said Equifax coulda/shoulda fixed their security hole but they didn't because they don't care about us. They earn their money from companies that pay to access our credit reports, not from average individuals whose data they're hoarding.

So they have no incentive to fix their security problems, as long as companies are willing to pay to access our reports. Users can't boy cot Equifax and they won't be hurt unless new laws are passed to force them to protect our data. And if a few bad guys see our data, it won't hurt Equifax, only us...

Doesn't sound fair, but that's the way of the world...

EDIT: Yes, I cheated the censor...

UPDATE:

Equifax claims they have now removed the arbitration clause from the EULA for their TrustedID service, meaning you'd be able to participate in any class actions, even after you sign up for their free 1-year offer.

As Joe said, is the freebee worth it to give them a chance to lose more of your data, or would you be better off keeping a watchful eye on your credit card and bank account statements yourself...?

And if ~150 million US residents (that's ~50% of the US population) are affected by this security breech, what are the odds that you'll be one of those whose info is actually used?

And finally, some people claim they entered a fake name and random 6 digits instead of a real name and real digits from their Social Security number and got the "at risk" warning away, rather than "no match found" or even a "not at risk" response. Makes you wonder...

When you're account is breached, don't the companies usually notify you?

They should be contacting everyone that information had been compromised.

Rick

When you're account is breached, don't the companies usually notify you? They should be contacting everyone that information had been compromised. Rick

Not always...

And just imagine how long it's going to take them to send out ~140 million letters...  :emotion-3:

Just being reported...

Equifax website borked again, this time to redirect to fake Flash update. Malware researcher encounters bogus download links during multiple visits...