Equifax has created a website to help consumers find out whether their data was at risk. I am not sure I would want to enter my information there or not: (http://www.equifaxsecurity2017.com/)

That occurred to me, too, and i'm sure i'd not want to give them any more data.

Aren't they the ones that said I didn't pay my light bill from 1971? When I proved I didn't live at that address at that time, they replied "yeah, but you still didn't pay your light bill."

I've never trusted any of those so-call credit reporting agencies. They publish unverified information about you that could have significant repercussions with your credit rating, then it's up to you to prove the information is false.

On the upside, if my data was breached, it's probably false.

Ironic that Equifax, who sells identity theft protection products, would allow a vulnerability in their own software that caused the identities of 143 million people to be stolen.

I am not sure I would want to enter my information there or not: (http://www.equifaxsecurity2017.com/)

Seems like by entering your information on that site would eliminate your chances of being part of farther class-action law suit... it is all over the web now...

I am one of those CR-Geeks that has 800+ FICO Scores across the board.

Needless to say, just watch out...

Looks like Equifax earned a class action with this one: [msn.com...]

Only 143,000,000? They have everybobys records, did the hackers stop when they hit 143M or are we being lied to yet again? The website does not really say if you are a victim, but it does give you 1 free year of credit protect if you give them a credit card so they can bill you after the free trial period.

p.s. don't forget to shred your old paperwork to portect you identity /s

Looks like Equifax earned a class action with this one

It's a wonder they didn't get one after the first two times they were hacked.

Fortunately they had a team of lawyers put their initial TOS together, so no matter what happens, there are limitations pre-imposd.

Might be a heads up for those taking personal info to review their TOS to limit any future liabilities.

i'm sure i'd not want to give them any more data.

Well, I entered their updated look up software, it looks like I could be among those exposed.
So what could be the difference since I am already in?

I've seen reports that people typed in bogus data and were assured that they might be affected. If you have applied for a credit report there is a higher possibility that you could be in the exposed group. If you are concerned or if you just don't want to worry about it you can place a freeze on your credit reports by visiting each of the reporting agencies. I have read that it takes about 15 minutes to freeze your credit reports at each agency. If you decide to apply for credit after that you would need to go back and unfreeze the reports, so it is important to keep your records up to date.

Finding where to deal with it could take some time, I got this list from an article at the NYTimes:

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.experian.com/freeze/center.html
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.innovis.com/personal/securityFreeze

Reuters are reporting that there are at least 30 Class Action lawsuits filed in the United States against Equifax Inc.
[reuters.com...]

Also, ZDNet has discovered the Equifax site used to set up credit account monitoring is also vulnerable to hackers.

The site is vulnerable to a cross-site scripting (XSS) attack, which lets an attacker run malicious code on a legitimate website or web application, such as Equifax's site. Equifax's credit report monitoring site is also vulnerable to hacking [zdnet.com]

Equifax has removed a clause from the Terms of Use section of the website set up to help victims of the company’s data breach that previously barred victims from suing Equifax if they used the company’s services.

[breitbart.com...]

Perhaps in answer to the looming threat of class action lawsuits.

Equifax's credit report monitoring site is also vulnerable to hacking

Oh goodie! let me sign right up!

Oh goodie! let me sign right up!

Well that's just it, you don't sign up.

They create accounts on you without your knowledge or permission. They list all your sensitive information, who you've ever owed money to, how often you paid your bills & to whom, whether you own a home, your credit card info.... you have no choice in this.

That needs to change IMO.

That's why I said earlier it won't change anything (Signing in or not)
when I did it I have seen all my financial BG exposed. Note: Before this I never signed anything with them..

This story is going to run and run.

Initial investigations indicate it was a failure to install an update to an Apache bug that was patched in March.
[arstechnica.com...]

The F.T.C. has said it's investigating the data breach.

“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers afterward “disgusting” and its inability to protect data “deeply troubling.” FTC probes Equifax; top Democrat likens it to Enron [reuters.com]

The big problem is the sensitivity of the data, which, as keyplyr indicates, is held on you whether you want it or not. Now the FTC is involved i'm certain the regulations will change. Sadly, the horse has bolted.

I can liken this to a data breach elsewhere and I remember the CEO responding with flippant remarks, which to me were deeply insulting. This could easily happen again with this data breach, but it'll be far worse considering the type of data it holds holds.

Several execs are said to have dumped stock just days prior to the public announcement of the breach.

Oh dear, that won't bode well for them if they did do that.

They did. Claiming they didn't know about the breach a few days before they sold.

Only serves to highlight the need to change your passwords, address,
first and last names, and social security number every ninety days

Changing SS, are you serious? !

Sequential numbers assigned to members of the same family are causing problems;

More than one person is assigned or using the same number;

A victim of identity theft continues to be disadvantaged by using the original number;

There is a situation of harassment, abuse or life endangerment; or

An individual has religious or cultural objections to certain numbers or digits in the original number. (We require written documentation in support of the objection from a religious group with which the number holder has an established relationship.)

Only serves to highlight the need to change your passwords, address, first and last names, and social security number every ninety days

Ha ha

Nice one Jonsey. hehehe

Some of the executives have now moved on.

The chief information officer and chief security officer have both stood down.

[bbc.co.uk...]

Yeah, this is one of those breaches that'll keep giving for years to come. Hackers will have a rich treasure trove of info to work on, and consumers may be some way down the line before they realise what's going on: Identity theft is the most likely result.
It's very serious.

Always fun. Now what? Not sure my credit's any good anywho.

chewy , it's the identity theft which will become the problem in the future.

It seems Equifax had another breach in March, according to "people familiar with the matter."
[bloomberg.com...]

In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.

interesting implementation of the site to "check potential impact", linked to from the equifaxsecurity2017.com site mentioned above:
https://trustedidpremier.com/eligibility/eligibility.html

the secure certificate for the site notes that "This website does not supply ownership information." which doesn't engender trust.

whois -h whois.godaddy.com trustedpremierid.com

Domain Name: trustedpremierid.com
Registrar URL: http://www.godaddy.com
Registrant Name: mike davis
Registrant Organization: ioactive
...

not equifax...

Mike Davis [linkedin.com] is Principal Research Scientist and Director of Embedded Systems Security for IOActive, "the only security consultancy with a global presence and deep expertise in hardware, software, and wetware assessments".

https://www.wired.com/story/equifax-breach-no-excuse/ [wired.com]

The vulnerability that attackers exploited to access Equifax's system was in the Apache Struts web-application software, a widely used enterprise platform. The Apache Software Foundation said in a statement on Saturday (when rumors swirled that the March Struts bug might be to blame) that, though it was sorry if attackers exploited a bug in its software to breach Equifax, it always recommends that users regularly patch and update their Apache Struts platforms. "Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years," René Gielen, the vice president of Apache Struts, wrote.

the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities.

[edited by: phranque at 12:23 pm (utc) on Sep 19, 2017]

also revealed in the bloomberg article linked in engine's post above is that equifax cfo john gamble dumped ~$2M of equifax stock on may 23 in addition to the previously known ~$1M stock sale in early august.

it might not be insider trading...

yes, the identity theft is indeed the issue - but how on earth do you TRULY protect that besides going totally off-grid and using coconuts for money, never flying, not owning nor driving a car, never getting near a camera or TV, never using the web, never using the darn Post Office or IRS? And lately I understand my refrigerator is spying on me. What next?

I suppose I could wear funny eyebrows and a disguise, but how do you know the guy you bought it from isn't snapping your pic?

If someone really wants to steal one's identity, I'm not sure there's much anyone can really do.

Besides, won't the bad guys pick on far more interesting, higher net worth people than one nearly-poor dude like me?